--- PROCESS FUNCTIONS --- Load supplimental files... - Skip function list, total:795 - Skip var list, total:22 Pre-processing... STOP WATCH[0]: 321.705000 ms Found 966 syscalls Process Gating Functions Gating Function Type: capability Load CAP FUNC list, total:3 Inner checking functions: - avc_denied @ 7 - security_capable @ 2 i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i8*) i8* bitcast (i1 (i32)* @capable to i8*) i8* bitcast (i1 (%struct.netlink_skb_parms*, %struct.user_namespace*, i32)* @__netlink_ns_capable to i8*) i8* bitcast (i1 (%struct.sock.273622*, %struct.user_namespace*, i32)* @sk_ns_capable to i8*) i8* bitcast (i1 (%struct.sock.273622*, i32)* @sk_capable to i8*) i8* bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i8*) i8* bitcast (i1 (%struct.sk_buff*, i32)* @netlink_capable to i8*) i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable_setid to i8*) i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable_noaudit to i8*) i8* bitcast (i1 (%struct.sock.273622*, i32)* @sk_net_capable to i8*) i8* bitcast (i1 (%struct.sk_buff*, %struct.user_namespace*, i32)* @netlink_ns_capable to i8*) i8* bitcast (i1 (%struct.task_struct*, i32)* @has_capability to i8*) i8* bitcast (i1 (%struct.sk_buff*, i32)* @netlink_net_capable to i8*) i8* bitcast (i1 (%struct.file*, %struct.user_namespace*, i32)* @file_ns_capable to i8*) STOP WATCH[0]: 5.217000 ms =chk functions and wrappers (total:18)= . __netlink_ns_capable @ 2 . has_capability_noaudit @ 1 . netlink_capable @ 1 . capable_wrt_inode_uidgid @ 2 . ns_capable @ 1 . has_ns_capability_noaudit @ 2 . file_ns_capable @ 2 . netlink_net_capable @ 1 . capable @ 0 . ns_capable_setid @ 1 . avc_has_perm_noaudit @ 5 . sk_capable @ 1 . sk_ns_capable @ 2 . ns_capable_noaudit @ 1 . has_ns_capability @ 2 . sk_net_capable @ 1 . netlink_ns_capable @ 2 . has_capability @ 1 =o= Collect Checkpoints STOP WATCH[0]: 318.471000 ms Identify interesting struct Function: xps_rxqs_store used by struct.netdev_queue_attribute Function: store_rps_map used by struct.rx_queue_attribute Function: store_rps_dev_flow_table_cnt used by struct.rx_queue_attribute Function: tx_queue_len_store used by struct.device_attribute.773817 Function: gro_flush_timeout_store used by struct.device_attribute.773817 Function: threaded_store used by struct.device_attribute.773817 Function: sk_lookup_func_proto used by  new discover:struct.bpf_verifier_ops Function: sk_msg_func_proto used by struct.bpf_verifier_ops Function: sock_addr_func_proto used by struct.bpf_verifier_ops Function: cg_skb_is_valid_access used by struct.bpf_verifier_ops Function: cg_skb_func_proto used by struct.bpf_verifier_ops Function: tc_cls_act_func_proto used by struct.bpf_verifier_ops Function: netns_install used by struct.proc_ns_operations Function: sock_ioctl used by struct.file_operations.273582 Function: snapshot_ioctl used by struct.file_operations Function: zeroing_mode_store used by struct.device_attribute.628639 Function: rtnetlink_bind used by  new discover:struct.netlink_kernel_cfg.765983 Function: store_state_disable used by  new discover:struct.cpuidle_state_attr Function: provisioning_mode_store used by struct.device_attribute.628639 Function: max_medium_access_timeouts_store used by struct.device_attribute.628639 Function: dm_ctl_ioctl used by struct.file_operations.296255 Function: pps_cdev_ioctl used by struct.file_operations Function: rtc_dev_ioctl used by struct.file_operations Function: serport_ldisc_open used by  new discover:struct.tty_ldisc_ops.360260 Function: uart_ioctl used by  new discover:struct.tty_operations Function: pagemap_read used by struct.file_operations Function: max_write_same_blocks_store used by struct.device_attribute.628639 Function: i915_gem_context_reset_stats_ioctl used by  new discover:struct.drm_ioctl_desc Function: sg_proc_write_adio used by  new discover:struct.proc_ops.630289 Function: allow_restart_store used by struct.device_attribute.628639 Function: ptp_ioctl used by  new discover:struct.posix_clock_operations Function: rtc_dev_compat_ioctl used by struct.file_operations Function: open_port used by struct.file_operations Function: vt_compat_ioctl used by struct.tty_operations Function: i915_perf_remove_config_ioctl used by struct.drm_ioctl_desc Function: i915_perf_add_config_ioctl used by struct.drm_ioctl_desc Function: i915_perf_open_ioctl used by struct.drm_ioctl_desc Function: proc_bus_pci_read used by  new discover:struct.proc_ops.78702 Function: netlink_connect used by  new discover:struct.proto_ops Function: sk_skb_func_proto used by struct.bpf_verifier_ops Function: mntns_install used by struct.proc_ns_operations Function: open_kcore used by struct.proc_ops.78702 Function: ifalias_store used by struct.device_attribute.773817 Function: do_ipt_get_ctl used by  new discover:struct.nf_sockopt_ops.880973 Function: mode_store used by struct.kobj_attribute Function: audit_multicast_bind used by  new discover:struct.netlink_kernel_cfg Function: r_show used by  new discover:struct.seq_operations Function: packet_sendmsg_spkt used by struct.proto_ops Function: lo_ioctl used by  new discover:struct.block_device_operations Function: mtu_store used by struct.device_attribute.773817 Function: set_permissions used by  new discover:struct.ctl_table_root Function: force_store used by struct.kobj_attribute Function: sk_filter_func_proto used by struct.bpf_verifier_ops Function: md_attr_store used by struct.sysfs_ops.295916 Function: sr_block_ioctl used by struct.block_device_operations Function: proc_bus_pci_mmap used by struct.proc_ops.78702 Function: timerslack_ns_write used by struct.file_operations.177239 Function: netlink_bind used by struct.proto_ops Function: netlink_setsockopt used by struct.proto_ops Function: do_ip6t_get_ctl used by  new discover:struct.nf_sockopt_ops.927704 Function: devinet_sysctl_forward used by  new discover:struct.ctl_table Function: genl_bind used by struct.netlink_kernel_cfg Function: netlink_sendmsg used by struct.proto_ops Function: do_ipt_set_ctl used by struct.nf_sockopt_ops.880973 Function: nfnetlink_rcv used by struct.netlink_kernel_cfg Function: unix_ioctl used by struct.proto_ops Function: proc_do_static_key used by struct.ctl_table Function: md_ioctl used by  new discover:struct.block_device_operations.296131 Function: i915_gem_context_setparam_ioctl used by struct.drm_ioctl_desc Function: carrier_store used by struct.device_attribute.773817 Function: do_ip6t_set_ctl used by struct.nf_sockopt_ops.927704 Function: random_ioctl used by struct.file_operations Function: soft_store used by struct.device_attribute.1014768 Function: flow_dissector_func_proto used by struct.bpf_verifier_ops Function: pidns_install used by struct.proc_ns_operations Function: type_store used by struct.kobj_attribute Function: sdev_store_eh_timeout used by struct.device_attribute.9229 Function: packet_sendmsg used by struct.proto_ops Function: ext4_attr_store used by struct.sysfs_ops Function: ipip6_tunnel_siocdevprivate used by  new discover:struct.net_device_ops.868049 Function: ipip6_tunnel_ctl used by struct.net_device_ops.868049 Function: tx_maxrate_store used by struct.netdev_queue_attribute Function: ip_setsockopt used by  new discover:struct.proto Function: packet_create used by struct.net_proto_family.787806 Function: state_store.73405 used by struct.device_attribute.1014768 Function: vt_ioctl used by struct.tty_operations Function: inet_create used by struct.net_proto_family.862007 Function: pci_read_config used by struct.bin_attribute Function: xdp_func_proto used by struct.bpf_verifier_ops Function: rdev_attr_store used by struct.sysfs_ops.295916 Function: cpu_store used by struct.kobj_attribute Function: efivar_attr_store used by struct.sysfs_ops.719172 Function: cgroupns_install used by struct.proc_ns_operations Function: proto_down_store used by struct.device_attribute.773817 Function: ext4_fileattr_set used by struct.inode_operations Function: utsns_install used by struct.proc_ns_operations Function: efivar_attr_show used by struct.sysfs_ops.719172 Function: net_ctl_permissions used by struct.ctl_table_root Function: dm_blk_ioctl used by  new discover:struct.block_device_operations.705683 Function: proc_cap_handler used by struct.ctl_table Function: mtrr_open used by  new discover:struct.proc_ops Function: cgroup_release_agent_write used by  new discover:struct.cftype Function: perf_mmap used by struct.file_operations.115068 Function: autofs_dev_ioctl used by struct.file_operations Function: sock_ops_func_proto used by struct.bpf_verifier_ops Function: xps_cpus_store used by struct.netdev_queue_attribute Function: sd_ioctl used by  new discover:struct.block_device_operations.628414 Function: subcaches_store used by struct.device_attribute.25804 Function: msr_open used by struct.file_operations Function: devkmsg_open used by struct.file_operations Function: napi_defer_hard_irqs_store used by struct.device_attribute.773817 Function: __inet6_bind used by  new discover:struct.ipv6_bpf_stub.898355 Function: ipcns_install used by struct.proc_ns_operations Function: esre_attr_show used by struct.sysfs_ops Function: inet6_create used by struct.net_proto_family.898347 Function: seccomp_actions_logged_handler used by struct.ctl_table Function: flags_store used by struct.device_attribute.773817 Function: timens_install used by struct.proc_ns_operations Function: iommu_group_store_type used by struct.iommu_group_attribute Function: msi_bus_store used by struct.device_attribute.321919 Function: enable_store used by struct.device_attribute.321919 Function: numa_node_store used by struct.device_attribute.321919 Function: uart_set_info_user used by struct.tty_operations Function: uart_proc_show used by struct.tty_operations Function: lwt_out_func_proto used by struct.bpf_verifier_ops Function: tty_ioctl used by struct.file_operations Function: net_current_may_mount used by  new discover:struct.kobj_ns_type_operations.773809 Function: nvram_misc_ioctl used by struct.file_operations Function: pps_enable_store used by struct.device_attribute.699480 Function: i915_getparam_ioctl used by struct.drm_ioctl_desc Function: sg_proc_write_dressz used by struct.proc_ops.630289 Function: group_store used by struct.device_attribute.773817 Function: audit_receive used by struct.netlink_kernel_cfg Function: protection_type_store used by struct.device_attribute.628639 Function: manage_start_stop_store used by struct.device_attribute.628639 STOP WATCH[0]: 480.260000 ms Collecting Initialization Closure. Finding Kernel Entry Point and all __initcall_ Found x86_64_start_kernel STOP WATCH[1]: 58.058000 ms Initial Kernel Init Function Count:2 Over Approximate Kernel Init Functions STOP WATCH[1]: 30.137000 ms Refine Result refine pass 0 1699 left refine pass 1 916 left refine pass 2 678 left refine pass 3 586 left refine pass 4 565 left refine pass 5 563 left Refine result : count=563 STOP WATCH[1]: 19.822000 ms =Kernel Init Functions= kmem_cache_init_late setup_zone_pageset kexec_enter_virtual_mode efi_alloc_page_tables efi_map_region efi_memmap_init_late efi_thunk_set_virtual_address_map efi_set_virtual_address_map efi_unmap_pages efi_free_boot_services efi_native_runtime_setup efi_runtime_update_mappings __efi_enter_virtual_mode efi_enter_virtual_mode print_xstate_offset_size cpumask_weight.5982 pid_idr_init setup_per_cpu_pageset sched_clock_init acpi_reallocate_root_table acpi_ut_create_caches acpi_ut_init_globals acpi_ut_mutex_initialize acpi_ns_root_initialize acpi_initialize_subsystem acpi_early_init fpu__get_fpstate_size nsproxy_cache_init mminit_verify_zonelist efi_systab_report_header relocate_initrd efi_merge_regions arch_post_acpi_subsys_init idt_setup_early_pf fpu__init_prepare_fx_sw_frame mem_encrypt_init sort_iommu_table __free_pages_memory __free_memory_core uts_ns_init kobj_map_init memmap_init_reserved_pages acpi_blacklisted perf_event_init_all_cpus perf_event_init_cpu perf_event_init ntp_init tk_set_wall_to_mono timekeeping_init uprobes_init tick_broadcast_init init_IRQ efi_dump_pagetable early_reserve_initrd trim_snb_memory early_reserve_memory efi_map_region_fixed hrtimers_prepare_cpu srcu_init set_vsyscall_pgtable_user_bits setup_cpu_entry_area setup_cpu_entry_areas dmi_smbios3_present posix_cputimers_init_work init_timers irq_set_default_host arch_early_ioapic_init arch_early_irq_init init_cfs_rq acpi_os_predefined_override event_trace_memsetup trace_printk_start_comm register_trigger_traceon_traceoff_cmds register_event_command unregister_event_command register_trigger_enable_disable_cmds register_trigger_cmds event_trace_enable trace_event_init trace_init rcu_early_boot_tests kfree_rcu_batch_init rcupdate_announce_bootup_oddness rcu_bootup_announce_oddness rcu_boot_init_percpu_data rcu_init_one rcutree_prepare_cpu rcutree_online_cpu proc_self_init init_sched_fair_class signals_init vm_area_register_early page_writeback_init init_hw_breakpoint get_xsaves_size_no_independent idt_setup_traps build_all_zonelists_init acpi_ut_initialize_interfaces rcu_init numa_clear_kernel_node_hotplug wait_bit_init init_rt_bandwidth init_dl_bandwidth init_defrootdomain init_rt_rq parse_crashkernel_mem init_dl_rq idle_thread_set_boot_cpu sched_init kclist_add snb_gfx_workaround_needed per_cpu_pages_init tracer_alloc_buffers efi_systab_init radix_tree_init init_memory_mapping fork_init time_init e820__register_nosave_regions ordered_lsm_init init_mount_tree ssb_parse_cmdline __ssb_select_mitigation ordered_lsm_parse efi_init init_ohci1394_controller arch_task_cache_init numa_init memblock_free_pages bdev_cache_init stop_nmi mmio_select_mitigation acpi_table_upgrade init_mem_debugging_and_hardening init_cfs_bandwidth efi_memmap_entry_valid setup_supervisor_only_offsets restart_nmi l1d_flush_select_mitigation get_mtrr_var_range x86_configure_nx check_dev_quirk proc_caches_init arch_get_random_seed_long_early proc_init_kmemcache set_proc_pid_nlink print_xstate_feature cea_map_percpu_pages sysctl_init proc_sys_init proc_root_init setup_init_fpu_buf static_call_init arch_probe_nr_irqs tsx_init n_tty_init free_saved_cmdlines_buffer percpu_setup_debug_store thread_stack_cache_init early_security_init initcall_debug_enable init_sigframe_size dcache_init_early console_init e820_type_to_iores_desc delayacct_init housekeeping_init reserve_crashkernel_low alternative_instructions idt_setup_early_handler no_hash_pointers_enable kernel_physical_mapping_init files_init init_tg_cfs_entry rest_init random_init key_init l1tf_select_mitigation efi_delete_dummy_variable efi_systab_check_header e820_search_gap numa_policy_init poking_init smp_setup_processor_id tsc_early_init call_function_init acpi_process_madt xfeature_is_aligned split_mem_range acpi_ut_create_rw_lock can_free_region check_loader_disabled_bsp memblock_phys_mem_size x86_numa_init adjust_range_page_size_mask memblock_trim_memory reserve_real_mode alloc_ioapic_saved_registers cmdline_find_option_bool early_memremap_ro print_mtrr_state acpi_pic_sci_set_trigger md_clear_update_mitigation log_buf_add_cpu acpi_osi_dmi_darwin early_ioremap_setup init_vmlinux_build_id hrtimers_init lookup_address mmap_init early_identify_cpu parse_crashkernel_high retbleed_select_mitigation mp_config_acpi_legacy_irqs update_spec_ctrl start_kernel lsm_set_blob_sizes early_acpi_parse_madt_lapic_addr_ovr efi_memattr_apply_permissions init_ohci1394_soft_reset inode_init spectre_v2_parse_cmdline load_ucode_bsp __parse_crashkernel files_maxfiles_init load_ucode_amd_bsp x86_64_start_kernel efi_memattr_init proc_tty_init srbds_select_mitigation build_all_zonelists taa_select_mitigation boot_cpu_hotplug_init rcu_test_sync_prims get_mtrr_state early_quirks acpi_parse_madt_lapic_entries copy_from_early_mem cgroup1_ssid_disabled apply_microcode_early_amd x86_64_start_reservations firmware_map_add_early memblock_x86_reserve_range_setup_data load_ucode_intel_bsp int3_selftest reserve_brk percpu_setup_exception_stacks e820__setup_pci_gap x86_get_mtrr_mem_range cred_init kernel_unmap_pages_in_pgd __map_region efi_clean_memmap unregister_die_notifier setup_per_cpu_areas numa_cleanup_meminfo setup_log_buf create_kmalloc_caches early_ioremap_init cpu_mitigations_auto_nosmt efi_thunk_runtime_setup e820__reserve_resources rcu_dump_rcu_node_tree proc_net_init efi_apply_memmap_quirks set_memory_nonglobal do_extra_xstate_size_checks e820_type_to_string clean_sort_range vm_area_add_early mnt_init efi_setup_page_tables set_dma_reserve arch_reserve_mem_area cpuset_init setup_nr_node_ids event_trace_init_fields mds_select_mitigation boot_cpu_init efi_find_mirror acpi_reserve_initial_tables memblock_find_dma_reserve init_xstate_size copy_bootdata init_range_memory_mapping lsm_allowed proc_thread_self_init init_trampoline read_persistent_wall_and_boot_offset cgroup_rstat_boot parse_crashkernel_low check_bugs build_id_parse_buf pagecache_init early_cpu_init register_nosave_region therm_lvt_init kmem_cache_init taskstats_init_early md_clear_select_mitigation spectre_v2_user_select_mitigation mem_init_print_info spec_ctrl_disable_kernel_rrsba identify_boot_cpu efi_print_memmap memblock_set_node acpi_os_initialize cgroup_idr_alloc dcache_init ssb_select_mitigation spectre_v2_parse_user_cmdline spectre_v2_select_mitigation vfs_caches_init_early vfs_caches_init chrdev_init build_zonelists acpi_mps_check security_init get_boot_config_from_initrd rcu_sync_enter_start cgroup_init_early net_ns_init parse_crashkernel_simple e820__finish_early_params cgroup_init x86_amd_ssb_disable setup_kmalloc_cache_index_table reserve_bootmem_region early_panic cgroup_add_cftypes nsfs_init arch_call_rest_init swiotlb_size_or_default shmem_init vsmp_cap_cpus print_fixed alloc_node_data dmi_walk_early init_ohci1394_initialize init_ohci1394_reset_and_init_dma create_kmalloc_cache parse_efi_setup initmem_init initialize_lsm pgtable_cache_init lsm_early_task lsm_early_cred prepare_lsm append_ordered_lsm init_rootfs numa_reset_distance cgroup_add_legacy_cftypes print_unknown_bootoptions cgroup_init_subsys acpi_os_map_generic_address spectre_v1_select_mitigation efi_memmap_init_early init_ohci1394_dma_on_all_controllers get_last_crashkernel cgroup_add_dfl_cftypes io_delay_init page_alloc_init early_acpi_process_madt pcpu_setup_first_chunk acpi_osi_dmi_blacklisted early_acpi_osi_init cgroup_init_cftypes init_espfix_random anon_vma_init softirq_init sysfs_init __memblock_dump_all match_config_table jump_label_init efi_tpm_eventlog_init setup_arch register_refined_jiffies mcheck_init mcheck_vendor_init_severity io_apic_init_mappings ioapic_setup_resources init_gi_nodes free_area_init_memoryless_node init_cpu_to_node kzalloc init_cache_modes cpumask_weight.8075 init_apic_mappings apic_validate_deadline_timer acpi_boot_init acpi_parse_spcr workqueue_init_early tick_init mtrr_bp_init fpu__init_system mem_init early_pci_scan_bus e820__memory_setup_extended mtrr_trim_uncached_memory __build_all_zonelists create_boot_cache add_preferred_console set_vsmp_ctl acpi_parse_madt_ioapic_entries dump_stack_set_arch_desc fpu__init_system_xstate reserve_crashkernel parse_crashkernel memblock_dump_all memblock_dump numa_meminfo_cover_memory absent_pages_in_range memblock_clear_hotplug init_timer_cpus early_acpi_boot_init acpi_table_init_complete setup_xstate_features early_platform_quirks vsmp_init detect_vsmp_box e820__update_table_print map_fw_vendor efi_reserve_boot_services reserve_initrd init_ohci1394_wait_for_busresets set_phy_reg get_phy_reg init_mem_mapping prandom_bytes_state memory_map_top_down init_trampoline_kaslr add_range_with_merge preallocate_vmalloc_pages save_mr probe_page_size_mask pti_check_boottime_disable setup_bios_corruption_check map_vsyscall e820__memblock_alloc_reserved_mpc_new efi_esrt_init efi_mem_desc_end setup_cpu_local_masks parse_crashkernel_suffix memblock_mark_mirror setup_xstate_comp_offsets vmalloc_init e820__memblock_setup memblock_add memblock_allow_resize cleanup_highmap early_alloc_pgt_buf test_can_verify_check e820__end_of_low_ram_pfn e820_end_pfn kernel_randomize_memory e820__end_of_ram_pfn trim_bios_range e820_add_kernel_range dmi_setup dmi_memdev_walk setup_nr_cpu_ids dmi_scan_machine dmi_present dmi_format_ids print_filtered e820__reserve_setup_data setup_initial_init_mm parse_setup_data memory_map_bottom_up early_ioremap_pmd x86_report_nx print_xstate_features update_regset_xstate_info fpu__init_system_generic fpstate_init sld_setup sld_state_setup topology_smt_supported rcu_scheduler_starting copy_init_mm split_lock_setup __split_lock_setup cpu_set_bug_bits cpu_parse_early_param get_cpu_vendor idt_setup_early_traps e820__memory_setup kernfs_init setup_command_line setup_node_to_cpumask_map pcpu_page_first_chunk pcpu_chunk_relocate pcpu_alloc_first_chunk lcm pcpu_dump_alloc_info pcpu_free_alloc_info cpumask_weight.13775 pcpu_build_alloc_info pcpu_embed_first_chunk early_irq_init memblock_phys_alloc_try_nid dmi_decode_table mtrr_cleanup amd_special_default_mtrr unwind_init seq_file_init prefill_possible_map mtrr_bp_pat_init x86_early_init_platform_quirks cpu_smt_check_topology reserve_bios_regions numa_move_tail_memblk acpi_subsystem_init efi_map_regions acpi_os_create_cache parse_early_param pti_init bootstrap tpm2_calc_event_log_size do_add_efi_memmap spectre_v2_determine_rsb_fill_type_at_vmexit irq_alloc_matrix acpi_boot_table_init kaslr_get_random_long early_trace_init e820__memblock_alloc_reserved prb_init memblock_set_current_limit mm_init cpuset_init_current_mems_allowed __load_ucode_amd cpu_mitigations_off add_to_rb prb_record_text_space memblock_overlaps_region e820__print_table efi_md_typeattr_format efi_config_init efi_config_parse_tables add_bootloader_randomness proc_create_mount_point efi_reuse_config set_num_var_ranges set_task_stack_end_magic trap_init numa_init_array numa_register_memblks cmdline_find_option inode_init_early sort_main_extable efi_memblock_x86_reserve_range pti_setup_vsyscall pti_user_pagetable_walk_pte pti_clone_p4d free_low_memory_core_early memblock_free_all pti_clone_user_shared init_espfix_bsp new_kmalloc_cache reset_all_zones_managed_pages pci_iommu_alloc check_iommu_entries report_meminit =o= STOP WATCH[0]: 108.588000 ms Identify Kernel Modules Interface STOP WATCH[0]: 59.815000 ms dynamic KMI #dyn kmi resolved:2438 STOP WATCH[0]: 237.534000 ms Populate indirect callsite using kernel module interface I am expecting a pointer type! got:%struct.rq_qos.304979 = type { %struct.rq_qos_ops.304978*, %struct.request_queue.304990*, i32, %struct.rq_qos.304979*, %struct.dentry.305019* } I am expecting a pointer type! got:%struct.rq_qos.304979 = type { %struct.rq_qos_ops.304978*, %struct.request_queue.304990*, i32, %struct.rq_qos.304979*, %struct.dentry.305019* } ------ KMI STATISTICS ------ # of indirect call sites: 19401 # resolved by KMI:17752 91% # - KMI:6188 31% # - DKMI:4506 23% # (total target) of callee:84856 # undefined-found-m : 5806 29% # undefined-udf-m : 1252 6% # fpara(KMI can not handle, try SVF?): 532 2% # global fptr(try SVF?): 125 0% # cast fptr(try SVF?): 0 0% # call use container_of(), high level type info stripped: 926 4% # unknown pattern:66 0% STOP WATCH[0]: 5887.720000 ms Collect all permission-checked variables and functions Critical functions skipped because of skip func list: 290 STOP WATCH[0]: 4664710.114000 ms Collected 1699 critical functions Collected 288 critical variables Collected 326 critical type/fields --- Variables Protected By Gating Function--- secretmem_vm_ops CAP_IPC_LOCK @ capable tty_ldiscs CAP_SYS_MODULE @ capable tty_ldiscs_lock CAP_SYS_MODULE @ capable tty_ldisc_autoload CAP_SYS_MODULE @ capable uart_set_info._rs CAP_SYS_ADMIN @ capable uevent_sock_mutex CAP_SYS_ADMIN @ netlink_ns_capable iommu_group_store_type._rs.45 CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check iommu_group_store_type._rs CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check C_A_D CAP_SYS_BOOT @ ns_capable pm_power_off CAP_SYS_BOOT @ ns_capable m_hash_shift CAP_SYS_ADMIN @ ns_capable ex_mountpoints CAP_SYS_ADMIN @ ns_capable mq_lock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable efivar_sysfs_list CAP_SYS_ADMIN @ capable switch.table.sg_io CAP_SYS_RAWIO @ capable event_mutex CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check check_syslog_permissions.__already_done CAP_SYS_ADMIN @ capable CAP_SYSLOG @ capable CAP_SYS_ADMIN @ capable CAP_SYSLOG @ capable inconsistent check acct_on_mutex CAP_SYS_PACCT @ capable module_wq CAP_SYS_MODULE @ capable module_mutex CAP_SYS_MODULE @ capable sysctl_hugetlb_shm_group CAP_IPC_LOCK @ capable uevent_seqnum CAP_SYS_ADMIN @ netlink_ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check audit_enabled CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check cb_lock CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check packet_proto CAP_NET_RAW @ ns_capable kauditd_wait CAP_NET_BROADCAST @ file_ns_capable cfg80211_user_regdom CAP_NET_BROADCAST @ file_ns_capable crda_timeout CAP_NET_BROADCAST @ file_ns_capable system_power_efficient_wq CAP_NET_BROADCAST @ file_ns_capable user_alpha2.1 CAP_NET_BROADCAST @ file_ns_capable image_size CAP_SYS_ADMIN @ capable genl_pernet_ops CAP_NET_BROADCAST @ file_ns_capable ext4_special_inode_operations CAP_SYS_RESOURCE @ capable ioam6_genl_family CAP_NET_BROADCAST @ file_ns_capable nl80211_fam CAP_NET_BROADCAST @ file_ns_capable aio_max_nr CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable ipc_kht_params CAP_IPC_OWNER @ ns_capable drv_sta_set_4addr.__already_done CAP_NET_BROADCAST @ file_ns_capable netlbl_cipsov4_gnl_family CAP_NET_BROADCAST @ file_ns_capable drv_leave_ibss.__already_done CAP_NET_BROADCAST @ file_ns_capable cfg80211_rdev_list_generation CAP_NET_BROADCAST @ file_ns_capable reg_regdb_apply_list CAP_NET_BROADCAST @ file_ns_capable init_net CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check sg_big_buff CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check mac80211_config_ops CAP_NET_BROADCAST @ file_ns_capable reg_requests_list CAP_NET_BROADCAST @ file_ns_capable ipv6_bpf_stub_impl CAP_NET_BROADCAST @ file_ns_capable init_struct_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable sel_write_load._rs CAP_CHOWN @ avc_has_perm_noaudit trace_percpu_buffer CAP_SYSLOG @ has_capability_noaudit key_quota_root_maxkeys CAP_SYS_ADMIN @ capable dmar_drhd_units CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable trace_buffered_event_cnt CAP_SYSLOG @ has_capability_noaudit max_vals CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check module_notify_list CAP_SYS_MODULE @ capable fscontext_fops CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable uid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_mount_msg_ratelimit CAP_SYS_RESOURCE @ capable cgrp_dfl_root CAP_SYS_ADMIN @ ns_capable pipefifo_fops CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check pipe_mnt CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check crng_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nl80211_netlink_notifier CAP_NET_BROADCAST @ file_ns_capable acpi_bus_type CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable md_misc_wq CAP_SYS_ADMIN @ capable nl_table CAP_NET_BROADCAST @ file_ns_capable in_suspend CAP_SYS_ADMIN @ capable sysctl_protected_fifos CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mac80211_vht_capa_mod_mask CAP_NET_BROADCAST @ file_ns_capable task_struct_cachep CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 inconsistent check mtime CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check reboot_cpu CAP_SYS_BOOT @ capable event CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check cmos_platform_driver CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_gbl_all_gpes_initialized CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kcore_need_update CAP_SYS_RAWIO @ capable warn_mandlock.__already_done CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable sysctl_perf_event_paranoid CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check init_completion.__key.56387 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sysctl_protected_hardlinks CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check selinux_state CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit cn_proc_event_id CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ __netlink_ns_capable inconsistent check reboot_default CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable iommu_detected CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable user_alpha2.0 CAP_NET_BROADCAST @ file_ns_capable xfrm_msg_min CAP_NET_ADMIN @ netlink_net_capable tcp_ulp_list CAP_NET_ADMIN @ capable this_cpu_off CAP_NET_BROADCAST @ file_ns_capable CAP_SYSLOG @ has_capability_noaudit CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ ns_capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_NET_ADMIN @ __netlink_ns_capable inconsistent check netlbl_calipso_gnl_family CAP_NET_BROADCAST @ file_ns_capable reg_pdev CAP_NET_BROADCAST @ file_ns_capable audit_backlog_wait CAP_NET_BROADCAST @ file_ns_capable m_hash_mask CAP_SYS_ADMIN @ ns_capable namespace_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check debug.53140 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vt_kmsg_redirect.kmsg_con CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cfg80211_netdev_notifier CAP_NET_BROADCAST @ file_ns_capable switch.table.intel_overlay_put_image_ioctl.59 CAP_NET_BROADCAST @ file_ns_capable acpi_kobj CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable modules_disabled CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable sel_write_load._rs.34 CAP_CHOWN @ avc_has_perm_noaudit freezer_test_done CAP_SYS_ADMIN @ capable vt_dont_switch CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check qdisc_mod_lock CAP_NET_ADMIN @ capable next_tick CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable switch.table.intel_overlay_put_image_ioctl.57 CAP_NET_BROADCAST @ file_ns_capable lookup_ioctl._ioctls CAP_SYS_ADMIN @ capable cfg80211_wq CAP_NET_BROADCAST @ file_ns_capable redirect CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable keymap_count CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check default_qdisc_ops CAP_NET_ADMIN @ capable netns_wq CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable nsproxy_cachep CAP_SYS_ADMIN @ ns_capable names_cachep CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drv_mgd_complete_tx.__already_done CAP_NET_BROADCAST @ file_ns_capable body_len CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pagemap_ops CAP_SYS_ADMIN @ file_ns_capable boot_ec_is_ecdt CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable hugetlb_file_setup.__already_done CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable qdisc_root_sleeping_running.__already_done CAP_NET_ADMIN @ netlink_ns_capable netlbl_mgmt_gnl_family CAP_NET_BROADCAST @ file_ns_capable init_completion.__key.4941 CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check intel_iommu_init.__already_done CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i8042_present CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable xfrm_dispatch CAP_NET_ADMIN @ netlink_net_capable total_forks CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ieee80211_dataif_ops CAP_NET_BROADCAST @ file_ns_capable mnt_group_ida CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable percpu_counter_batch CAP_SYS_RESOURCE @ capable i915_oa_max_sample_rate CAP_SYS_ADMIN @ capable %258 = call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %124 = call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check sg_allow_dio CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check system_transition_mutex CAP_SYS_BOOT @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check dma_map_single_attrs.__already_done.52913 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable reboot_force CAP_SYS_BOOT @ capable kexec_load_disabled CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable gid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netlbl_unlabel_gnl_family CAP_NET_BROADCAST @ file_ns_capable acpi_disabled CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable trace_buffered_event CAP_SYSLOG @ has_capability_noaudit alloc_empty_file.old_max CAP_SYS_ADMIN @ capable acpi_gbl_gpe_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mac80211_ht_capa_mod_mask CAP_NET_BROADCAST @ file_ns_capable key_quota_root_maxbytes CAP_SYS_ADMIN @ capable perf_fops CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check cleanup_list.63399 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable reboot_mode CAP_SYS_BOOT @ capable iommu_irqdomain CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sel_perm_ops CAP_CHOWN @ avc_has_perm_noaudit amd_iommu_detected CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable req_cachep CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_NICE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check switch.table.do_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check trace_taskinfo_save CAP_SYSLOG @ has_capability_noaudit hpet_base.3 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable shift_down CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check system_wq CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_NICE @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check wfile_pos CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ioctl_fibmap._rs CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check i8042_aux_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable collected CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_filetype_table CAP_SYS_RESOURCE @ capable major CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check wfile CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check name_len CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check oom_adj_mutex CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable first_ec CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mode CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cgroup_mutex CAP_SYS_ADMIN @ ns_capable delayed_uprobe_list CAP_IPC_LOCK @ capable pci_bus_type CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable key_quota_maxkeys CAP_SYS_ADMIN @ capable sysctl_overcommit_memory CAP_IPC_LOCK @ capable switch.table.intel_overlay_put_image_ioctl.58 CAP_NET_BROADCAST @ file_ns_capable drm_minors_idr CAP_NET_BROADCAST @ file_ns_capable i8042_start_time CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_global_mutex CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check state CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check iommu_syscore_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sysctl_perf_event_sample_rate CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check intel_iommu_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_processor_cpufreq_init CAP_NET_BROADCAST @ file_ns_capable i8042_kbd_irq_registered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_processor_driver CAP_NET_BROADCAST @ file_ns_capable io_uring_fops CAP_IPC_LOCK @ capable init_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pcc_mbox_channels CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sel_make_bools._rs CAP_CHOWN @ avc_has_perm_noaudit nfnetlink_pernet_id CAP_NET_ADMIN @ netlink_net_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check sit_net_id CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check vm_committed_as_batch CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check vm_committed_as CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check i8042_irq_being_tested CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable last_request CAP_NET_BROADCAST @ file_ns_capable table.65053 CAP_NET_ADMIN @ netlink_net_capable i8042_debug CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable fl_ht CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check uts_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable alarm_bases CAP_WAKE_ALARM @ capable CAP_WAKE_ALARM @ capable init_pid_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable all_mddevs_lock CAP_SYS_ADMIN @ capable acpi_processor_notifier_block CAP_NET_BROADCAST @ file_ns_capable swap_avail_heads CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable i8042_aux_irq_delivered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nr_node_ids CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check intel_iommu_enabled CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tcp_cong_list CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable nr_swapfiles CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable genl_ctrl CAP_NET_BROADCAST @ file_ns_capable swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4__ioend_wq CAP_SYS_RESOURCE @ capable least_priority CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mount_hashtable CAP_SYS_ADMIN @ ns_capable proc_poll_wait CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable nr_files CAP_SYS_ADMIN @ capable madvise_populate.__already_done CAP_IPC_LOCK @ capable numa_node CAP_IPC_LOCK @ capable __supported_pte_mask CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check zero_pfn CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check ata_dummy_port_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rdev CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mmap_min_addr CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable inconsistent check ipv6_stub_impl CAP_NET_BROADCAST @ file_ns_capable kioctx_cachep CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable aio_nr CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable azx_max_codecs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable prepare_uretprobe._rs CAP_IPC_LOCK @ capable init_cgroup_ns CAP_SYS_ADMIN @ ns_capable reboot_type CAP_SYS_BOOT @ capable store_rps_map.rps_map_mutex CAP_NET_ADMIN @ capable delayed_uprobe_lock CAP_IPC_LOCK @ capable sel_class_ops CAP_CHOWN @ avc_has_perm_noaudit sel_write_checkreqprot.__already_done CAP_CHOWN @ avc_has_perm_noaudit platform_driver_registered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable key_quota_maxbytes CAP_SYS_ADMIN @ capable i8042_kbd_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cfg80211_pernet_ops CAP_NET_BROADCAST @ file_ns_capable ioam6_net_ops CAP_NET_BROADCAST @ file_ns_capable i8042_ctr CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable uts_ns_cache CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable phys_base CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable inconsistent check i8042_aux_irq_registered CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_map_single_attrs.__already_done.52535 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sysctl_protected_regular CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dma_map_single_attrs.__already_done.52115 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable offset_lock CAP_SYS_TIME @ file_ns_capable next_state CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check force_on CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dmar_global_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable amd_iommu_list CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable free_ipc_list CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable process_counts CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable osc_pc_lpi_support_confirmed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_gbl_fadt_gpe_device CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable boot_ec CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pipe_max_size CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check ioport_resource CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable uprobes_tree CAP_IPC_LOCK @ capable sel_bool_ops CAP_CHOWN @ avc_has_perm_noaudit osc_sb_apei_support_acked CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable osc_sb_native_usb4_support_confirmed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_debugfs_dir CAP_NET_BROADCAST @ file_ns_capable kbd_table CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check mds_clear_cpu_buffers.ds.9046 CAP_IPC_LOCK @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check osc_sb_native_usb4_control CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_pci_disabled CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_noirq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_irq_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_sci_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_gbl_events_initialized CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable auditd_conn CAP_NET_BROADCAST @ file_ns_capable acpi_current_gpe_count CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pcc_doorbell_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_ioctl_checkpoint._rs CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable qdisc_base CAP_NET_ADMIN @ capable pcc_data CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cppc_mbox_cl CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cpu_bit_bitmap CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable seccomp_actions_logged CAP_SYS_ADMIN @ capable hpet_freq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ipip6_tunnel_del_prl.__already_done CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check ipip6_tunnel_add_prl.__already_done CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check pgdir_shift CAP_SYS_ADMIN @ capable proc_root_kcore CAP_SYS_RAWIO @ capable mntns_operations CAP_SYS_ADMIN @ ns_capable swap_active_head CAP_SYS_ADMIN @ capable driver_short_names CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable total_swap_pages CAP_SYS_ADMIN @ capable packet_ops_spkt CAP_NET_RAW @ ns_capable pidfd_fops CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable cgroupns_operations CAP_SYS_ADMIN @ ns_capable --- Function Protected By Gating Function--- dev_set_group CAP_NET_ADMIN @ ns_capable udp_abort CAP_NET_ADMIN @ ns_capable raw_abort CAP_NET_ADMIN @ ns_capable perf_event_enable CAP_SYS_ADMIN @ capable sock_create_kern CAP_IPC_LOCK @ capable create_io_thread CAP_IPC_LOCK @ capable rtc_cmos_write CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable rtc_cmos_read CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable tty_buffer_restart_work CAP_SYS_MODULE @ capable tty_ldisc_get CAP_SYS_MODULE @ capable tty_ldisc_reinit CAP_SYS_MODULE @ capable n_tty_close CAP_SYS_MODULE @ capable n_null_close CAP_SYS_MODULE @ capable serport_ldisc_close CAP_SYS_MODULE @ capable serial8250_get_mctrl CAP_SYS_ADMIN @ capable serial8250_pm CAP_SYS_ADMIN @ capable uart_change_speed CAP_SYS_ADMIN @ capable tty_name CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check serial8250_verify_port CAP_SYS_ADMIN @ capable tty_unlock CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check pci_enable_device CAP_SYS_ADMIN @ capable drm_client_modeset_free CAP_SYS_ADMIN @ capable drm_gem_release CAP_SYS_ADMIN @ capable drm_syncobj_release CAP_SYS_ADMIN @ capable drm_prime_init_file_private CAP_SYS_ADMIN @ capable drm_syncobj_open CAP_SYS_ADMIN @ capable netlink_broadcast CAP_SYS_ADMIN @ netlink_ns_capable get_device CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check sysfs_streq CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check blk_rq_unmap_user CAP_SYS_RAWIO @ capable blk_execute_rq CAP_SYS_RAWIO @ capable hibernate CAP_SYS_BOOT @ ns_capable kernel_kexec CAP_SYS_BOOT @ ns_capable kernel_power_off CAP_SYS_BOOT @ ns_capable kernel_restart CAP_SYS_BOOT @ ns_capable reboot_pid_ns CAP_SYS_BOOT @ ns_capable perf_uprobe_init CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check trace_event_dyn_put_ref CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check destroy_local_trace_kprobe CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check chroot_fs_refs CAP_SYS_ADMIN @ ns_capable dev_change_flags CAP_NET_ADMIN @ ns_capable ipv6_chk_prefix CAP_NET_ADMIN @ ns_capable rt6_lookup CAP_NET_ADMIN @ ns_capable ipv6_chk_addr_and_flags CAP_NET_ADMIN @ ns_capable mq_clear_sbinfo CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable efivar_entry_iter_end CAP_SYS_ADMIN @ capable __efivar_entry_delete CAP_SYS_ADMIN @ capable efivar_entry_find CAP_SYS_ADMIN @ capable efivar_entry_iter_begin CAP_SYS_ADMIN @ capable efivar_create_sysfs_entry CAP_SYS_ADMIN @ capable efivar_entry_set CAP_SYS_ADMIN @ capable rtnl_configure_link CAP_NET_ADMIN @ netlink_ns_capable rtnl_create_link CAP_NET_ADMIN @ netlink_ns_capable __dev_change_net_namespace CAP_NET_ADMIN @ netlink_ns_capable fget CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable mnt_clone_internal CAP_SYS_PACCT @ capable wbinvd_on_cpu CAP_SYS_ADMIN @ capable amd_set_subcaches CAP_SYS_ADMIN @ capable cgroup_kn_unlock CAP_SYS_ADMIN @ file_ns_capable strim CAP_SYS_ADMIN @ file_ns_capable cgroup_kn_lock_live CAP_SYS_ADMIN @ file_ns_capable freeze_bdev CAP_SYS_ADMIN @ capable __SCT__tp_func_ext4_shutdown CAP_SYS_ADMIN @ capable dst_release CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable inconsistent check exportfs_decode_fh CAP_DAC_READ_SEARCH @ capable user_shm_lock CAP_IPC_LOCK @ capable proc_sys_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check tty_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check devkmsg_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check random_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check hung_up_tty_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check pipe_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check ext4_file_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check aio_complete_rw CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check proc_reg_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check sock_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check ext4_file_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check blkdev_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check proc_sys_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check generic_file_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check tty_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check read_iter_zero CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check seq_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check hung_up_tty_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check rw_verify_area CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check security_validate_transition_user CAP_CHOWN @ avc_has_perm_noaudit memdup_user_nul CAP_CHOWN @ avc_has_perm_noaudit security_change_sid CAP_CHOWN @ avc_has_perm_noaudit security_compute_av_user CAP_CHOWN @ avc_has_perm_noaudit security_context_str_to_sid CAP_CHOWN @ avc_has_perm_noaudit security_sid_to_context CAP_CHOWN @ avc_has_perm_noaudit avc_ss_reset CAP_CHOWN @ avc_has_perm_noaudit unlock_rename CAP_CHOWN @ avc_has_perm_noaudit security_get_permissions CAP_CHOWN @ avc_has_perm_noaudit security_get_classes CAP_CHOWN @ avc_has_perm_noaudit d_genocide CAP_CHOWN @ avc_has_perm_noaudit get_zeroed_page CAP_CHOWN @ avc_has_perm_noaudit security_load_policy CAP_CHOWN @ avc_has_perm_noaudit from_mnt_ns CAP_SYS_ADMIN @ ns_capable pidns_install CAP_SYS_ADMIN @ ns_capable copy_fs_struct CAP_SYS_ADMIN @ ns_capable put_css_set_locked CAP_SYS_ADMIN @ ns_capable proc_alloc_inum CAP_SYS_ADMIN @ ns_capable lookup_user_key CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cpumask_weight.6780 CAP_SYS_BOOT @ capable exit_io_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable exit_thread CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __SCT__tp_func_task_newtask CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable perf_event_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable cgroup_post_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable proc_fork_connector CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable sched_cgroup_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable clear_posix_cputimers_work CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable copy_thread CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable get_task_io_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable fib_table_insert CAP_NET_ADMIN @ ns_capable fib_new_table CAP_NET_ADMIN @ ns_capable fib_table_delete CAP_NET_ADMIN @ ns_capable inet_addr_type_table CAP_NET_ADMIN @ ns_capable fat_trim_fs CAP_LINUX_IMMUTABLE @ capable CAP_SYS_ADMIN @ capable inconsistent check switch_task_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable exit_shm CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable exit_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable create_new_namespaces CAP_SYS_ADMIN @ ns_capable percpu_ref_kill_and_confirm CAP_SYS_ADMIN @ capable reenable_swap_slots_cache_unlock CAP_SYS_ADMIN @ capable disable_swap_slots_cache_lock CAP_SYS_ADMIN @ capable security_vm_enough_memory_mm CAP_SYS_ADMIN @ capable pc_nvram_initialize CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable security_context_to_sid_force CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit dissolve_on_fput CAP_SYS_ADMIN @ ns_capable vfs_clean_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable dec_usb_memory_use_count CAP_SYS_ADMIN @ capable ipip6_tunnel_update CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ipip6_tunnel_create CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable dev_valid_name CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable put_ipc_ns CAP_SYS_RESOURCE @ capable inet6_addr_del CAP_NET_ADMIN @ ns_capable kthread_bind_mask CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kthread_stop CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable clockevents_config_and_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable serial8250_register_8250_port CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_xr17v35x_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_xr17c154_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_connect_tech_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ata_host_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ata_port_desc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ioremap_cache CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable devm_free_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable devres_add CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable devres_free CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pcie_capability_clear_and_set_word CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pcie_walk_rcec CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable blk_rq_map_user CAP_SYS_RAWIO @ capable device_set_wakeup_capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ns_get_attached_object CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_ns_walk_namespace CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_os_release_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kernfs_fop_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check acpi_sleep_proc_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_debugfs_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_scan_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable blkdev_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check bus_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable read_iter_null CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check acpi_ec_dsdt_probe CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_sysfs_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_run_osc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_get_handle CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable acpi_dev_clear_dependencies CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __request_region CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable irq_domain_remove CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dmar_fault CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_unlock_rescan_remove CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dmar_walk_dsm_resource CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_device_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sel_make_dir CAP_CHOWN @ avc_has_perm_noaudit register_syscore_ops CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable serport_ldisc_open CAP_SYS_MODULE @ capable intel_irq_postinstall CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_pm_attach_wake_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read_indirect_mbox CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read32_mbox_5906 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_free_rings CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_dev_exit CAP_SYS_ADMIN @ capable tg3_poll_fw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable synchronize_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_request_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable n_null_open CAP_SYS_MODULE @ capable mddev_unlock CAP_SYS_ADMIN @ capable tg3_halt CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tg3_read_indirect_reg32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable audit_seccomp_actions_logged CAP_SYS_ADMIN @ capable iowrite8 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_clean_rx_ring CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_open CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_phy_reset CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_read_phy_reg CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kmalloc_array.52114 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_open CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_sync_single_for_cpu CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable hugetlbfs_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check dma_sync_single_for_device CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_configure_k1_ich8lan CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_update_phy_info_task CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_free_desc_rings.52538 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable kmalloc_array.52534 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_reset CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable usleep_range_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000e_up CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cpu_latency_qos_remove_request CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_request_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable single_open CAP_SYS_ADMIN @ capable proc_mkdir CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_enable_msi CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_write_config_word CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_read_config_word CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable e1000_irq_disable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable unregister_netdev CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sky2_set_multicast CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_set_multicast CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable urandom_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check nv_set_loopback CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_update_linkspeed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_drain_rxtx CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_request_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nv_free_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_alloc_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_unmap_page_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rtl_fw_release_firmware CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable disable_dmar_iommu CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rtl8169_do_counters CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rtl8169_up CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __put_cred CAP_SYS_ADMIN @ ns_capable phy_set_max_speed CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_write_config_byte CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_write_config_dword CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable inconsistent check pci_read_config_dword CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable inconsistent check pci_irq_vector CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable xhci_dbg_trace CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable xhci_run CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable iommu_enable_translation CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i8042_flush CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable wait_for_completion_timeout CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable free_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __i8042_command CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable irq_chip_pm_put CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cgroup_do_get_tree CAP_SYS_ADMIN @ ns_capable cgroup_free_root CAP_SYS_ADMIN @ ns_capable cgroup_setup_root CAP_SYS_ADMIN @ ns_capable init_cgroup_root CAP_SYS_ADMIN @ ns_capable logfc CAP_SYS_ADMIN @ ns_capable check_cgroupfs_options CAP_SYS_ADMIN @ ns_capable cgroup_lock_and_drain_offline CAP_SYS_ADMIN @ ns_capable security_msg_queue_associate CAP_IPC_OWNER @ ns_capable tcp_send_window_probe CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable disable_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable unpin_user_pages_dirty_lock CAP_IPC_LOCK @ capable copy_page_to_iter CAP_IPC_LOCK @ capable copy_page_from_iter CAP_IPC_LOCK @ capable xol_free_insn_slot CAP_IPC_LOCK @ capable arch_uprobe_copy_ixol CAP_IPC_LOCK @ capable pci_mmcfg_late_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable unapply_uprobe CAP_IPC_LOCK @ capable free_ret_instance CAP_IPC_LOCK @ capable arch_uretprobe_is_alive CAP_IPC_LOCK @ capable arch_uretprobe_hijack_return_addr CAP_IPC_LOCK @ capable tcp_set_congestion_control CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable __create_xol_area CAP_IPC_LOCK @ capable arch_uprobe_ignore CAP_IPC_LOCK @ capable __uprobe_unregister CAP_IPC_LOCK @ capable vm_get_page_prot CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable down_write_killable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable selnl_notify_setenforce CAP_CHOWN @ avc_has_perm_noaudit kill_ioctx CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable vm_munmap CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable cpumask_weight.17702 CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable truncate_setsize CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable security_context_to_sid CAP_CHOWN @ avc_has_perm_noaudit page_remove_rmap CAP_IPC_LOCK @ capable refcount_dec_and_lock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable lru_cache_add_inactive_or_unevictable CAP_IPC_LOCK @ capable page_add_new_anon_rmap CAP_IPC_LOCK @ capable page_vma_mapped_walk CAP_IPC_LOCK @ capable __mmu_notifier_invalidate_range_start CAP_IPC_LOCK @ capable __lock_page CAP_IPC_LOCK @ capable pagecache_get_page CAP_IPC_LOCK @ capable copy_page CAP_IPC_LOCK @ capable __anon_vma_prepare CAP_IPC_LOCK @ capable kstrdup_quotable CAP_IPC_LOCK @ capable access_process_vm CAP_IPC_LOCK @ capable do_trace_write_msr CAP_IPC_LOCK @ capable do_trace_read_msr CAP_IPC_LOCK @ capable vm_access CAP_IPC_LOCK @ capable get_ucounts CAP_SYS_RESOURCE @ capable vm_access_ttm CAP_IPC_LOCK @ capable ttm_bo_vm_access CAP_IPC_LOCK @ capable kernfs_vma_access CAP_IPC_LOCK @ capable open_exec CAP_IPC_LOCK @ capable bprm_change_interp CAP_IPC_LOCK @ capable mm_trace_rss_stat CAP_IPC_LOCK @ capable ww_mutex_unlock CAP_IPC_LOCK @ capable __i915_gem_object_get_pages CAP_IPC_LOCK @ capable unpin_user_page CAP_IPC_LOCK @ capable bprm_execve CAP_IPC_LOCK @ capable is_file_shm_hugepages CAP_IPC_LOCK @ capable vma_is_shmem CAP_IPC_LOCK @ capable i915_driver_open CAP_SYS_ADMIN @ capable putback_movable_pages CAP_IPC_LOCK @ capable unpin_user_pages CAP_IPC_LOCK @ capable mdio_ctrl_hw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mod_node_page_state CAP_IPC_LOCK @ capable isolate_lru_page CAP_IPC_LOCK @ capable lru_add_drain_all CAP_IPC_LOCK @ capable PageHuge CAP_IPC_LOCK @ capable compat_put_bitmap CAP_IPC_LOCK @ capable find_extend_vma CAP_IPC_LOCK @ capable iov_iter_advance CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable inconsistent check __get_user_pages CAP_IPC_LOCK @ capable follow_hugetlb_page CAP_IPC_LOCK @ capable check_vma_flags CAP_IPC_LOCK @ capable get_gate_page CAP_IPC_LOCK @ capable in_gate_area CAP_IPC_LOCK @ capable __init_rwsem CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable populate_vma_page_range CAP_IPC_LOCK @ capable put_old_itimerspec32 CAP_WAKE_ALARM @ capable jbd2_journal_lock_updates CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_trim_fs CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_double_up_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_reset_inode_seed CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable swap_inode_data CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_double_down_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable slow_avc_audit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit shmem_lock CAP_IPC_LOCK @ ns_capable extract_entropy CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable write_pool_user CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable import_single_range CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check local_bh_enable.68300 CAP_NET_ADMIN @ ns_capable dev_change_carrier CAP_NET_ADMIN @ ns_capable nfs_swap_deactivate CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable _enable_swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable exit_swap_address_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable filemap_write_and_wait_range CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable blkdev_issue_discard CAP_SYS_ADMIN @ capable generic_swapfile_activate CAP_SYS_ADMIN @ capable ext4_iomap_swap_activate CAP_SYS_ADMIN @ capable probe_acpi_namespace_devices CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nfs_swap_activate CAP_SYS_ADMIN @ capable generic_setlease CAP_LEASE @ capable ktime_add_safe CAP_WAKE_ALARM @ capable alarmtimer_do_nsleep CAP_WAKE_ALARM @ capable do_timens_ktime_to_host CAP_WAKE_ALARM @ capable rpc_pipe_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check xt_compat_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable free_cgroup_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable snd_hwdep_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check serial8250_request_port CAP_SYS_ADMIN @ capable cache_ioctl_pipefs CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ns_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check rtnetlink_send CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable __import_iovec CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check user_disable_single_step CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check new_inode CAP_CHOWN @ avc_has_perm_noaudit seccomp_notify_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check cfg80211_mlme_purge_registrations CAP_NET_BROADCAST @ file_ns_capable posix_clock_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check rtc_dev_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check loop_control_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check update_ref_ctr CAP_IPC_LOCK @ capable send_signal CAP_KILL @ ns_capable ext4_swap_extents CAP_SYS_RESOURCE @ capable hung_up_tty_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check __ptrace_link CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable compat_ptr_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check inotify_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check __ext4_journal_start_sb CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check ext4_da_update_reserve_space CAP_SYS_RESOURCE @ capable nfs_unlink CAP_FOWNER @ capable_wrt_inode_uidgid redirected_tty_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check bdev_resize_partition CAP_SYS_ADMIN @ capable ata_acpi_dev_uevent CAP_NET_BROADCAST @ file_ns_capable shmem_unlink CAP_FOWNER @ capable_wrt_inode_uidgid msdos_unlink CAP_FOWNER @ capable_wrt_inode_uidgid htree_dirblock_to_tree CAP_SYS_RESOURCE @ capable drm_client_dev_restore CAP_NET_BROADCAST @ file_ns_capable security_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid autofs_dir_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid vfat_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid kernfs_iop_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid security_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid cleanup_single_sta CAP_NET_BROADCAST @ file_ns_capable i915_ioc32_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check get_net_ns_by_id CAP_NET_ADMIN @ netlink_ns_capable unlock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid propagate_mount_busy CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_xattr_inode_array_free CAP_SYS_RESOURCE @ capable set_cpus_allowed_ptr CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_key_free CAP_NET_BROADCAST @ file_ns_capable ext4_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid take_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid sg_new_read CAP_SYS_RAWIO @ capable may_delete CAP_FOWNER @ capable_wrt_inode_uidgid mq_select_queue CAP_NET_ADMIN @ netlink_ns_capable ieee80211_rx_bss_put CAP_NET_BROADCAST @ file_ns_capable perf_event_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable netlbl_unlabel_genl_init CAP_NET_BROADCAST @ file_ns_capable set_page_dirty_lock CAP_IPC_LOCK @ capable mntput_no_expire CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check acpi_evaluate_ej0 CAP_NET_BROADCAST @ file_ns_capable sta_info_get CAP_NET_BROADCAST @ file_ns_capable __tty_hangup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable bdev_del_partition CAP_SYS_ADMIN @ capable mqueue_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check security_sb_kern_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable perf_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check __vfs_removexattr CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check security_set_bools CAP_CHOWN @ avc_has_perm_noaudit cfg80211_rx_unprot_mlme_mgmt CAP_NET_BROADCAST @ file_ns_capable ida_alloc_range CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable thaw_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check usbdev_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check attach_recursive_mnt CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __do_loopback CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable intel_modeset_driver_remove CAP_NET_BROADCAST @ file_ns_capable acpi_ut_create_internal_object_dbg CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_free_keys_iface CAP_NET_BROADCAST @ file_ns_capable security_read_policy CAP_CHOWN @ avc_has_perm_noaudit sync_file_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check __audit_inode_child CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check reconfigure_super CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check wiphy_free CAP_NET_BROADCAST @ file_ns_capable kfree_skb_reason CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_IPC_LOCK @ capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_net_capable inconsistent check device_is_bound CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check ieee80211_txq_teardown_flows CAP_NET_BROADCAST @ file_ns_capable nv_init_ring CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __azx_runtime_resume CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mnt_warn_timestamp_expiry CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable pipe_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check __fsnotify_parent CAP_DAC_READ_SEARCH @ capable CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check xt_table_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable intel_ring_begin CAP_NET_BROADCAST @ file_ns_capable ieee80211_auth.73053 CAP_NET_BROADCAST @ file_ns_capable filename_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check jbd2_journal_flush CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable compat_table_info CAP_NET_ADMIN @ ns_capable netdev_info CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_ADMIN @ netlink_capable inconsistent check acpi_setup_sb_notify_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i915_gem_driver_unregister CAP_NET_BROADCAST @ file_ns_capable sd_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable set_cred_ucounts CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid __tcf_qdisc_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable fd_install CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_NET_ADMIN @ ns_capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_DAC_READ_SEARCH @ capable inconsistent check e1000_irq_enable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tracing_buffers_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check cfg80211_chandef_dfs_required CAP_NET_BROADCAST @ file_ns_capable down_read_interruptible CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check pps_cdev_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check security_perf_event_open CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check intel_user_framebuffer_dirty CAP_NET_BROADCAST @ file_ns_capable pps_cdev_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check autofs_dev_ioctl_compat CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check walk_component CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __ext4_new_inode CAP_SYS_RESOURCE @ capable e1000_clean_rx_ring.52607 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable change_mnt_propagation CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable vfs_mkdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check filename_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check security_task_fix_setuid CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid __ext4_error_inode CAP_SYS_RESOURCE @ capable vfs_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check d_exchange CAP_CHOWN @ avc_has_perm_noaudit CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check init_symlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_modeset_lock CAP_NET_BROADCAST @ file_ns_capable free_compound_page CAP_IPC_LOCK @ capable dir_add CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4fs_dirhash CAP_SYS_RESOURCE @ capable get_seccomp_filter CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable init_utimes CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check invoke_tx_handlers_early CAP_NET_BROADCAST @ file_ns_capable drm_modeset_acquire_init CAP_NET_BROADCAST @ file_ns_capable parse_monolithic_mount_data CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check proc_ns_file CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable regulatory_init CAP_NET_BROADCAST @ file_ns_capable init_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __setup_rt_frame CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tcf_proto_destroy CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable io_acct_cancel_pending_work CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check io_queue_async_work CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sg_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_fc_track_create CAP_SYS_RESOURCE @ capable __break_lease CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_fc_track_range CAP_SYS_RESOURCE @ capable umount_tree CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check vfs_rename CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_bus_read_config_byte CAP_NET_BROADCAST @ file_ns_capable efivar_validate CAP_SYS_ADMIN @ capable percpu_ref_resurrect CAP_SYS_ADMIN @ capable drm_minor_release CAP_NET_BROADCAST @ file_ns_capable __lookup_hash CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check write_iter_null CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check i915_gem_ww_ctx_backoff CAP_NET_BROADCAST @ file_ns_capable lock_rename CAP_CHOWN @ avc_has_perm_noaudit CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check d_alloc_name CAP_CHOWN @ avc_has_perm_noaudit ieee80211_reenable_keys CAP_NET_BROADCAST @ file_ns_capable block_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check filename_parentat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check terminate_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check truncate_inode_pages CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check drm_event_reserve_init_locked CAP_NET_BROADCAST @ file_ns_capable acpi_ut_remove_reference CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable bad_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid vfs_create_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable complete_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_ext_remove_space CAP_SYS_RESOURCE @ capable bad_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid acpi_enable_subsystem CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __tcf_block_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable step_into CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_request_find_table_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable security_sid_to_context_force CAP_CHOWN @ avc_has_perm_noaudit nfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ipip6_newlink CAP_NET_ADMIN @ netlink_ns_capable msdos_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_dostring CAP_SYS_ADMIN @ capable ext4_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_managed_release CAP_NET_BROADCAST @ file_ns_capable ext4_dx_csum CAP_SYS_RESOURCE @ capable ramfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_get_slot CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid rate_control_rate_update CAP_NET_BROADCAST @ file_ns_capable lock_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable perf_install_in_context CAP_SYS_ADMIN @ capable %14 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check pci_dev_put CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __pskb_pull_tail CAP_NET_BROADCAST @ file_ns_capable cfg80211_ref_bss CAP_NET_BROADCAST @ file_ns_capable xt_find_revision CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable hung_up_tty_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check hibernation_restore CAP_SYS_ADMIN @ capable proc_task_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netns_install CAP_SYS_ADMIN @ ns_capable dev_get_flags CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check isofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __ew32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_alloc_io_end_vec CAP_SYS_RESOURCE @ capable __init_swait_queue_head CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_NET_RAW @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_PACCT @ capable inconsistent check proc_lookupfd CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check autofs_root_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check proc_sys_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_chandef_downgrade CAP_NET_BROADCAST @ file_ns_capable auditd_reset CAP_NET_BROADCAST @ file_ns_capable ext4_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cfg80211_sta_opmode_change_notify CAP_NET_BROADCAST @ file_ns_capable vfat_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check out_of_line_wait_on_bit CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check autofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check namespace_unlock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check fsnotify_move CAP_FOWNER @ capable_wrt_inode_uidgid e1000e_release_hw_control CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ring_buffer_write CAP_SYSLOG @ has_capability_noaudit ieee80211_send_null_response CAP_NET_BROADCAST @ file_ns_capable bad_inode_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check commit_creds CAP_SETGID @ ns_capable_setid CAP_SETGID @ ns_capable_setid CAP_SETPCAP @ ns_capable CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid CAP_SETGID @ ns_capable_setid inconsistent check msdos_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_tgid_net_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check arch_uprobe_pre_xol CAP_IPC_LOCK @ capable init_chmod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_ibss_add_sta CAP_NET_BROADCAST @ file_ns_capable __ext4_xattr_check_block CAP_SYS_RESOURCE @ capable __d_lookup_done CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_vblank_get CAP_NET_BROADCAST @ file_ns_capable ext4_fc_track_link CAP_SYS_RESOURCE @ capable drm_property_free_blob CAP_NET_BROADCAST @ file_ns_capable nfs_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_wake_queues_by_reason CAP_NET_BROADCAST @ file_ns_capable perf_event_alloc CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check current_umask CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check acpi_ut_release_mutex CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable d_alloc_parallel CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_xattr_block_csum CAP_SYS_RESOURCE @ capable ext4_force_commit CAP_SYS_ADMIN @ capable drm_mode_plane_set_obj_prop CAP_NET_BROADCAST @ file_ns_capable vfs_fchmod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check audit_log_path_denied CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check skb_copy_expand CAP_SYS_ADMIN @ netlink_ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check __audit_inode CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drv_start_nan CAP_NET_BROADCAST @ file_ns_capable d_invalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check uart_shutdown CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_claim_free_clusters CAP_SYS_RESOURCE @ capable __ipv6_dev_ac_inc CAP_NET_ADMIN @ ns_capable __ext4_read_dirblock CAP_SYS_RESOURCE @ capable ieee80211_freq_khz_to_channel CAP_NET_BROADCAST @ file_ns_capable arch_uprobe_skip_sstep CAP_IPC_LOCK @ capable get_fs_type CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable drm_primary_helper_update CAP_NET_BROADCAST @ file_ns_capable nfs4_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check copy_time_ns CAP_SYS_ADMIN @ ns_capable vfat_revalidate_ci CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check map_files_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check acpi_sleep_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dev_driver_string CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check mntns_install CAP_SYS_ADMIN @ ns_capable vfs_tmpfile CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_net_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check fs_context_for_reconfigure CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dev_close CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_release_io_end CAP_SYS_RESOURCE @ capable i915_gem_context_release CAP_SYS_ADMIN @ capable e1000_configure_msix CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_ext_release CAP_SYS_RESOURCE @ capable task_join_group_stop CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable tg3_switch_clocks CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable md_set_read_only CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable max_swapfile_size CAP_SYS_ADMIN @ capable proc_sys_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pid_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check page_mapped CAP_IPC_LOCK @ capable vfs_path_lookup CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check xt_compat_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable alloc_file_clone CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check vfat_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_commit_super CAP_SYS_RESOURCE @ capable kernfs_dop_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pipe_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check simple_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid nd_jump_link CAP_SYS_ADMIN @ ns_capable %5 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i1 (%struct.user_namespace.177593*, i32)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), i32 40) #78 cap_no=40 inconsistent check ieee80211_sta_rx_bw_to_chan_width CAP_NET_BROADCAST @ file_ns_capable ioread8 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable set_fs_pwd CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check do_kexec_load CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable ext4_mb_release CAP_SYS_RESOURCE @ capable __hw_addr_unsync CAP_NET_BROADCAST @ file_ns_capable xt_compat_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable __SCT__tp_func_io_uring_create CAP_IPC_LOCK @ capable security_kernel_load_data CAP_SYS_BOOT @ capable CAP_SYS_MODULE @ capable CAP_SYS_BOOT @ capable inconsistent check kernel_wait CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check tg3_frob_aux_power CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable fpu__clear_user_states CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dev_add_pack CAP_NET_RAW @ ns_capable sock_release CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check drm_crtc_check_viewport CAP_NET_BROADCAST @ file_ns_capable ieee80211_send_delba CAP_NET_BROADCAST @ file_ns_capable ww_mutex_lock_interruptible CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check cgroup_enter_frozen CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check __ext4_iget CAP_SYS_RESOURCE @ capable destroy_workqueue CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_RESOURCE @ capable inconsistent check task_set_jobctl_pending CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check dquot_free_inode CAP_SYS_RESOURCE @ capable ext4_xattr_block_set CAP_SYS_RESOURCE @ capable i915_active_ref CAP_NET_BROADCAST @ file_ns_capable xt_find_table_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable io_ring_ctx_wait_and_kill CAP_IPC_LOCK @ capable ext4_read_bh_lock CAP_SYS_RESOURCE @ capable d_instantiate_new CAP_SYS_RESOURCE @ capable bitmap_parse CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check pci_user_read_config_dword CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check netif_carrier_on CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check drm_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dquot_drop CAP_SYS_RESOURCE @ capable io_arm_poll_handler CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ata_task_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check acpi_wakeup_device_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_unlink CAP_FOWNER @ capable_wrt_inode_uidgid xt_compat_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable vfs_symlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_fastcom335_setup CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_bio_write_page CAP_SYS_RESOURCE @ capable fat_compat_dir_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check d_add CAP_CHOWN @ avc_has_perm_noaudit tid_fd_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_sigaction CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check nla_strcmp CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable ext4_orphan_cleanup CAP_SYS_RESOURCE @ capable __netif_set_xps_queue CAP_NET_ADMIN @ ns_capable security_sb_pivotroot CAP_SYS_ADMIN @ ns_capable blk_queue_flag_clear CAP_SYS_ADMIN @ capable snapshot_get_image_size CAP_SYS_ADMIN @ capable mpage_process_page_bufs CAP_SYS_RESOURCE @ capable vfs_parse_fs_string CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ext4_bread CAP_SYS_RESOURCE @ capable netdev_master_upper_dev_get CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check snapshot_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_es_delayed_clu CAP_SYS_RESOURCE @ capable lock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid uart_startup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfs_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check strndup_user CAP_SYS_ADMIN @ ns_capable CAP_SYS_TTY_CONFIG @ capable inconsistent check put_mnt_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check msdos_rename CAP_FOWNER @ capable_wrt_inode_uidgid security_get_user_sids CAP_CHOWN @ avc_has_perm_noaudit modify_user_hw_breakpoint_check CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check mb_cache_entry_create CAP_SYS_RESOURCE @ capable exit_task_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable netif_device_attach CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nl80211_notify_iface CAP_NET_BROADCAST @ file_ns_capable mount_too_revealing CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable intel_modeset_driver_remove_nogem CAP_NET_BROADCAST @ file_ns_capable shrink_dcache_parent CAP_CHOWN @ avc_has_perm_noaudit CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check wake_up_var CAP_SYS_RESOURCE @ capable dev_set_mtu CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable acpi_install_table_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __mmap_lock_do_trace_start_locking CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check cfg80211_auth_timeout CAP_NET_BROADCAST @ file_ns_capable ext4_discard_preallocations CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check ext4_ind_remove_space CAP_SYS_RESOURCE @ capable mount_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __perf_remove_from_context CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check unlock_buffer CAP_SYS_RESOURCE @ capable x86_pmu_aux_output_match CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check jbd2_journal_unlock_updates CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __cfg80211_disconnected CAP_NET_BROADCAST @ file_ns_capable bdev_add_partition CAP_SYS_ADMIN @ capable shmem_xattr_handler_get CAP_SYS_ADMIN @ capable drm_prime_destroy_file_private CAP_SYS_ADMIN @ capable pci_intx CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable device_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check cfg80211_find_elem_match CAP_NET_BROADCAST @ file_ns_capable ext4_inode_journal_mode CAP_SYS_RESOURCE @ capable e1000_reset CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable bad_area CAP_IPC_LOCK @ capable ext4_xattr_trusted_get CAP_SYS_ADMIN @ capable ext4_delete_entry CAP_SYS_RESOURCE @ capable iommu_device_sysfs_add CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable xt_compat_flush_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable __lock_buffer CAP_SYS_RESOURCE @ capable init_mkdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_modeset_backoff CAP_NET_BROADCAST @ file_ns_capable down_read_killable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check tg3_ptp_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable __tcf_chain_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable track_pfn_insert CAP_SYS_ADMIN @ capable drm_modeset_unlock CAP_NET_BROADCAST @ file_ns_capable ptep_set_access_flags CAP_SYS_ADMIN @ capable ext4_count_free_clusters CAP_SYS_RESOURCE @ capable drm_connector_free CAP_NET_BROADCAST @ file_ns_capable ext4_append CAP_SYS_RESOURCE @ capable congestion_wait CAP_SYS_RESOURCE @ capable ieee80211_run_deferred_scan CAP_NET_BROADCAST @ file_ns_capable hibernation_snapshot CAP_SYS_ADMIN @ capable autofs_root_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check perf_kprobe_init CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check __ext4_journal_get_create_access CAP_SYS_RESOURCE @ capable unlock_new_inode CAP_SYS_RESOURCE @ capable ip_tunnel_bind_dev CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable acpi_processor_power_exit CAP_NET_BROADCAST @ file_ns_capable io_uring_alloc_task_context CAP_IPC_LOCK @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check sd_config_write_same CAP_SYS_ADMIN @ capable ext4_dirblock_csum_verify CAP_SYS_RESOURCE @ capable __ext4_std_error CAP_SYS_RESOURCE @ capable ring_buffer_nest_start CAP_SYSLOG @ has_capability_noaudit __ftrace_trace_stack CAP_SYSLOG @ has_capability_noaudit security_inode_rename CAP_FOWNER @ capable_wrt_inode_uidgid sync_blockdev CAP_SYS_RESOURCE @ capable io_req_complete_post CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_set_wmm_default CAP_NET_BROADCAST @ file_ns_capable acpi_processor_ignore_ppc_init CAP_NET_BROADCAST @ file_ns_capable dm_compat_ctl_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check bcmp CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check ihold CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check eventfd_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check ext4_add_entry CAP_SYS_RESOURCE @ capable security_transition_sid_user CAP_CHOWN @ avc_has_perm_noaudit __cpuhp_remove_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable percpu_counter_destroy CAP_SYS_RESOURCE @ capable ext4_empty_dir CAP_SYS_RESOURCE @ capable snd_timer_user_ioctl_compat CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check blk_rq_map_user_iov CAP_SYS_RAWIO @ capable power_supply_changed CAP_NET_BROADCAST @ file_ns_capable path_openat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check serial8250_release_port CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable hrtimer_start_range_ns CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netlbl_calipso_genl_init CAP_NET_BROADCAST @ file_ns_capable e1000_power_up_phy CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_orphan_del CAP_SYS_RESOURCE @ capable mpage_map_one_extent CAP_SYS_RESOURCE @ capable swsusp_swap_in_use CAP_SYS_ADMIN @ capable nv_stop_rxtx CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ptep_clear_flush CAP_IPC_LOCK @ capable local_bh_enable.71943 CAP_NET_BROADCAST @ file_ns_capable unregister_netdevice_queue CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check ieee80211_remove_interfaces CAP_NET_BROADCAST @ file_ns_capable __detach_mounts CAP_FOWNER @ capable_wrt_inode_uidgid signal_wake_up_state CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check drm_dev_get CAP_SYS_ADMIN @ capable tg3_phy_start CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __ieee80211_unschedule_txq CAP_NET_BROADCAST @ file_ns_capable copy_string_kernel CAP_IPC_LOCK @ capable ext4_xattr_inode_update_ref CAP_SYS_RESOURCE @ capable dev_set_alias CAP_NET_ADMIN @ ns_capable snd_hwdep_ioctl_compat CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check replace_mm_exe_file CAP_SYS_RESOURCE @ capable ext4_mark_recovery_complete CAP_SYS_RESOURCE @ capable rhashtable_destroy CAP_IPC_LOCK @ capable request_threaded_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_buf_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_xattr_block_find CAP_SYS_RESOURCE @ capable __getblk_gfp CAP_SYS_RESOURCE @ capable drm_modeset_drop_locks CAP_NET_BROADCAST @ file_ns_capable swsusp_free CAP_SYS_ADMIN @ capable drm_atomic_helper_dirtyfb CAP_NET_BROADCAST @ file_ns_capable simple_read_from_buffer CAP_CHOWN @ avc_has_perm_noaudit snapshot_image_loaded CAP_SYS_ADMIN @ capable cgroup_can_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable selinux_netlbl_cache_invalidate CAP_NET_BROADCAST @ file_ns_capable ext4_es_unregister_shrinker CAP_SYS_RESOURCE @ capable path_lookupat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_request_find_target CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ext4_alloc_file_blocks CAP_SYS_RESOURCE @ capable fifo_hd_init CAP_NET_ADMIN @ netlink_ns_capable intel_irq_uninstall CAP_NET_BROADCAST @ file_ns_capable drop_super_exclusive CAP_SYS_ADMIN @ capable ext4_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check tracefs_syscall_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid gen_replace_estimator CAP_NET_ADMIN @ netlink_ns_capable bitmap_free CAP_NET_ADMIN @ ns_capable simple_rename CAP_FOWNER @ capable_wrt_inode_uidgid netlink_rcv_skb CAP_NET_ADMIN @ netlink_net_capable unregister_pernet_device CAP_NET_BROADCAST @ file_ns_capable scsi_init_command CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check vfs_mknod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_property_replace_blob CAP_NET_BROADCAST @ file_ns_capable drm_atomic_get_plane_state CAP_NET_BROADCAST @ file_ns_capable kernfs_iop_rename CAP_FOWNER @ capable_wrt_inode_uidgid ata_cmd_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check mon_bin_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ___ieee80211_stop_tx_ba_session CAP_NET_BROADCAST @ file_ns_capable nfs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check maybe_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netif_receive_skb_list CAP_NET_BROADCAST @ file_ns_capable mb_cache_entry_touch CAP_SYS_RESOURCE @ capable security_inode_removexattr CAP_SYS_ADMIN @ capable dev_mc_del CAP_NET_ADMIN @ netlink_capable rtnl_fdb_notify CAP_NET_ADMIN @ netlink_capable irq_domain_free_irqs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_rename_dir_finish CAP_SYS_RESOURCE @ capable pgprot_writecombine CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable pagecache_isize_extended CAP_SYS_RESOURCE @ capable ext4_extent_block_csum_set CAP_SYS_RESOURCE @ capable ieee80211_purge_tx_queue CAP_NET_BROADCAST @ file_ns_capable snd_disconnect_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check proc_reg_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dput_to_list CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable compat_sock_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check rtnl_register CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check nfs4_have_delegation CAP_LEASE @ capable mon_bin_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check qdisc_lookup CAP_NET_ADMIN @ netlink_ns_capable qdisc_create CAP_NET_ADMIN @ netlink_ns_capable proc_map_files_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_clear_inode CAP_SYS_RESOURCE @ capable io_free_req CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check phy_attached_info CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable blkdev_get_by_dev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable i915_ttm_adjust_lru CAP_IPC_LOCK @ capable sysfs_remove_link CAP_NET_BROADCAST @ file_ns_capable vfat_unlink CAP_FOWNER @ capable_wrt_inode_uidgid scsi_try_bus_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check kernfs_iop_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __cpuhp_setup_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check pci_disable_device CAP_SYS_ADMIN @ capable __ext4_journal_get_write_access CAP_SYS_RESOURCE @ capable mq_walk CAP_NET_ADMIN @ netlink_ns_capable bad_inode_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid iommu_set_dma_strict CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable pci_user_read_config_byte CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check nfs_file_read CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check register_inet6addr_notifier CAP_NET_BROADCAST @ file_ns_capable alloc_file_pseudo CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check nfs_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check try_to_unlazy CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check blk_queue_max_discard_sectors CAP_SYS_ADMIN @ capable _find_first_bit CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check vfat_rename CAP_FOWNER @ capable_wrt_inode_uidgid d_splice_alias CAP_SYS_RESOURCE @ capable mq_leaf CAP_NET_ADMIN @ netlink_ns_capable hex_to_bin CAP_CHOWN @ avc_has_perm_noaudit ext4_wait_for_tail_page_commit CAP_SYS_RESOURCE @ capable pci_walk_bus CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mq_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable uprobe_copy_process CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable i915_gem_ww_ctx_init CAP_NET_BROADCAST @ file_ns_capable bitmap_zalloc CAP_NET_ADMIN @ ns_capable __pagevec_release CAP_SYS_RESOURCE @ capable regulatory_exit CAP_NET_BROADCAST @ file_ns_capable ext4_should_retry_alloc CAP_SYS_RESOURCE @ capable azx_probe_codecs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __nla_parse CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check security_sem_associate CAP_IPC_OWNER @ ns_capable empty_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check blk_rq_init CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check drv_sta_state CAP_NET_BROADCAST @ file_ns_capable untrack_pfn CAP_SYS_ADMIN @ capable drm_debugfs_cleanup CAP_NET_BROADCAST @ file_ns_capable lock_device_hotplug CAP_SYS_ADMIN @ capable perf_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ieee80211_smps_mode_to_smps_mode CAP_NET_BROADCAST @ file_ns_capable shmem_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid drm_lease_held CAP_NET_BROADCAST @ file_ns_capable ext4_handle_dirty_dx_node CAP_SYS_RESOURCE @ capable drm_primary_helper_disable CAP_NET_BROADCAST @ file_ns_capable drm_connector_set_obj_prop CAP_NET_BROADCAST @ file_ns_capable fifo_init CAP_NET_ADMIN @ netlink_ns_capable selinux_policy_genfs_sid CAP_CHOWN @ avc_has_perm_noaudit do_trace_netlink_extack CAP_SYS_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check __mb_cache_entry_free CAP_SYS_RESOURCE @ capable vfs_fchown CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __mnt_want_write CAP_SYS_PACCT @ capable nfs_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid codel_dequeue_func CAP_NET_BROADCAST @ file_ns_capable sta_info_insert CAP_NET_BROADCAST @ file_ns_capable dec_rlimit_ucounts CAP_SYS_RESOURCE @ capable crypto_shash_update CAP_SYS_RESOURCE @ capable drm_get_mode_status_name CAP_NET_BROADCAST @ file_ns_capable xt_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ext4_get_block CAP_SYS_RESOURCE @ capable __mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check __ext4_fc_track_link CAP_SYS_RESOURCE @ capable truncate_pagecache_range CAP_SYS_RESOURCE @ capable percpu_free_rwsem CAP_SYS_RESOURCE @ capable ext4_superblock_csum_set CAP_SYS_RESOURCE @ capable ldsem_down_write CAP_SYS_MODULE @ capable init_special_inode CAP_SYS_RESOURCE @ capable enable_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_fc_commit CAP_SYS_RESOURCE @ capable msdos_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid ext4_xattr_inode_iget CAP_SYS_RESOURCE @ capable ext4_fc_stop_update CAP_SYS_RESOURCE @ capable qdisc_notify CAP_NET_ADMIN @ netlink_ns_capable ext4_free_inode CAP_SYS_RESOURCE @ capable acpi_install_notify_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ext4_xattr_set_entry CAP_SYS_RESOURCE @ capable acpi_bus_init_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable compat_blkdev_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_unregister_sysfs CAP_SYS_RESOURCE @ capable ieee80211_teardown_tdls_peers CAP_NET_BROADCAST @ file_ns_capable try_to_free_swap CAP_IPC_LOCK @ capable pci_config_pm_runtime_put CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check __setplane_check CAP_NET_BROADCAST @ file_ns_capable __ext4_msg CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check shmem_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid add_dirent_to_buf CAP_SYS_RESOURCE @ capable drm_is_current_master CAP_NET_BROADCAST @ file_ns_capable sparse_keymap_report_event CAP_NET_BROADCAST @ file_ns_capable suspend_devices_and_enter CAP_SYS_ADMIN @ capable bad_inode_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check put_pid_ns CAP_SYS_ADMIN @ ns_capable __ext4_warning_inode CAP_SYS_RESOURCE @ capable ring_buffer_nest_end CAP_SYSLOG @ has_capability_noaudit __ext4_find_entry CAP_SYS_RESOURCE @ capable crypto_destroy_tfm CAP_SYS_RESOURCE @ capable e1000e_reset_interrupt_capability CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable mutex_is_locked CAP_NET_BROADCAST @ file_ns_capable timens_commit CAP_SYS_ADMIN @ ns_capable release_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid ext4_mark_iloc_dirty CAP_SYS_RESOURCE @ capable dm_blk_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ieee80211_check_fast_xmit CAP_NET_BROADCAST @ file_ns_capable free_nsproxy CAP_SYS_ADMIN @ ns_capable cn_netlink_send CAP_NET_ADMIN @ __netlink_ns_capable __ext4_journal_stop CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check random_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check d_move CAP_FOWNER @ capable_wrt_inode_uidgid unregister_netdevice_notifier CAP_NET_BROADCAST @ file_ns_capable acpi_early_processor_set_pdc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __ext4_handle_dirty_metadata CAP_SYS_RESOURCE @ capable ip6_input CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable ext4_zero_partial_blocks CAP_SYS_RESOURCE @ capable set_normalized_timespec64 CAP_SYS_TIME @ file_ns_capable page_cache_sync_ra CAP_SYS_RESOURCE @ capable do_move_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable irq_set_affinity CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable sock_wfree CAP_NET_BROADCAST @ file_ns_capable ext4_fc_mark_ineligible CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check hibernation_platform_enter CAP_SYS_ADMIN @ capable ext4_xattr_delete_inode CAP_SYS_RESOURCE @ capable _credit_init_bits CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_free_blocks CAP_SYS_RESOURCE @ capable __drm_dbg CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ capable %258 = call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %124 = call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %22 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %14 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check ext4_release_system_zone CAP_SYS_RESOURCE @ capable snapshot_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_inode_attach_jinode CAP_SYS_RESOURCE @ capable ext4_enable_quotas CAP_SYS_RESOURCE @ capable qdisc_get_stab CAP_NET_ADMIN @ netlink_ns_capable shmem_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_fc_record_regions CAP_SYS_RESOURCE @ capable synchronize_net CAP_NET_BROADCAST @ file_ns_capable ext4_last_io_end_vec CAP_SYS_RESOURCE @ capable ieee80211_mgd_quiesce CAP_NET_BROADCAST @ file_ns_capable ext4_ext_tree_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable kfree_skb_list CAP_NET_BROADCAST @ file_ns_capable __sta_info_flush CAP_NET_BROADCAST @ file_ns_capable genl_unregister_family CAP_NET_BROADCAST @ file_ns_capable rtc_set_time CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check pci_mmap_page_range CAP_SYS_RAWIO @ capable tty_lock CAP_SYS_MODULE @ capable security_sb_umount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check __ext4_check_dir_entry CAP_SYS_RESOURCE @ capable blk_queue_flag_set CAP_SYS_ADMIN @ capable percpu_ref_exit CAP_SYS_ADMIN @ capable ieee80211_set_sdata_offload_flags CAP_NET_BROADCAST @ file_ns_capable qdisc_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable proc_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_xattr_destroy_cache CAP_SYS_RESOURCE @ capable ext4_ext_shift_extents CAP_SYS_RESOURCE @ capable ext4_rename_dir_prepare CAP_SYS_RESOURCE @ capable ext4_es_insert_extent CAP_SYS_RESOURCE @ capable ieee80211_recalc_idle CAP_NET_BROADCAST @ file_ns_capable ieee80211_tx_monitor CAP_NET_BROADCAST @ file_ns_capable io_issue_sqe CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ip_local_deliver CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable random_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check dev_ethtool CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check sched_post_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable snd_card_disconnect CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_framebuffer_free CAP_NET_BROADCAST @ file_ns_capable drm_master_open CAP_SYS_ADMIN @ capable phy_connect_direct CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable invalidate_bdev CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check e1000_set_phy_loopback CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_do_open CAP_NET_BROADCAST @ file_ns_capable bad_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_halt CAP_SYS_BOOT @ ns_capable tty_vhangup_self CAP_SYS_TTY_CONFIG @ capable ext4_issue_zeroout CAP_SYS_RESOURCE @ capable ext4_alloc_da_blocks CAP_SYS_RESOURCE @ capable snd_timer_user_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check xt_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ring_buffer_unlock_commit CAP_SYSLOG @ has_capability_noaudit ext4_htree_store_dirent CAP_SYS_RESOURCE @ capable __ext4_error_file CAP_SYS_RESOURCE @ capable copy_strings CAP_IPC_LOCK @ capable thermal_cooling_device_unregister CAP_NET_BROADCAST @ file_ns_capable acpi_os_acquire_lock CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable jbd2_journal_inode_ranged_write CAP_SYS_RESOURCE @ capable loop_info64_to_compat CAP_SYS_ADMIN @ capable ieee80211_sta_join_ibss CAP_NET_BROADCAST @ file_ns_capable proc_root_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check init_mknod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check do_truncate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check qdisc_put_unlocked CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable avc_set_cache_threshold CAP_CHOWN @ avc_has_perm_noaudit ida_free CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable call_blocking_lsm_notifier CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_BROADCAST @ file_ns_capable inconsistent check netdev_state_change CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check ext4_ind_truncate_ensure_credits CAP_SYS_RESOURCE @ capable ext4_find_extent CAP_SYS_RESOURCE @ capable ipcns_install CAP_SYS_ADMIN @ ns_capable create_empty_buffers CAP_SYS_RESOURCE @ capable llist_add_batch CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable ext4_map_blocks CAP_SYS_RESOURCE @ capable i915_gem_flush_free_objects CAP_NET_BROADCAST @ file_ns_capable ext4_mb_mark_bb CAP_SYS_RESOURCE @ capable security_member_sid CAP_CHOWN @ avc_has_perm_noaudit vfs_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_gem_open CAP_SYS_ADMIN @ capable tty_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dquot_add_space CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable static_key_slow_dec CAP_NET_ADMIN @ capable free_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable sd_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_ext_try_to_merge CAP_SYS_RESOURCE @ capable is_swbp_insn CAP_IPC_LOCK @ capable inode_owner_or_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check send_sig_info CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check dm_issue_global_event CAP_SYS_ADMIN @ capable ieee80211_destroy_frag_cache CAP_NET_BROADCAST @ file_ns_capable ext4_truncate CAP_SYS_RESOURCE @ capable __dquot_alloc_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check audit_log_multicast CAP_AUDIT_READ @ capable nfs4_xattr_get_nfs4_acl CAP_SYS_ADMIN @ capable __mnt_drop_write CAP_SYS_PACCT @ capable ieee80211_xmit_fast_finish CAP_NET_BROADCAST @ file_ns_capable __sta_info_destroy CAP_NET_BROADCAST @ file_ns_capable proc_lookupfdinfo CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check init_chown CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cpus_read_lock CAP_NET_ADMIN @ ns_capable drm_atomic_connector_commit_dpms CAP_NET_BROADCAST @ file_ns_capable cpus_read_unlock CAP_NET_ADMIN @ ns_capable housekeeping_cpumask CAP_NET_ADMIN @ capable uart_set_ldisc CAP_SYS_MODULE @ capable static_key_slow_inc CAP_NET_ADMIN @ capable dev_set_threaded CAP_NET_ADMIN @ ns_capable dm_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable evdev_ioctl_compat CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check msr_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check i915_driver_lastclose CAP_NET_BROADCAST @ file_ns_capable ext4_sb_bread CAP_SYS_RESOURCE @ capable dev_uc_del CAP_NET_ADMIN @ netlink_capable drm_property_create_blob CAP_NET_BROADCAST @ file_ns_capable dev_ifsioc CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check freeze_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check qdisc_graft CAP_NET_ADMIN @ netlink_ns_capable snd_ctl_ioctl_compat CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dev_get_mac_address CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check __lookup_slow CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check find_task_by_vpid CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check __cleanup_nmi CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ksys_sync_helper CAP_SYS_ADMIN @ capable ext4_fc_track_unlink CAP_SYS_RESOURCE @ capable acpi_early_processor_osc CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable i915_gem_suspend CAP_NET_BROADCAST @ file_ns_capable snapshot_write_finalize CAP_SYS_ADMIN @ capable tcf_proto_signal_destroying CAP_NET_ADMIN @ netlink_ns_capable free_fs_struct CAP_SYS_ADMIN @ ns_capable swap_type_of CAP_SYS_ADMIN @ capable ieee80211_clear_tx_pending CAP_NET_BROADCAST @ file_ns_capable unlock_device_hotplug CAP_SYS_ADMIN @ capable ext4_xattr_hurd_get CAP_SYS_ADMIN @ capable uts_proc_notify CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable _dev_err CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable inconsistent check autofs_dev_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check drm_gem_handle_create CAP_NET_BROADCAST @ file_ns_capable dev_change_tx_queue_len CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check link_path_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ip_tunnel_update CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable snd_seq_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check pci_disable_msix CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __rseq_handle_notify_resume CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ata_acpi_ap_uevent CAP_NET_BROADCAST @ file_ns_capable scsi_autopm_get_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check netlbl_unlabel_defconf CAP_NET_BROADCAST @ file_ns_capable serial8250_config_port CAP_SYS_ADMIN @ capable dm_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable drv_event_callback.72991 CAP_NET_BROADCAST @ file_ns_capable i915_perf_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check cfg80211_sme_disassoc CAP_NET_BROADCAST @ file_ns_capable free_netdev CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check drm_master_put CAP_NET_BROADCAST @ file_ns_capable alloc_netdev_mqs CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable __put_net CAP_NET_BROADCAST @ file_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable inconsistent check kernfs_vfs_xattr_get CAP_SYS_ADMIN @ capable security_locked_down CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_BOOT @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_BOOT @ capable CAP_SYS_RAWIO @ capable inconsistent check e1000_write_phy_reg CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dquot_quota_off CAP_SYS_RESOURCE @ capable __mmap_lock_do_trace_acquire_returned CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check cfg80211_assoc_timeout CAP_NET_BROADCAST @ file_ns_capable security_get_bools CAP_CHOWN @ avc_has_perm_noaudit find_get_context CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check set_fs_root CAP_SYS_CHROOT @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ldsem_up_write CAP_SYS_MODULE @ capable __mmap_lock_do_trace_released CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check try_to_unuse CAP_SYS_ADMIN @ capable acpi_ev_init_global_lock_handler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_reconfig CAP_NET_BROADCAST @ file_ns_capable kernel_read_file_from_fd CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable vfs_unlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __mmu_notifier_invalidate_range CAP_IPC_LOCK @ capable proc_attr_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_free_keys CAP_NET_BROADCAST @ file_ns_capable flush_delayed_work CAP_NET_BROADCAST @ file_ns_capable cfg80211_rdev_free_coalesce CAP_NET_BROADCAST @ file_ns_capable dma_map_page_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable d_obtain_alias CAP_CHOWN @ avc_has_perm_noaudit CAP_SYS_RESOURCE @ capable inconsistent check wiphy_regulatory_register CAP_NET_BROADCAST @ file_ns_capable iomem_is_exclusive CAP_SYS_RAWIO @ capable proc_tgid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sr_reset CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable clear_page_dirty_for_io CAP_SYS_RESOURCE @ capable e1000e_phc_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable tg3_reset_hw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __is_local_mountpoint CAP_FOWNER @ capable_wrt_inode_uidgid destroy_local_trace_uprobe CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check free_all_swap_pages CAP_SYS_ADMIN @ capable snd_ctl_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check rfkill_destroy CAP_NET_BROADCAST @ file_ns_capable handle_mm_fault CAP_IPC_LOCK @ capable pci_user_read_config_word CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check __starget_for_each_device CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check security_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check scsi_try_host_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check snd_seq_ioctl_compat CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check selinux_policy_commit CAP_CHOWN @ avc_has_perm_noaudit debugfs_remove CAP_NET_BROADCAST @ file_ns_capable scsi_autopm_put_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check pci_config_pm_runtime_get CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check __SCT__tp_func_sched_process_fork CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check fat_generic_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check d_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drv_change_interface CAP_NET_BROADCAST @ file_ns_capable tty_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check fat_dir_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ieee80211_setup_sdata CAP_NET_BROADCAST @ file_ns_capable proc_misc_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check thermal_zone_device_critical CAP_NET_BROADCAST @ file_ns_capable posix_clock_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check napi_gro_receive CAP_NET_BROADCAST @ file_ns_capable drm_gem_handle_delete CAP_NET_BROADCAST @ file_ns_capable proc_reg_unlocked_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check sock_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ieee80211_stop_tx_ba_cb CAP_NET_BROADCAST @ file_ns_capable ext4_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check vfs_get_tree CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable rfkill_fop_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check nvram_misc_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check hidraw_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check evdev_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check dm_ctl_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check rtc_dev_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_setent CAP_SYS_RESOURCE @ capable drv_ampdu_action CAP_NET_BROADCAST @ file_ns_capable xt_compat_add_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable shmem_unlock_mapping CAP_IPC_LOCK @ ns_capable CAP_IPC_LOCK @ capable inconsistent check simple_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_split_extent_at CAP_SYS_RESOURCE @ capable audit_inode_permission CAP_CHOWN @ avc_has_perm_noaudit is_subdir CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __get_locked_pte CAP_SYS_ADMIN @ capable tg3_enable_ints CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __mmu_notifier_invalidate_range_end CAP_IPC_LOCK @ capable md_compat_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable drm_dev_put CAP_NET_BROADCAST @ file_ns_capable _atomic_dec_and_lock CAP_SYS_ADMIN @ capable fsync_bdev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable io_clean_op CAP_BLOCK_SUSPEND @ capable dm_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cfg80211_sme_assoc_timeout CAP_NET_BROADCAST @ file_ns_capable alloc_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable cfg80211_init_wdev CAP_NET_BROADCAST @ file_ns_capable sd_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable devres_remove_group CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __mmu_notifier_change_pte CAP_IPC_LOCK @ capable dm_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ieee80211_recalc_sw_work CAP_NET_BROADCAST @ file_ns_capable sd_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable lo_compat_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cancel_delayed_work CAP_NET_BROADCAST @ file_ns_capable ieee80211_reset_erp_info CAP_NET_BROADCAST @ file_ns_capable blkdev_compat_ptr_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable lo_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sd_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable tg3_restart_hw CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable bsg_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check md_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable drm_file_free CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check cpu_hotplug_enable CAP_NET_BROADCAST @ file_ns_capable pci_mmap_fits CAP_SYS_RAWIO @ capable timens_install CAP_SYS_ADMIN @ ns_capable file_update_time CAP_FSETID @ capable drm_property_change_valid_get CAP_NET_BROADCAST @ file_ns_capable i915_gem_ww_ctx_fini CAP_NET_BROADCAST @ file_ns_capable ring_buffer_event_data CAP_SYSLOG @ has_capability_noaudit is_ucounts_overlimit CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid do_split CAP_SYS_RESOURCE @ capable ring_buffer_lock_reserve CAP_SYSLOG @ has_capability_noaudit cfg80211_abandon_assoc CAP_NET_BROADCAST @ file_ns_capable utsns_install CAP_SYS_ADMIN @ ns_capable migrate_pages CAP_IPC_LOCK @ capable filter_match_preds CAP_SYSLOG @ has_capability_noaudit ieee80211_recalc_smps CAP_NET_BROADCAST @ file_ns_capable drm_dev_dbg CAP_NET_BROADCAST @ file_ns_capable sock_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check ring_buffer_discard_commit CAP_SYSLOG @ has_capability_noaudit drm_mode_object_get CAP_NET_BROADCAST @ file_ns_capable put_sg_io_hdr CAP_SYS_RAWIO @ capable xt_compat_match_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable hugetlbfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check anon_inode_getfd CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable security_task_setscheduler CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ ns_capable inconsistent check ext4_orphan_add CAP_SYS_RESOURCE @ capable nla_strscpy CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable acpi_initialize_objects CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable tcf_proto_lookup_ops CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable __tcf_chain_get CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable hpet_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check rdev_add_virtual_intf CAP_NET_BROADCAST @ file_ns_capable ieee80211_color_change_finalize CAP_NET_BROADCAST @ file_ns_capable io_put_sq_data CAP_IPC_LOCK @ capable tcf_fill_node CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable acpi_exception CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable cfg80211_del_sta_sinfo CAP_NET_BROADCAST @ file_ns_capable tcf_chain_tp_delete_empty CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable acpi_cppc_processor_exit CAP_NET_BROADCAST @ file_ns_capable __tcf_block_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable drm_modeset_lock_all_ctx CAP_NET_BROADCAST @ file_ns_capable ext4_xattr_user_get CAP_SYS_ADMIN @ capable ieee80211_txq_remove_vlan CAP_NET_BROADCAST @ file_ns_capable copy_net_ns CAP_SYS_ADMIN @ ns_capable sockfs_xattr_get CAP_SYS_ADMIN @ capable drm_atomic_state_alloc CAP_NET_BROADCAST @ file_ns_capable ext4_xattr_security_get CAP_SYS_ADMIN @ capable fs_context_for_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable cfg80211_radar_event CAP_NET_BROADCAST @ file_ns_capable __ext4_mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check __dquot_free_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check security_inode_getxattr CAP_SYS_ADMIN @ capable ieee80211_alloc_led_names CAP_NET_BROADCAST @ file_ns_capable kernfs_fop_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check security_inode_getsecurity CAP_SYS_ADMIN @ capable security_inode_setxattr CAP_SYS_ADMIN @ capable drv_channel_switch CAP_NET_BROADCAST @ file_ns_capable __vfs_setxattr_noperm CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable inconsistent check ieee80211_bss_info_change_notify CAP_NET_BROADCAST @ file_ns_capable ext4_es_find_extent_range CAP_SYS_RESOURCE @ capable cancel_delayed_work_sync CAP_NET_BROADCAST @ file_ns_capable cancel_work_sync CAP_NET_BROADCAST @ file_ns_capable xt_compat_init_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable _dev_alert CAP_SYS_ADMIN @ capable rate_control_deinitialize CAP_NET_BROADCAST @ file_ns_capable _dev_warn CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check __netlink_dump_start CAP_NET_ADMIN @ netlink_net_capable posix_acl_xattr_get CAP_SYS_ADMIN @ capable igmp6_late_cleanup CAP_NET_BROADCAST @ file_ns_capable i915_gem_driver_remove CAP_NET_BROADCAST @ file_ns_capable wiphy_unregister CAP_NET_BROADCAST @ file_ns_capable rfkill_set_block CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable ieee80211_led_exit CAP_NET_BROADCAST @ file_ns_capable acpi_update_all_gpes CAP_NET_BROADCAST @ file_ns_capable rdev_del_virtual_intf CAP_NET_BROADCAST @ file_ns_capable cfg80211_iftype_allowed CAP_NET_BROADCAST @ file_ns_capable put_fs_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check fl_release CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check vt_do_kbkeycode_ioctl CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check cfg80211_register_wdev CAP_NET_BROADCAST @ file_ns_capable hpet_compat_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check nl80211_send_iface CAP_NET_BROADCAST @ file_ns_capable fc_drop_locked CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable netlink_unicast CAP_NET_BROADCAST @ file_ns_capable regulatory_propagate_dfs_state CAP_NET_BROADCAST @ file_ns_capable ieee80211_roc_purge CAP_NET_BROADCAST @ file_ns_capable napi_enable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_del_virtual_monitor CAP_NET_BROADCAST @ file_ns_capable cgroup_leave_frozen CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check nl80211_parse_mon_options CAP_NET_BROADCAST @ file_ns_capable ieee80211_sta_tear_down_BA_sessions CAP_NET_BROADCAST @ file_ns_capable ieee80211_request_sched_scan_stop CAP_NET_BROADCAST @ file_ns_capable ieee80211_add_virtual_monitor CAP_NET_BROADCAST @ file_ns_capable cfg80211_sched_scan_stopped_locked CAP_NET_BROADCAST @ file_ns_capable ieee80211_offchannel_return CAP_NET_BROADCAST @ file_ns_capable ieee80211_stop_queues_by_reason CAP_NET_BROADCAST @ file_ns_capable ieee80211_flush_queues CAP_NET_BROADCAST @ file_ns_capable flush_workqueue CAP_NET_BROADCAST @ file_ns_capable timens_on_fork CAP_SYS_ADMIN @ ns_capable vfat_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check bmap CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ieee80211_hw_config CAP_NET_BROADCAST @ file_ns_capable e1000_free_desc_rings CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable dma_free_attrs CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable vfs_truncate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_es_remove_extent CAP_SYS_RESOURCE @ capable drv_remove_interface CAP_NET_BROADCAST @ file_ns_capable cpufreq_register_notifier CAP_NET_BROADCAST @ file_ns_capable ieee80211_stop_device CAP_NET_BROADCAST @ file_ns_capable stream_open CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check ieee80211_check_queues CAP_NET_BROADCAST @ file_ns_capable acpi_lock_hp_context CAP_NET_BROADCAST @ file_ns_capable vfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_ns_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_wake_vif_queues CAP_NET_BROADCAST @ file_ns_capable ieee80211_check_fast_rx_iface CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_drv_return_void CAP_NET_BROADCAST @ file_ns_capable ieee80211_send_4addr_nullfunc CAP_NET_BROADCAST @ file_ns_capable ieee80211_set_mon_options CAP_NET_BROADCAST @ file_ns_capable tg3_write_indirect_reg32 CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable netif_tx_wake_queue CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_calculate_rx_timestamp CAP_NET_BROADCAST @ file_ns_capable ieee80211_sta_get_rates CAP_NET_BROADCAST @ file_ns_capable __ieee80211_rx_h_amsdu CAP_NET_BROADCAST @ file_ns_capable tasklet_setup CAP_NET_BROADCAST @ file_ns_capable cfg80211_rx_unexpected_4addr_frame CAP_NET_BROADCAST @ file_ns_capable ieee80211_queue_work CAP_NET_BROADCAST @ file_ns_capable ieee80211_deliver_skb CAP_NET_BROADCAST @ file_ns_capable cfg80211_put_bss CAP_NET_BROADCAST @ file_ns_capable skb_copy_bits CAP_NET_BROADCAST @ file_ns_capable iommu_set_root_entry CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __usecs_to_jiffies CAP_NET_BROADCAST @ file_ns_capable ieee80211_release_reorder_frame CAP_NET_BROADCAST @ file_ns_capable generic_file_write_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check drv_event_callback CAP_NET_BROADCAST @ file_ns_capable sysfs_notify CAP_NET_BROADCAST @ file_ns_capable sta_info_destroy_addr CAP_NET_BROADCAST @ file_ns_capable ieee80211_sta_cap_rx_bw CAP_NET_BROADCAST @ file_ns_capable ieee80211_sta_cur_vht_bw CAP_NET_BROADCAST @ file_ns_capable ieee80211_process_measurement_req CAP_NET_BROADCAST @ file_ns_capable dev_disable_lro CAP_NET_ADMIN @ ns_capable __ext4_fc_track_create CAP_SYS_RESOURCE @ capable drm_vblank_put CAP_NET_BROADCAST @ file_ns_capable autofs_dir_unlink CAP_FOWNER @ capable_wrt_inode_uidgid cfg80211_rx_mgmt_khz CAP_NET_BROADCAST @ file_ns_capable __ieee80211_recalc_txpower CAP_NET_BROADCAST @ file_ns_capable __netdev_alloc_skb CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check __ieee80211_tx_skb_tid_band CAP_NET_BROADCAST @ file_ns_capable ieee80211_roc_setup CAP_NET_BROADCAST @ file_ns_capable dev_ingress_queue_create CAP_NET_ADMIN @ netlink_ns_capable lookup_fast CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cfg80211_sme_auth_timeout CAP_NET_BROADCAST @ file_ns_capable unregister_netdevice_many CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check xt_free_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable cfg80211_unregister_wdev CAP_NET_BROADCAST @ file_ns_capable device_rename CAP_NET_BROADCAST @ file_ns_capable register_netdevice CAP_NET_ADMIN @ netlink_ns_capable may_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __SCT__tp_func_ext4_da_reserve_space CAP_SYS_RESOURCE @ capable nl80211_notify_wiphy CAP_NET_BROADCAST @ file_ns_capable ipip6_dellink CAP_NET_ADMIN @ netlink_ns_capable ext4_xattr_inode_get CAP_SYS_RESOURCE @ capable wiphy_regulatory_deregister CAP_NET_BROADCAST @ file_ns_capable device_del CAP_NET_BROADCAST @ file_ns_capable pci_set_power_state CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable rdev_set_wakeup CAP_NET_BROADCAST @ file_ns_capable walk_page_range CAP_SYS_ADMIN @ file_ns_capable ieee80211_if_add CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_drv_sta_set_4addr CAP_NET_BROADCAST @ file_ns_capable intel_user_framebuffer_create_handle CAP_NET_BROADCAST @ file_ns_capable io_uring_add_tctx_node CAP_IPC_LOCK @ capable register_inetaddr_notifier CAP_NET_BROADCAST @ file_ns_capable translate_table.68297 CAP_NET_ADMIN @ ns_capable unlock_page CAP_IPC_LOCK @ capable CAP_SYS_RESOURCE @ capable inconsistent check ieee80211_determine_chantype CAP_NET_BROADCAST @ file_ns_capable xfrm_user_policy CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check handle_dots CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cfg80211_sme_deauth CAP_NET_BROADCAST @ file_ns_capable acpi_ec_init CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable nl80211_common_reg_change_event CAP_NET_BROADCAST @ file_ns_capable _dev_printk CAP_NET_BROADCAST @ file_ns_capable rfkill_register CAP_NET_BROADCAST @ file_ns_capable ieee80211_sta_wmm_params CAP_NET_BROADCAST @ file_ns_capable ip6_route_del CAP_NET_ADMIN @ ns_capable dm_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cfg80211_chandef_valid CAP_NET_BROADCAST @ file_ns_capable ieee80211_vif_change_bandwidth CAP_NET_BROADCAST @ file_ns_capable ext4_release_orphan_info CAP_SYS_RESOURCE @ capable ieee80211_set_disassoc CAP_NET_BROADCAST @ file_ns_capable cfg80211_tx_mlme_mgmt CAP_NET_BROADCAST @ file_ns_capable ieee80211_vht_handle_opmode CAP_NET_BROADCAST @ file_ns_capable cgroupns_install CAP_SYS_ADMIN @ ns_capable pagevec_lookup_range CAP_SYS_RESOURCE @ capable __SCT__tp_func_drv_channel_switch_beacon CAP_NET_BROADCAST @ file_ns_capable put_ucounts CAP_SYS_RESOURCE @ capable __sta_info_recalc_tim CAP_NET_BROADCAST @ file_ns_capable drm_atomic_commit CAP_NET_BROADCAST @ file_ns_capable security_move_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable drm_mode_obj_find_prop_id CAP_NET_BROADCAST @ file_ns_capable scsi_run_host_queues CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check round_jiffies CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check sta_info_free CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_azx_resume CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable netif_carrier_off CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check local_bh_enable.71811 CAP_NET_BROADCAST @ file_ns_capable register_pernet_subsys CAP_NET_BROADCAST @ file_ns_capable drm_connector_list_iter_end CAP_NET_BROADCAST @ file_ns_capable ieee80211_vif_release_channel CAP_NET_BROADCAST @ file_ns_capable __pm_runtime_idle CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ieee80211_led_assoc CAP_NET_BROADCAST @ file_ns_capable kobject_uevent_env CAP_NET_BROADCAST @ file_ns_capable check_zeroed_user CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable sd_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cfg80211_rx_mlme_mgmt CAP_NET_BROADCAST @ file_ns_capable netif_set_xps_queue CAP_NET_ADMIN @ capable ext4_stop_mmpd CAP_SYS_RESOURCE @ capable cfg80211_shutdown_all_interfaces CAP_NET_BROADCAST @ file_ns_capable __i915_active_wait CAP_NET_BROADCAST @ file_ns_capable iowrite32 CAP_NET_BROADCAST @ file_ns_capable set_blocksize CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable cfg80211_cac_event CAP_NET_BROADCAST @ file_ns_capable drv_stop_ap CAP_NET_BROADCAST @ file_ns_capable kbd_rate CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check regulatory_hint_user CAP_NET_BROADCAST @ file_ns_capable _dev_notice CAP_SYS_ADMIN @ capable xt_alloc_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ieee80211_vif_copy_chanctx_to_vlans CAP_NET_BROADCAST @ file_ns_capable ieee80211_free_txskb CAP_NET_BROADCAST @ file_ns_capable tcp_abort CAP_NET_ADMIN @ ns_capable dev_change_proto_down CAP_NET_ADMIN @ ns_capable rtl8139_hw_start CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable idr_remove CAP_NET_BROADCAST @ file_ns_capable cfg80211_free_nan_func CAP_NET_BROADCAST @ file_ns_capable ieee80211_configure_filter CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_drv_leave_ibss CAP_NET_BROADCAST @ file_ns_capable force_sig CAP_IPC_LOCK @ capable ieee80211_tx_h_select_key CAP_NET_BROADCAST @ file_ns_capable iommu_disable_protect_mem_regions CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable yenta_probe_cb_irq CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable proc_tid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ieee80211_xmit CAP_NET_BROADCAST @ file_ns_capable iomem_get_mapping CAP_SYS_RAWIO @ capable ieee80211_tx_frags CAP_NET_BROADCAST @ file_ns_capable invoke_tx_handlers_late CAP_NET_BROADCAST @ file_ns_capable drop_super CAP_SYS_ADMIN @ capable drm_modeset_acquire_fini CAP_NET_BROADCAST @ file_ns_capable __ieee80211_tx CAP_NET_BROADCAST @ file_ns_capable path_init CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_atomic_get_crtc_state CAP_NET_BROADCAST @ file_ns_capable ieee80211_mgd_probe_ap_send CAP_NET_BROADCAST @ file_ns_capable ieee80211_sdata_stop CAP_NET_BROADCAST @ file_ns_capable ieee80211_data_to_8023_exthdr CAP_NET_BROADCAST @ file_ns_capable ieee80211_recalc_ps_vif CAP_NET_BROADCAST @ file_ns_capable ieee80211_send_nullfunc CAP_NET_BROADCAST @ file_ns_capable __ieee80211_request_sched_scan_start CAP_NET_BROADCAST @ file_ns_capable tty_kref_put CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ieee80211_mgd_stop CAP_NET_BROADCAST @ file_ns_capable ieee80211_ibss_stop CAP_NET_BROADCAST @ file_ns_capable ieee80211_dfs_cac_cancel CAP_NET_BROADCAST @ file_ns_capable drm_atomic_state_clear CAP_NET_BROADCAST @ file_ns_capable ieee80211_queue_delayed_work CAP_NET_BROADCAST @ file_ns_capable security_kernel_post_load_data CAP_SYS_MODULE @ capable ieee80211_key_free_common CAP_NET_BROADCAST @ file_ns_capable nl80211_exit CAP_NET_BROADCAST @ file_ns_capable ieee80211_recalc_ps CAP_NET_BROADCAST @ file_ns_capable sta_info_move_state CAP_NET_BROADCAST @ file_ns_capable ___ieee80211_stop_rx_ba_session CAP_NET_BROADCAST @ file_ns_capable sta_set_sinfo CAP_NET_BROADCAST @ file_ns_capable kcalloc.71688 CAP_NET_BROADCAST @ file_ns_capable drv_sync_rx_queues CAP_NET_BROADCAST @ file_ns_capable sta_info_hash_del CAP_NET_BROADCAST @ file_ns_capable drm_mode_convert_to_umode CAP_NET_BROADCAST @ file_ns_capable drv_tdls_cancel_channel_switch CAP_NET_BROADCAST @ file_ns_capable __sta_info_destroy_part2 CAP_NET_BROADCAST @ file_ns_capable ieee80211_init_rate_ctrl_alg CAP_NET_BROADCAST @ file_ns_capable drv_suspend CAP_NET_BROADCAST @ file_ns_capable drm_atomic_helper_disable_plane CAP_NET_BROADCAST @ file_ns_capable drm_mode_get_hv_timing CAP_NET_BROADCAST @ file_ns_capable perf_event_set_output CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check wiphy_register CAP_NET_BROADCAST @ file_ns_capable ipv6_sysctl_register CAP_NET_BROADCAST @ file_ns_capable pin_insert CAP_SYS_PACCT @ capable ieee80211_txq_purge CAP_NET_BROADCAST @ file_ns_capable generic_access_phys CAP_IPC_LOCK @ capable ieee80211_queue_skb CAP_NET_BROADCAST @ file_ns_capable iommu_change_dev_def_domain CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check drm_event_cancel_free CAP_NET_BROADCAST @ file_ns_capable round_jiffies_relative CAP_NET_BROADCAST @ file_ns_capable kern_path CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __hw_addr_init CAP_NET_BROADCAST @ file_ns_capable __cfg80211_connect_result CAP_NET_BROADCAST @ file_ns_capable cfg80211_sme_rx_auth CAP_NET_BROADCAST @ file_ns_capable panic CAP_SYS_MODULE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check i915_driver_release CAP_NET_BROADCAST @ file_ns_capable ext4_handle_dirty_dirblock CAP_SYS_RESOURCE @ capable rate_control_rate_init CAP_NET_BROADCAST @ file_ns_capable __SCT__tp_func_drv_mgd_complete_tx CAP_NET_BROADCAST @ file_ns_capable ieee80211_recalc_min_chandef CAP_NET_BROADCAST @ file_ns_capable drm_mode_object_get_properties CAP_NET_BROADCAST @ file_ns_capable cfg80211_stop_p2p_device CAP_NET_BROADCAST @ file_ns_capable intel_overlay_flip_prepare CAP_NET_BROADCAST @ file_ns_capable cgroup_cancel_fork CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable io_submit_flush_completions CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check rdev_stop_nan CAP_NET_BROADCAST @ file_ns_capable cfg80211_process_wdev_events CAP_NET_BROADCAST @ file_ns_capable e1000e_set_interrupt_capability CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drv_get_tsf CAP_NET_BROADCAST @ file_ns_capable ieee80211_if_remove CAP_NET_BROADCAST @ file_ns_capable isolate_huge_page CAP_IPC_LOCK @ capable stack_trace_save_tsk CAP_SYS_ADMIN @ file_ns_capable netlbl_cipsov4_genl_init CAP_NET_BROADCAST @ file_ns_capable intel_overlay_switch_off CAP_NET_BROADCAST @ file_ns_capable enable_swap_slots_cache CAP_SYS_ADMIN @ capable netlink_register_notifier CAP_NET_BROADCAST @ file_ns_capable debugfs_create_dir CAP_NET_BROADCAST @ file_ns_capable block_commit_write CAP_SYS_RESOURCE @ capable alloc_workqueue CAP_NET_BROADCAST @ file_ns_capable local_bh_enable.67041 CAP_NET_ADMIN @ ns_capable drm_mode_object_lease_required CAP_NET_BROADCAST @ file_ns_capable unregister_pernet_subsys CAP_NET_BROADCAST @ file_ns_capable igmp6_late_init CAP_NET_BROADCAST @ file_ns_capable blk_rq_map_kern CAP_SYS_RAWIO @ capable ioam6_exit CAP_NET_BROADCAST @ file_ns_capable seg6_exit CAP_NET_BROADCAST @ file_ns_capable cfg80211_report_obss_beacon_khz CAP_NET_BROADCAST @ file_ns_capable genl_ctrl_event CAP_NET_BROADCAST @ file_ns_capable do_madvise CAP_SYS_NICE @ capable wiphy_sysfs_exit CAP_NET_BROADCAST @ file_ns_capable ip6_route_add CAP_NET_ADMIN @ ns_capable wiphy_all_share_dfs_chan_state CAP_NET_BROADCAST @ file_ns_capable reg_process_self_managed_hints CAP_NET_BROADCAST @ file_ns_capable mod_delayed_work_on CAP_NET_BROADCAST @ file_ns_capable nfs_rename CAP_FOWNER @ capable_wrt_inode_uidgid set_regdom CAP_NET_BROADCAST @ file_ns_capable selinux_policy_cancel CAP_CHOWN @ avc_has_perm_noaudit proc_ptrace_connector CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check selinux_status_update_policyload CAP_NET_BROADCAST @ file_ns_capable selinux_status_update_setenforce CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_BROADCAST @ file_ns_capable inconsistent check i915_sw_fence_complete CAP_NET_BROADCAST @ file_ns_capable xa_find_after CAP_NET_BROADCAST @ file_ns_capable intel_display_prepare_reset CAP_NET_BROADCAST @ file_ns_capable intel_gt_reset CAP_NET_BROADCAST @ file_ns_capable acpi_handle_printk CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check intel_display_finish_reset CAP_NET_BROADCAST @ file_ns_capable drm_mode_destroy CAP_NET_BROADCAST @ file_ns_capable drm_internal_framebuffer_create CAP_NET_BROADCAST @ file_ns_capable pci_read_config_byte CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable drm_atomic_helper_update_plane CAP_NET_BROADCAST @ file_ns_capable nfs_file_write CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check acpi_scan_lock_release CAP_NET_BROADCAST @ file_ns_capable i915_reset_error_state CAP_NET_BROADCAST @ file_ns_capable intel_legacy_cursor_update CAP_NET_BROADCAST @ file_ns_capable drm_mode_object_put CAP_NET_BROADCAST @ file_ns_capable security_shm_associate CAP_IPC_OWNER @ ns_capable usblp_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check xt_compat_match_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable drm_crtc_vblank_get CAP_NET_BROADCAST @ file_ns_capable drm_crtc_vblank_count CAP_NET_BROADCAST @ file_ns_capable n_tty_open CAP_SYS_MODULE @ capable pin_kill CAP_SYS_PACCT @ capable drm_plane_check_pixel_format CAP_NET_BROADCAST @ file_ns_capable drm_crtc_vblank_put CAP_NET_BROADCAST @ file_ns_capable hiddev_ioctl CAP_LINUX_IMMUTABLE @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check drm_framebuffer_lookup CAP_NET_BROADCAST @ file_ns_capable drm_framebuffer_check_src_coords CAP_NET_BROADCAST @ file_ns_capable drm_event_reserve_init CAP_NET_BROADCAST @ file_ns_capable munlock_vma_page CAP_IPC_LOCK @ capable drm_mode_crtc_set_obj_prop CAP_NET_BROADCAST @ file_ns_capable drm_property_change_valid_put CAP_NET_BROADCAST @ file_ns_capable consume_skb CAP_NET_BROADCAST @ file_ns_capable drm_atomic_helper_page_flip CAP_NET_BROADCAST @ file_ns_capable audit_log CAP_CHOWN @ avc_has_perm_noaudit CAP_NET_BROADCAST @ file_ns_capable inconsistent check drm_atomic_set_property CAP_NET_BROADCAST @ file_ns_capable __drm_atomic_state_free CAP_NET_BROADCAST @ file_ns_capable drm_mode_object_find CAP_NET_BROADCAST @ file_ns_capable nfs_umount_begin CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_set_iomap CAP_SYS_RESOURCE @ capable drm_gem_fb_create_handle CAP_NET_BROADCAST @ file_ns_capable drm_modeset_lock_all CAP_NET_BROADCAST @ file_ns_capable intel_overlay_release_old_vid CAP_NET_BROADCAST @ file_ns_capable ww_mutex_lock CAP_NET_BROADCAST @ file_ns_capable i915_gem_object_pin_to_display_plane CAP_NET_BROADCAST @ file_ns_capable __ext4_fc_track_unlink CAP_SYS_RESOURCE @ capable __i915_gem_object_flush_frontbuffer CAP_NET_BROADCAST @ file_ns_capable i915_request_create CAP_NET_BROADCAST @ file_ns_capable i915_request_add CAP_NET_BROADCAST @ file_ns_capable pci_bus_write_config_byte CAP_NET_BROADCAST @ file_ns_capable bus_set_iommu CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable memcpy_toio CAP_NET_BROADCAST @ file_ns_capable __ip_tunnel_create CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable drm_modeset_unlock_all CAP_NET_BROADCAST @ file_ns_capable drm_gem_object_free CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check simple_unlink CAP_FOWNER @ capable_wrt_inode_uidgid ns_to_timespec64 CAP_SYS_TIME @ file_ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check __SCT__tp_func_drm_vblank_event_delivered CAP_NET_BROADCAST @ file_ns_capable drm_send_event_timestamp_locked CAP_NET_BROADCAST @ file_ns_capable drm_property_blob_put CAP_NET_BROADCAST @ file_ns_capable drm_lease_filter_crtcs CAP_NET_BROADCAST @ file_ns_capable vm_mmap_pgoff CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable drm_mode_create CAP_NET_BROADCAST @ file_ns_capable drm_mode_convert_umode CAP_NET_BROADCAST @ file_ns_capable jbd2_journal_abort CAP_SYS_ADMIN @ capable drm_mode_debug_printmodeline CAP_NET_BROADCAST @ file_ns_capable ieee80211_csa_finalize CAP_NET_BROADCAST @ file_ns_capable move_vma CAP_IPC_LOCK @ capable drm_atomic_helper_set_config CAP_NET_BROADCAST @ file_ns_capable attach_pid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable errseq_check_and_advance CAP_SYS_RESOURCE @ capable proc_dointvec CAP_NET_ADMIN @ ns_capable __drm_mode_set_config_internal CAP_NET_BROADCAST @ file_ns_capable drm_modeset_unregister_all CAP_NET_BROADCAST @ file_ns_capable mqueue_unlink CAP_FOWNER @ capable_wrt_inode_uidgid idr_replace CAP_NET_BROADCAST @ file_ns_capable percpu_ref_init CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check unmap_mapping_range CAP_NET_BROADCAST @ file_ns_capable dma_async_device_register CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable msleep_interruptible CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable intel_modeset_driver_remove_noirq CAP_NET_BROADCAST @ file_ns_capable __setplane_internal CAP_NET_BROADCAST @ file_ns_capable i915_perf_fini CAP_NET_BROADCAST @ file_ns_capable pci_disable_msi CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check atomic_dec_and_mutex_lock CAP_NET_BROADCAST @ file_ns_capable acpi_unlock_hp_context CAP_NET_BROADCAST @ file_ns_capable pci_free_irq_vectors CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable ata_acpi_ap_notify_dock CAP_NET_BROADCAST @ file_ns_capable ata_acpi_dev_notify_dock CAP_NET_BROADCAST @ file_ns_capable fsnotify CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SETFCAP @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check acpi_bus_trim CAP_NET_BROADCAST @ file_ns_capable security_task_fix_setgid CAP_SETGID @ ns_capable_setid CAP_SETGID @ ns_capable_setid acpi_evaluate_integer CAP_NET_BROADCAST @ file_ns_capable security_task_getscheduler CAP_SYS_NICE @ ns_capable acpi_evaluate_lck CAP_NET_BROADCAST @ file_ns_capable shmem_file_read_iter CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check backlight_force_update CAP_NET_BROADCAST @ file_ns_capable acpi_notifier_call_chain CAP_NET_BROADCAST @ file_ns_capable acpi_processor_throttling_init CAP_NET_BROADCAST @ file_ns_capable driver_unregister CAP_NET_BROADCAST @ file_ns_capable compat_table_info.68293 CAP_NET_ADMIN @ ns_capable acpi_ns_attach_object CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable __tcf_get_next_proto CAP_NET_ADMIN @ netlink_ns_capable ext4_quota_off CAP_SYS_RESOURCE @ capable vm_stat_account CAP_IPC_LOCK @ capable may_expand_vm CAP_IPC_LOCK @ capable tcf_chain_flush CAP_NET_ADMIN @ netlink_ns_capable inet_netconf_notify_devconf CAP_NET_ADMIN @ ns_capable rt_cache_flush CAP_NET_ADMIN @ ns_capable unregister_inetaddr_notifier CAP_NET_BROADCAST @ file_ns_capable xt_compat_check_entry_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable xt_request_find_match CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable _ieee80211_start_next_roc CAP_NET_BROADCAST @ file_ns_capable xt_compat_target_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable xt_compat_target_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable jbd2_journal_destroy CAP_SYS_RESOURCE @ capable translate_table CAP_NET_ADMIN @ ns_capable xt_copy_counters CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable sr_block_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable netlink_ack CAP_NET_ADMIN @ netlink_net_capable is_vmalloc_addr CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_ADMIN @ netlink_net_capable inconsistent check inet6_addr_add CAP_NET_ADMIN @ ns_capable local_bh_enable.67999 CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check filp_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __icmp_send CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable inc_rlimit_ucounts CAP_SYS_RESOURCE @ capable ip_options_rcv_srr CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable --- Interesting Type fields and checks --- struct.proto.273599:0, CAP_NET_ADMIN @ ns_capable struct.sock.273622:0, CAP_NET_ADMIN @ ns_capable struct.iov_iter:0, CAP_SYS_NICE @ capable struct.task_struct.363009:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.pid.51755:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.tty_struct.362950:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.tty_operations.360253:0, CAP_SYS_MODULE @ capable struct.group_device:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.iommu_group:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.sg_request:0, CAP_SYS_RAWIO @ capable struct.sg_fd:0, CAP_SYS_RAWIO @ capable struct.trace_event_call.109639:0, CAP_SYS_ADMIN @ capable %61 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %23 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check struct.anon.116:1, CAP_SYS_ADMIN @ capable struct.ipv6_pinfo.899134:0, CAP_NET_ADMIN @ ns_capable struct.journal_s:0, CAP_SYS_NICE @ capable struct.net.756368:0, CAP_NET_ADMIN @ netlink_ns_capable struct.amd_northbridge:0, CAP_SYS_ADMIN @ capable struct.kiocb:0, CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.selinux_state:0, CAP_CHOWN @ avc_has_perm_noaudit struct.selinux_fs_info:0, CAP_CHOWN @ avc_has_perm_noaudit struct.time_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.uts_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.multiprocess_signals:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.vm_area_struct.131005:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.rtentry:0, CAP_NET_ADMIN @ ns_capable struct.fib_config:0, CAP_NET_ADMIN @ ns_capable struct.socket:0, CAP_IPC_LOCK @ capable CAP_NET_RAW @ ns_capable inconsistent check struct.net.904380:0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.net_device_ops.773499:0, CAP_NET_ADMIN @ capable struct.net_device.773585:0, CAP_NET_ADMIN @ capable struct.sit_net:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.exar8250_board:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.ata_port:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.ata_host:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.acpi_gpe_xrupt_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.acpi_osc_context:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.platform_device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.dw_dma:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.irq_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.ip_tunnel:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.ieee80211_event:0, CAP_NET_BROADCAST @ file_ns_capable struct.ieee80211_if_ap:0,-6, CAP_NET_BROADCAST @ file_ns_capable struct.task_struct.51970:0, CAP_KILL @ ns_capable struct.ieee80211_ops:0, CAP_NET_BROADCAST @ file_ns_capable struct.ext4_renament:0, CAP_SYS_RESOURCE @ capable struct.perf_event.21939:0, CAP_SYS_ADMIN @ capable struct.genl_info:0, CAP_NET_BROADCAST @ file_ns_capable struct.dst_entry.836531:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable struct.cfg80211_internal_bss:0, CAP_NET_BROADCAST @ file_ns_capable struct.net_device.767824:0, CAP_NET_ADMIN @ ns_capable struct.xattr_handler:0, CAP_SYS_ADMIN @ capable struct.acpi_hotplug_context:0, CAP_NET_BROADCAST @ file_ns_capable struct.ext4_sb_info.199612:0, CAP_SYS_RESOURCE @ capable struct.tcf_filter_chain_list_item:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.xhci_hcd:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.ieee80211_hw:31,10,25,14,27,0,26,3, CAP_NET_BROADCAST @ file_ns_capable struct.tcf_proto.784983:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.sta_info:0, CAP_NET_BROADCAST @ file_ns_capable struct.scsi_device.623747:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.signal_struct.362956:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.Qdisc_class_ops.784971:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.cgroup:0, CAP_SYS_ADMIN @ file_ns_capable struct.tg3:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.block_device_operations.302324:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.io_mapped_ubuf:0, CAP_IPC_LOCK @ capable struct.mnt_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.ieee80211_tx_data:0, CAP_NET_BROADCAST @ file_ns_capable struct.kern_ipc_perm:1, CAP_IPC_LOCK @ ns_capable CAP_IPC_LOCK @ capable inconsistent check struct.ieee80211_rx_data:0, CAP_NET_BROADCAST @ file_ns_capable struct.perf_event_context.115401:0, CAP_SYS_ADMIN @ capable %14 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check struct.check_loop_arg:0, CAP_NET_ADMIN @ netlink_ns_capable struct.super_operations.148531:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.gendisk.302329:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.irq_desc.76301:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.block_device.302495:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.uart_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.cfg80211_ops:0, CAP_NET_BROADCAST @ file_ns_capable struct.pid_namespace:0, CAP_SYS_PACCT @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ieee80211_sub_if_data:0, CAP_NET_BROADCAST @ file_ns_capable struct.Qdisc_ops.784972:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.key.269343:0, CAP_SYS_ADMIN @ capable struct.rtc_device.693670:0, CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check struct.net_device:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_NICE @ capable CAP_SYS_RAWIO @ capable inconsistent check struct.header_ops:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.nfnl_err:0, CAP_NET_ADMIN @ netlink_net_capable struct.load_info:0, CAP_SYS_MODULE @ capable struct.sock:1,0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_net_capable inconsistent check struct.ieee80211_roc_work:0, CAP_NET_BROADCAST @ file_ns_capable struct.xt_table.880987:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.callback_head:-5,-7,-6,-4, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.net_device.837070:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.packet_fanout:0, CAP_NET_RAW @ ns_capable struct.path:0, CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.task_struct.309464:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.hlist_nulls_node:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.cred.115109:0, CAP_SYS_ADMIN @ capable %321 = call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %72 = call zeroext i1 @capable(i32 38) #78 cap_no=38 %48 = call zeroext i1 @capable(i32 38) #78 cap_no=38 %32 = call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_KILL @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check struct.net_device.657351:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.io_ring_ctx:0, CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_IPC_LOCK @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.pmu.115406:0, CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check struct.vfsmount.147826:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.task_struct.147753:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.iocb:0, CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.uart_8250_port:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.Indirect:0, CAP_SYS_RESOURCE @ capable struct.dx_hash_info:0, CAP_SYS_RESOURCE @ capable struct.ns_common:0,1, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.fs_parameter:0, CAP_SYS_ADMIN @ capable struct.net:0, CAP_SYS_ADMIN @ netlink_ns_capable CAP_SYS_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_RAW @ ns_capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.intel_crtc.557305:0, CAP_NET_BROADCAST @ file_ns_capable struct.tty_ldisc_ops.360260:0, CAP_SYS_MODULE @ capable struct.acpi_gpe_block_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.task_struct:0, CAP_SYS_CHROOT @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_RESOURCE @ capable CAP_IPC_LOCK @ capable CAP_SETUID @ ns_capable_setid CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_FOWNER @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_SETUID @ ns_capable_setid CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_NICE @ ns_capable CAP_SYS_ADMIN @ capable CAP_WAKE_ALARM @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_PTRACE @ ns_capable CAP_IPC_LOCK @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ capable CAP_CHOWN @ avc_has_perm_noaudit CAP_IPC_LOCK @ capable CAP_DAC_READ_SEARCH @ capable CAP_SYS_MODULE @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ capable inconsistent check struct.drm_client_dev:0, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.renamedata:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.block_device:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.io_wqe:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.anon.1:110, CAP_SYS_RESOURCE @ capable struct.dir_private_info:0, CAP_SYS_RESOURCE @ capable struct.gendisk:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.ext4_io_end:0, CAP_SYS_RESOURCE @ capable struct.acpi_gpe_walk_info:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.uprobe_task:0, CAP_IPC_LOCK @ capable struct.ext4_xattr_ibody_find.201343:0, CAP_SYS_RESOURCE @ capable struct.ieee80211_supported_band:0, CAP_NET_BROADCAST @ file_ns_capable struct.io_timeout_data:0, CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.Qdisc.763108:0, CAP_NET_ADMIN @ netlink_ns_capable struct.Qdisc_class_ops.763101:0, CAP_NET_ADMIN @ netlink_ns_capable struct.sock.880972:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.perf_event.115424:0, %7 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %14 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %7 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check struct.wiphy_iftype_ext_capab:0, CAP_NET_BROADCAST @ file_ns_capable struct.ptp_clock_info:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.task_struct.269667:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.drm_framebuffer_funcs.382317:0, CAP_NET_BROADCAST @ file_ns_capable struct.buffer_head:0, CAP_SYS_RESOURCE @ capable struct.Qdisc_ops.763102:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ capable inconsistent check struct.work_struct:2, CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.drm_device.382396:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.azx.747897:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.signal_struct.51870:0, CAP_KILL @ ns_capable struct.ieee80211_local:0, CAP_NET_BROADCAST @ file_ns_capable struct.phy_device.640512:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.ext4_sb_info:0, CAP_SYS_RESOURCE @ capable struct.block_device.195938:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.mpage_da_data:0, CAP_SYS_RESOURCE @ capable struct.uart_port:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.cfg80211_registered_device:0, CAP_NET_BROADCAST @ file_ns_capable struct.ext4_xattr_block_find:0, CAP_SYS_RESOURCE @ capable struct.uart_state:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.linux_binprm:0, CAP_IPC_LOCK @ capable struct.wiphy:-1,0, CAP_NET_BROADCAST @ file_ns_capable struct.netdev_queue.763096:0, CAP_NET_ADMIN @ netlink_ns_capable struct.trace_eval_map:1, CAP_SYS_RESOURCE @ capable struct.drm_minor:0, CAP_NET_BROADCAST @ file_ns_capable struct.net.773668:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check struct.dx_frame:-1,1,-2,0, CAP_SYS_RESOURCE @ capable struct.tcf_proto_ops.784982:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.scsi_host_template.623756:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.in_device.767748:0, CAP_NET_ADMIN @ ns_capable struct.nameidata:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.attribute:1, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.uprobe:0, CAP_IPC_LOCK @ capable struct.kioctx_table:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.ext4_xattr_info:0, CAP_SYS_RESOURCE @ capable struct.ext4_filename:0, CAP_SYS_RESOURCE @ capable struct.coredump_params.170280:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.netdev_rx_queue.773535:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable struct.cfg80211_wowlan:0, CAP_NET_BROADCAST @ file_ns_capable struct.block_device_operations:0, CAP_SYS_ADMIN @ capable struct.net.762977:0, CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable inconsistent check struct.io_cb_cancel_data:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.trace_print_flags:0, CAP_CHOWN @ avc_has_perm_noaudit struct.ip_tunnel_net:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.e1000_ring.649639:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.simple_xattr:0, CAP_SYS_ADMIN @ ns_capable_noaudit struct.nsset:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.cred:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SETUID @ ns_capable_setid CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ ns_capable CAP_SETUID @ ns_capable_setid CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SETGID @ ns_capable_setid CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.pps_device:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.ip_tunnel.933734:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.net_device.756253:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check struct.tty_struct.360259:0, CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.nsproxy:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_WAKE_ALARM @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.readahead_control:0, CAP_SYS_RESOURCE @ capable struct.Scsi_Host.623762:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.net_device.763141:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.drm_atomic_state.382376:0, CAP_NET_BROADCAST @ file_ns_capable struct.cdrom_device_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.pr_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.drm_i915_private.418528:0, CAP_NET_BROADCAST @ file_ns_capable struct.ip6t_replace:0, CAP_NET_ADMIN @ ns_capable struct.io_rsrc_node:0, CAP_IPC_LOCK @ capable struct.task_struct.115588:0, CAP_SYS_ADMIN @ capable %321 = call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_SYS_ADMIN @ capable %72 = call zeroext i1 @capable(i32 38) #78 cap_no=38 %48 = call zeroext i1 @capable(i32 38) #78 cap_no=38 %32 = call zeroext i1 @capable(i32 38) #78 cap_no=38 CAP_KILL @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable %85 = tail call zeroext i1 @capable(i32 38) #78 cap_no=38 inconsistent check struct.signal_struct:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.ext4_ext_path:0, CAP_SYS_RESOURCE @ capable struct.net.767947:0, CAP_NET_ADMIN @ ns_capable struct.netlink_dump_control.894708:0, CAP_NET_ADMIN @ netlink_net_capable struct.usb_hcd:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.wireless_dev:0, CAP_NET_BROADCAST @ file_ns_capable struct.net.836644:0, CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ netlink_net_capable inconsistent check struct.io_sq_data:0, CAP_IPC_LOCK @ capable CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_BLOCK_SUSPEND @ capable CAP_SYS_ADMIN @ ns_capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check struct.tcf_block.784980:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.drm_property_blob.382331:0, CAP_NET_BROADCAST @ file_ns_capable struct.vfsmount:7,2,-1,3,1,5,4,0,6, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable inconsistent check struct.task_struct.756514:0, CAP_IPC_LOCK @ capable struct.percpu_ref_data:0, CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable inconsistent check struct.request:0,1, CAP_SYS_RAWIO @ capable struct.task_struct.15167:0, CAP_SYS_RAWIO @ capable struct.drm_i915_private:0, CAP_NET_BROADCAST @ file_ns_capable struct.cfg80211_bss:0,-2, CAP_NET_BROADCAST @ file_ns_capable struct.ip6_flowlabel.914039:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.ieee80211_key:0, CAP_NET_BROADCAST @ file_ns_capable struct.fq_flow:0, CAP_NET_BROADCAST @ file_ns_capable struct.audit_context:0, CAP_IPC_LOCK @ capable struct.task_struct.177581:0, CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check struct.ieee80211_tx_status:0, CAP_NET_BROADCAST @ file_ns_capable struct.cfg80211_sched_scan_request:0, CAP_NET_BROADCAST @ file_ns_capable struct.genl_family.788535:0, CAP_NET_BROADCAST @ file_ns_capable struct.path.147827:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.intel_gt.449280:0, CAP_NET_BROADCAST @ file_ns_capable struct.qdisc_size_table:0, CAP_NET_ADMIN @ netlink_ns_capable struct.net_device.647614:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.drm_plane_state.382365:0, CAP_NET_BROADCAST @ file_ns_capable struct.i915_request.557219:0, CAP_NET_BROADCAST @ file_ns_capable struct.vm_operations_struct:0, CAP_IPC_LOCK @ capable struct.kioctx:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.drm_mode_object.382314:10,23,29,2,9,0,-3,-2,1, CAP_NET_BROADCAST @ file_ns_capable struct.ipc_namespace:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable inconsistent check struct.kernel_clone_args:0, CAP_SYS_ADMIN @ ns_capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable %49 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %48, i32 40) #78 cap_no=40 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.drm_plane.382368:0, CAP_NET_BROADCAST @ file_ns_capable struct.journal_s.196096:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.drm_crtc_funcs.382359:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_framebuffer.382318:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_file:0, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.task_struct.131117:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.usb_hcd.665332:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.qstr:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_SYS_RESOURCE @ capable inconsistent check struct.drm_object_properties.382313:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_property.382312:0, CAP_NET_BROADCAST @ file_ns_capable struct.net_device.868104:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.drm_client_buffer:0, CAP_NET_BROADCAST @ file_ns_capable struct.sock.927703:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.drm_mode_rmfb_work:0, CAP_NET_BROADCAST @ file_ns_capable struct.xt_match.880980:0, CAP_NET_ADMIN @ ns_capable struct.uevent_sock:0, CAP_SYS_ADMIN @ netlink_ns_capable struct.xt_match.927711:0, CAP_NET_ADMIN @ ns_capable struct.k_itimer:0, CAP_WAKE_ALARM @ capable struct.net.867996:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.device:0, CAP_SYS_ADMIN @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.xol_area:0, CAP_IPC_LOCK @ capable struct.cppc_pcc_data:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.io_kiocb:0, CAP_IPC_LOCK @ capable CAP_BLOCK_SUSPEND @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.intel_crtc.418362:0, CAP_NET_BROADCAST @ file_ns_capable struct.intel_overlay:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_i915_private.557472:0, CAP_NET_BROADCAST @ file_ns_capable struct.jbd2_journal_handle:0, CAP_SYS_RESOURCE @ capable struct.io_rsrc_data:0, CAP_IPC_LOCK @ capable struct.nfnl_info:0, CAP_NET_ADMIN @ netlink_net_capable struct.drm_i915_gem_object.557174:0, CAP_NET_BROADCAST @ file_ns_capable struct.cgroup_namespace:0, CAP_SYS_ADMIN @ ns_capable struct.task_struct.364912:0, CAP_SYS_TTY_CONFIG @ capable CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check struct.i915_gem_ww_ctx.557252:0, CAP_NET_BROADCAST @ file_ns_capable struct.intel_plane_state.557476:0, CAP_NET_BROADCAST @ file_ns_capable struct.fib6_config.903087:0, CAP_NET_ADMIN @ ns_capable struct.rtnl_link_ops.756246:0, CAP_NET_ADMIN @ netlink_ns_capable struct.qspinlock:11,7,22,26, CAP_NET_BROADCAST @ file_ns_capable struct.drm_plane_funcs.382366:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_mode_set.382357:0, CAP_NET_BROADCAST @ file_ns_capable struct.swap_info_struct:0, CAP_SYS_ADMIN @ capable struct.cgroup_fs_context:0, CAP_SYS_ADMIN @ ns_capable struct.gendisk.628464:0, CAP_SYS_ADMIN @ capable struct.xt_entry_match.927721:0, CAP_NET_ADMIN @ ns_capable struct.sg_io_hdr:0, CAP_SYS_RAWIO @ capable struct.drm_driver:0, CAP_SYS_ADMIN @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.intel_wedge_me:0, CAP_NET_BROADCAST @ file_ns_capable struct.dock_dependent_device:0, CAP_NET_BROADCAST @ file_ns_capable struct.acpi_device:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_NET_BROADCAST @ file_ns_capable inconsistent check struct.acpi_object_list:0, CAP_NET_BROADCAST @ file_ns_capable struct.xt_table.927718:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.vm_area_struct.132931:0, CAP_IPC_LOCK @ capable struct.ctl_table:0, CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.xt_entry_match.880990:0, CAP_NET_ADMIN @ ns_capable struct.ipt_replace:0, CAP_NET_ADMIN @ ns_capable struct.ieee802_11_elems:0, CAP_NET_BROADCAST @ file_ns_capable struct.nfnetlink_subsystem:0, CAP_NET_ADMIN @ netlink_net_capable struct.ipv6_txoptions:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable struct.sock.836948:0,1, CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable inconsistent check struct.net_device_ops.756119:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check struct.alarm:0, CAP_WAKE_ALARM @ capable struct.xt_target.927714:0, CAP_NET_ADMIN @ ns_capable struct.net_device.654117:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.super_operations:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.in_ifaddr.767745:0, CAP_NET_ADMIN @ ns_capable struct.fs_struct:0, CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ext4_sb_info.196124:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.gendisk.195936:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.pid:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.xt_target.880983:0, CAP_NET_ADMIN @ ns_capable struct.rtl8169_private:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.Qdisc.784978:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.vm_area_struct:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable inconsistent check struct.amd_iommu:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.drm_i915_gem_object.501778:0, CAP_IPC_LOCK @ capable struct.mbox_chan:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.drm_mode_config_funcs.382377:0, CAP_NET_BROADCAST @ file_ns_capable struct.drm_i915_gem_object_ops.501765:0, CAP_IPC_LOCK @ capable struct.proc_ns_operations:0, CAP_SYS_ADMIN @ ns_capable struct.tcf_chain.784981:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.mmu_notifier_range:0, CAP_IPC_LOCK @ capable struct.mm_struct:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.drm_i915_gem_object.449204:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.fs_context:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.phy_driver.640508:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.uprobe_consumer.117200:0, CAP_IPC_LOCK @ capable struct.i915_gem_engines.449239:0, CAP_NET_BROADCAST @ file_ns_capable struct.dock_station:0, CAP_NET_BROADCAST @ file_ns_capable struct.ipc_ops:0, CAP_IPC_OWNER @ ns_capable struct.cgroup_subsys:0, CAP_SYS_ADMIN @ ns_capable struct.cgroup_root:0, CAP_SYS_ADMIN @ ns_capable struct.irqaction:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.irq_chip.76315:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.snd_card:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.yenta_socket:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.pci_dev.318968:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.e1000_adapter.649670:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.pci_dev.654149:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.nic:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.pci_dev.647637:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable Run Analysis, Threads:1 Critical functions Check Use of Function:dev_set_group Check Use of Function:raw_abort Check Use of Function:udp_abort Check Use of Function:perf_event_enable Check Use of Function:sock_create_kern Check Use of Function:create_io_thread Check Use of Function:rtc_cmos_read Check Use of Function:rtc_cmos_write Check Use of Function:tty_buffer_restart_work Check Use of Function:tty_ldisc_get Check Use of Function:tty_ldisc_reinit Check Use of Function:serport_ldisc_close Check Use of Function:n_null_close Check Use of Function:n_tty_close Check Use of Function:serial8250_pm Check Use of Function:serial8250_get_mctrl Check Use of Function:serial8250_verify_port Check Use of Function:tty_name Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %134 = tail call i32 @__tty_check_change(%struct.tty_struct.362950* %1, i32 22) #78 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.363009* %5 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 95 %6 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %6, i64 0, i32 24 %8 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %7, align 8 %9 = icmp eq %struct.tty_struct.362950* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %12 = getelementptr %struct.signal_struct.362956, %struct.signal_struct.362956* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid.51755*, %struct.pid.51755** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #78 %16 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid.51755*, %struct.pid.51755** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #78 %18 = icmp eq %struct.pid.51755* %17, null %19 = icmp eq %struct.pid.51755* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %134 = tail call i32 @__tty_check_change(%struct.tty_struct.362950* %1, i32 22) #78 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.363009* %5 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 95 %6 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %6, i64 0, i32 24 %8 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %7, align 8 %9 = icmp eq %struct.tty_struct.362950* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %12 = getelementptr %struct.signal_struct.362956, %struct.signal_struct.362956* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid.51755*, %struct.pid.51755** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #78 %16 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid.51755*, %struct.pid.51755** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #78 %18 = icmp eq %struct.pid.51755* %17, null %19 = icmp eq %struct.pid.51755* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %134 = tail call i32 @__tty_check_change(%struct.tty_struct.362950* %1, i32 22) #78 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.363009* %5 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 95 %6 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %6, i64 0, i32 24 %8 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %7, align 8 %9 = icmp eq %struct.tty_struct.362950* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %12 = getelementptr %struct.signal_struct.362956, %struct.signal_struct.362956* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid.51755*, %struct.pid.51755** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #78 %16 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid.51755*, %struct.pid.51755** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #78 %18 = icmp eq %struct.pid.51755* %17, null %19 = icmp eq %struct.pid.51755* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %134 = tail call i32 @__tty_check_change(%struct.tty_struct.362950* %1, i32 22) #78 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.363009* %5 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 95 %6 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %6, i64 0, i32 24 %8 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %7, align 8 %9 = icmp eq %struct.tty_struct.362950* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %12 = getelementptr %struct.signal_struct.362956, %struct.signal_struct.362956* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid.51755*, %struct.pid.51755** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #78 %16 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid.51755*, %struct.pid.51755** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #78 %18 = icmp eq %struct.pid.51755* %17, null %19 = icmp eq %struct.pid.51755* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_check_change 2 set_termios 3 tty_mode_ioctl 4 n_tty_ioctl_helper 5 n_tty_ioctl ------------- Path:  Function:n_tty_ioctl %5 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 29 %6 = bitcast i8** %5 to %struct.n_tty_data** %7 = load %struct.n_tty_data*, %struct.n_tty_data** %6, align 8 switch i32 %2, label %70 [ i32 21521, label %8 i32 21531, label %17 ] %71 = tail call i32 bitcast (i32 (%struct.tty_struct.360561*, %struct.file.360366*, i32, i64)* @n_tty_ioctl_helper to i32 (%struct.tty_struct.360259*, %struct.file.360146*, i32, i64)*)(%struct.tty_struct.360259* %0, %struct.file.360146* %1, i32 %2, i64 %3) #78 Function:n_tty_ioctl_helper switch i32 %2, label %98 [ i32 21514, label %5 i32 21515, label %39 ] %99 = tail call i32 @tty_mode_ioctl(%struct.tty_struct.360561* %0, %struct.file.360366* %1, i32 %2, i64 %3) #79 Function:tty_mode_ioctl %5 = alloca %struct.ktermios, align 4 %6 = alloca %struct.ktermios, align 4 %7 = alloca %struct.ktermios, align 4 %8 = inttoptr i64 %3 to i8* %9 = bitcast %struct.ktermios* %7 to i8* %10 = icmp eq %struct.file.360366* %1, null br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = getelementptr inbounds %struct.tty_struct.360561, %struct.tty_struct.360561* %0, i64 0, i32 3 %14 = load %struct.tty_driver.360555*, %struct.tty_driver.360555** %13, align 8 %15 = getelementptr inbounds %struct.tty_driver.360555, %struct.tty_driver.360555* %14, i64 0, i32 10 %16 = load i16, i16* %15, align 8 %17 = icmp eq i16 %16, 4 br i1 %17, label %18, label %25 %26 = phi %struct.tty_struct.360561* [ %24, %22 ], [ %0, %18 ], [ %0, %12 ] switch i32 %2, label %200 [ i32 21508, label %27 i32 21507, label %29 i32 21506, label %31 i32 21505, label %33 i32 -2144578518, label %41 i32 1076646957, label %49 i32 1076646956, label %51 i32 1076646955, label %53 i32 21509, label %55 i32 21512, label %129 i32 21511, label %131 i32 21510, label %133 i32 21590, label %135 i32 21591, label %143 i32 21554, label %201 i32 21555, label %201 i32 21557, label %201 i32 21556, label %201 i32 21529, label %153 i32 21530, label %167 ] %134 = tail call fastcc i32 @set_termios(%struct.tty_struct.360561* %26, i8* %8, i32 4) #78 Function:set_termios %4 = alloca %struct.ktermios, align 4 %5 = bitcast %struct.ktermios* %4 to i8* %6 = tail call i32 bitcast (i32 (%struct.tty_struct.362950*)* @tty_check_change to i32 (%struct.tty_struct.360561*)*)(%struct.tty_struct.360561* %0) #78 Function:tty_check_change %2 = tail call i32 @__tty_check_change(%struct.tty_struct.362950* %0, i32 22) #78 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.363009* %5 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 95 %6 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %6, i64 0, i32 24 %8 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %7, align 8 %9 = icmp eq %struct.tty_struct.362950* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %12 = getelementptr %struct.signal_struct.362956, %struct.signal_struct.362956* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid.51755*, %struct.pid.51755** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #78 %16 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid.51755*, %struct.pid.51755** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #78 %18 = icmp eq %struct.pid.51755* %17, null %19 = icmp eq %struct.pid.51755* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_check_change 2 n_tty_write ------------- Path:  Function:n_tty_write %5 = alloca %struct.wait_queue_entry, align 8 %6 = bitcast %struct.wait_queue_entry* %5 to i8* %7 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.360117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.360117**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.360117* %10 = bitcast i8** %7 to %struct.task_struct.360117** %11 = bitcast %struct.wait_queue_entry* %5 to i64* store i64 0, i64* %11, align 8 store %struct.task_struct.360117* %9, %struct.task_struct.360117** %10, align 8 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @woken_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store %struct.list_head* %13, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %13, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 13, i32 3 %17 = load i32, i32* %16, align 4 %18 = and i32 %17, 256 %19 = icmp eq i32 %18, 0 br i1 %19, label %31, label %20 %21 = getelementptr inbounds %struct.file.360146, %struct.file.360146* %1, i64 0, i32 3 %22 = load %struct.file_operations.360143*, %struct.file_operations.360143** %21, align 8 %23 = getelementptr inbounds %struct.file_operations.360143, %struct.file_operations.360143* %22, i64 0, i32 5 %24 = load i64 (%struct.kiocb.359962*, %struct.iov_iter*)*, i64 (%struct.kiocb.359962*, %struct.iov_iter*)** %23, align 8 %25 = icmp eq i64 (%struct.kiocb.359962*, %struct.iov_iter*)* %24, bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @redirected_tty_write to i64 (%struct.kiocb.359962*, %struct.iov_iter*)*) br i1 %25, label %31, label %26 %27 = call i32 bitcast (i32 (%struct.tty_struct.362950*)* @tty_check_change to i32 (%struct.tty_struct.360259*)*)(%struct.tty_struct.360259* %0) #78 Function:tty_check_change %2 = tail call i32 @__tty_check_change(%struct.tty_struct.362950* %0, i32 22) #78 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.363009* %5 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 95 %6 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %6, i64 0, i32 24 %8 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %7, align 8 %9 = icmp eq %struct.tty_struct.362950* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %12 = getelementptr %struct.signal_struct.362956, %struct.signal_struct.362956* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid.51755*, %struct.pid.51755** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #78 %16 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid.51755*, %struct.pid.51755** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #78 %18 = icmp eq %struct.pid.51755* %17, null %19 = icmp eq %struct.pid.51755* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 n_tty_read ------------- Path:  Function:n_tty_read %7 = alloca i64, align 8 %8 = alloca i8*, align 8 %9 = alloca %struct.wait_queue_entry, align 8 store i64 %3, i64* %7, align 8 %10 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 29 %11 = bitcast i8** %10 to %struct.n_tty_data** %12 = load %struct.n_tty_data*, %struct.n_tty_data** %11, align 8 %13 = bitcast i8** %8 to i8* store i8* %2, i8** %8, align 8 %14 = bitcast %struct.wait_queue_entry* %9 to i8* %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 1 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.360117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.360117**)) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct.360117* %18 = bitcast i8** %15 to %struct.task_struct.360117** %19 = bitcast %struct.wait_queue_entry* %9 to i64* store i64 0, i64* %19, align 8 store %struct.task_struct.360117* %17, %struct.task_struct.360117** %18, align 8 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @woken_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %20, align 8 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 3 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 store %struct.list_head* %21, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %9, i64 0, i32 3, i32 1 store %struct.list_head* %21, %struct.list_head** %23, align 8 %24 = load i8*, i8** %4, align 8 %25 = icmp eq i8* %24, null %26 = ptrtoint i8* %2 to i64 br i1 %25, label %121, label %27 %122 = getelementptr inbounds %struct.file.360146, %struct.file.360146* %1, i64 0, i32 3 %123 = load %struct.file_operations.360143*, %struct.file_operations.360143** %122, align 8 %124 = getelementptr inbounds %struct.file_operations.360143, %struct.file_operations.360143* %123, i64 0, i32 5 %125 = load i64 (%struct.kiocb.359962*, %struct.iov_iter*)*, i64 (%struct.kiocb.359962*, %struct.iov_iter*)** %124, align 8 %126 = icmp eq i64 (%struct.kiocb.359962*, %struct.iov_iter*)* %125, bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @redirected_tty_write to i64 (%struct.kiocb.359962*, %struct.iov_iter*)*) br i1 %126, label %132, label %127 %128 = call i32 bitcast (i32 (%struct.tty_struct.362950*, i32)* @__tty_check_change to i32 (%struct.tty_struct.360259*, i32)*)(%struct.tty_struct.360259* %0, i32 21) #79 Function:__tty_check_change %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.363009* %5 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 95 %6 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %7 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %6, i64 0, i32 24 %8 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %7, align 8 %9 = icmp eq %struct.tty_struct.362950* %8, %0 br i1 %9, label %10, label %51 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %11 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %5, align 32 %12 = getelementptr %struct.signal_struct.362956, %struct.signal_struct.362956* %11, i64 0, i32 21, i64 2 %13 = load %struct.pid.51755*, %struct.pid.51755** %12, align 8 %14 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 0, i32 0, i32 0 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %14) #78 %16 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %0, i64 0, i32 20, i32 1 %17 = load %struct.pid.51755*, %struct.pid.51755** %16, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %14, i64 %15) #78 %18 = icmp eq %struct.pid.51755* %17, null %19 = icmp eq %struct.pid.51755* %13, %17 %20 = or i1 %18, %19 br i1 %20, label %45, label %21 %22 = add i32 %1, -1 %23 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 97, i32 0, i64 0 %24 = load i64, i64* %23, align 8 %25 = zext i32 %22 to i64 %26 = shl nuw i64 1, %25 %27 = and i64 %24, %26 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %36 %30 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %4, i64 0, i32 96 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %30, align 8 %32 = sext i32 %22 to i64 %33 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 3, i64 %32, i32 0, i32 0 %34 = load void (i32)*, void (i32)** %33, align 8 %35 = icmp eq void (i32)* %34, inttoptr (i64 1 to void (i32)*) br i1 %35, label %36, label %39 %37 = icmp eq i32 %1, 21 %38 = select i1 %37, i32 -5, i32 0 br label %45 %46 = phi i32 [ -512, %42 ], [ 0, %10 ], [ %38, %36 ], [ -5, %39 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br i1 %18, label %47, label %51 %48 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 %49 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_close_start 1 tty_port_close 2 uart_close ------------- Path:  Function:uart_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = icmp eq %struct.uart_state* %5, null br i1 %6, label %7, label %24 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %26 = load %struct.tty_port*, %struct.tty_port** %25, align 8 tail call void bitcast (void (%struct.tty_port.361680*, %struct.tty_struct.361677*, %struct.file.361569*)* @tty_port_close to void (%struct.tty_port*, %struct.tty_struct*, %struct.file*)*)(%struct.tty_port* %26, %struct.tty_struct* %0, %struct.file* %1) #78 Function:tty_port_close %4 = tail call i32 @tty_port_close_start(%struct.tty_port.361680* %0, %struct.tty_struct.361677* %1, %struct.file.361569* %2) #78 Function:tty_port_close_start %4 = tail call i32 bitcast (i32 (%struct.file*)* @tty_hung_up_p to i32 (%struct.file.361569*)*)(%struct.file.361569* %2) #78 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %72 %7 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 5, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #78 %9 = getelementptr inbounds %struct.tty_struct.361677, %struct.tty_struct.361677* %1, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 %12 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %23 %15 = icmp eq i32 %13, 1 br i1 %15, label %21, label %16 %17 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.361677*)*)(%struct.tty_struct.361677* %1) #78 %18 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.361677*)*)(%struct.tty_struct.361677* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_close_start 1 tty_port_close 2 uart_close ------------- Path:  Function:uart_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = icmp eq %struct.uart_state* %5, null br i1 %6, label %7, label %24 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %26 = load %struct.tty_port*, %struct.tty_port** %25, align 8 tail call void bitcast (void (%struct.tty_port.361680*, %struct.tty_struct.361677*, %struct.file.361569*)* @tty_port_close to void (%struct.tty_port*, %struct.tty_struct*, %struct.file*)*)(%struct.tty_port* %26, %struct.tty_struct* %0, %struct.file* %1) #78 Function:tty_port_close %4 = tail call i32 @tty_port_close_start(%struct.tty_port.361680* %0, %struct.tty_struct.361677* %1, %struct.file.361569* %2) #78 Function:tty_port_close_start %4 = tail call i32 bitcast (i32 (%struct.file*)* @tty_hung_up_p to i32 (%struct.file.361569*)*)(%struct.file.361569* %2) #78 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %72 %7 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 5, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #78 %9 = getelementptr inbounds %struct.tty_struct.361677, %struct.tty_struct.361677* %1, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 %12 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %23 %24 = add i32 %13, -1 %25 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 7 store i32 %24, i32* %25, align 8 %26 = icmp slt i32 %24, 0 br i1 %26, label %27, label %32 %28 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_driver_name to i8* (%struct.tty_struct.361677*)*)(%struct.tty_struct.361677* %1) #78 %29 = tail call i8* bitcast (i8* (%struct.tty_struct*)* @tty_name to i8* (%struct.tty_struct.361677*)*)(%struct.tty_struct.361677* %1) #78 ------------- Good: 17 Bad: 9 Ignored: 37 Check Use of Function:uart_change_speed Check Use of Function:tty_unlock Check Use of Function:pci_enable_device Check Use of Function:drm_client_modeset_free Check Use of Function:drm_syncobj_open Check Use of Function:drm_prime_init_file_private Check Use of Function:drm_syncobj_release Check Use of Function:drm_gem_release Check Use of Function:netlink_broadcast Check Use of Function:sysfs_streq Use: =BAD PATH= Call Stack: 0 store_host_reset ------------- Path:  Function:store_host_reset %5 = getelementptr %struct.device, %struct.device* %0, i64 -2, i32 2 %6 = bitcast %struct.device_private** %5 to %struct.Scsi_Host.625387* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 21 %8 = bitcast %struct.device_private** %7 to %struct.scsi_host_template.625386** %9 = load %struct.scsi_host_template.625386*, %struct.scsi_host_template.625386** %8, align 8 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.49.48785, i64 0, i64 0)) #78 br i1 %10, label %13, label %11 %12 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.50.48786, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 store_host_reset ------------- Path:  Function:store_host_reset %5 = getelementptr %struct.device, %struct.device* %0, i64 -2, i32 2 %6 = bitcast %struct.device_private** %5 to %struct.Scsi_Host.625387* %7 = getelementptr inbounds %struct.device_private*, %struct.device_private** %5, i64 21 %8 = bitcast %struct.device_private** %7 to %struct.scsi_host_template.625386** %9 = load %struct.scsi_host_template.625386*, %struct.scsi_host_template.625386** %8, align 8 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.49.48785, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 pm_qos_resume_latency_us_store ------------- Path:  Function:pm_qos_resume_latency_us_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #78 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %15 %16 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.34.47479, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 wakeup_store ------------- Path:  Function:wakeup_store %5 = getelementptr inbounds %struct.device.612508, %struct.device.612508* %0, i64 0, i32 11, i32 1 %6 = load i16, i16* %5, align 4 %7 = and i16 %6, 1 %8 = icmp eq i16 %7, 0 br i1 %8, label %17, label %9 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @_enabled, i64 0, i64 0)) #78 br i1 %10, label %11, label %13 %14 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @_disabled, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 wakeup_store ------------- Path:  Function:wakeup_store %5 = getelementptr inbounds %struct.device.612508, %struct.device.612508* %0, i64 0, i32 11, i32 1 %6 = load i16, i16* %5, align 4 %7 = and i16 %6, 1 %8 = icmp eq i16 %7, 0 br i1 %8, label %17, label %9 %10 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @_enabled, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 pm_qos_latency_tolerance_us_store ------------- Path:  Function:pm_qos_latency_tolerance_us_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #78 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %12 %13 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.30.47441, i64 0, i64 0)) #78 br i1 %13, label %14, label %15 %16 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.31.47442, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 pm_qos_latency_tolerance_us_store ------------- Path:  Function:pm_qos_latency_tolerance_us_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = call i32 @kstrtoint(i8* %2, i32 0, i32* nonnull %5) #78 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %12 %13 = call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.30.47441, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.410657, %struct.file.410657* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.410658** %8 = load %struct.seq_file.410658*, %struct.seq_file.410658** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.410658, %struct.seq_file.410658* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.410832** %11 = load %struct.drm_connector.410832*, %struct.drm_connector.410832** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #78 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.38472, i64 0, i64 0)) #78 br i1 %19, label %20, label %22 %23 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.26.38473, i64 0, i64 0)) #78 br i1 %23, label %24, label %26 %27 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.27.38474, i64 0, i64 0)) #78 br i1 %27, label %28, label %30 %31 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.28.38475, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.410657, %struct.file.410657* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.410658** %8 = load %struct.seq_file.410658*, %struct.seq_file.410658** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.410658, %struct.seq_file.410658* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.410832** %11 = load %struct.drm_connector.410832*, %struct.drm_connector.410832** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #78 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.38472, i64 0, i64 0)) #78 br i1 %19, label %20, label %22 %23 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.26.38473, i64 0, i64 0)) #78 br i1 %23, label %24, label %26 %27 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.27.38474, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.410657, %struct.file.410657* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.410658** %8 = load %struct.seq_file.410658*, %struct.seq_file.410658** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.410658, %struct.seq_file.410658* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.410832** %11 = load %struct.drm_connector.410832*, %struct.drm_connector.410832** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #78 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.38472, i64 0, i64 0)) #78 br i1 %19, label %20, label %22 %23 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.26.38473, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 connector_write ------------- Path:  Function:connector_write %5 = alloca [12 x i8], align 1 %6 = getelementptr inbounds %struct.file.410657, %struct.file.410657* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.410658** %8 = load %struct.seq_file.410658*, %struct.seq_file.410658** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.410658, %struct.seq_file.410658* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_connector.410832** %11 = load %struct.drm_connector.410832*, %struct.drm_connector.410832** %10, align 8 %12 = getelementptr inbounds [12 x i8], [12 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 11 br i1 %13, label %34, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #78 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %34 %18 = getelementptr [12 x i8], [12 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call zeroext i1 @sysfs_streq(i8* nonnull %12, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.25.38472, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.318968* %9 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.14.29396, i64 0, i64 0)) #78 br i1 %11, label %12, label %17 %18 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.82.29398, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.318968* %9 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.14.29396, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 control_store ------------- Path:  Function:control_store %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.75.5106, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 control_store ------------- Path:  Function:control_store %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.75.5106, i64 0, i64 0)) #78 br i1 %5, label %10, label %6 %7 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.76.5056, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 control_store ------------- Path:  Function:control_store %5 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.75.5106, i64 0, i64 0)) #78 br i1 %5, label %10, label %6 %7 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.76.5056, i64 0, i64 0)) #78 br i1 %7, label %10, label %8 %9 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.77.5107, i64 0, i64 0)) #78 ------------- Good: 25 Bad: 16 Ignored: 17 Check Use of Function:get_device Use: =BAD PATH= Call Stack: 0 xps_cpus_show ------------- Path:  Function:xps_cpus_show %3 = getelementptr inbounds %struct.netdev_queue.773541, %struct.netdev_queue.773541* %0, i64 0, i32 0 %4 = load %struct.net_device.773585*, %struct.net_device.773585** %3, align 64 %5 = getelementptr inbounds %struct.net_device.773585, %struct.net_device.773585* %4, i64 0, i32 88 %6 = load i32, i32* %5, align 8 %7 = icmp ugt i32 %6, 1 br i1 %7, label %8, label %40 %9 = getelementptr inbounds %struct.net_device.773585, %struct.net_device.773585* %4, i64 0, i32 87 %10 = bitcast %struct.netdev_queue.773541** %9 to i64* %11 = load i64, i64* %10, align 64 %12 = ptrtoint %struct.netdev_queue.773541* %0 to i64 %13 = sub i64 %12, %11 %14 = sdiv exact i64 %13, 320 %15 = trunc i64 %14 to i32 %16 = icmp ugt i32 %6, %15 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = tail call i32 @rtnl_trylock() #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %24 %25 = load %struct.netdev_queue.773541*, %struct.netdev_queue.773541** %9, align 64 %26 = and i64 %14, 4294967295 %27 = getelementptr %struct.netdev_queue.773541, %struct.netdev_queue.773541* %25, i64 %26, i32 7 %28 = load %struct.net_device.773585*, %struct.net_device.773585** %27, align 16 %29 = icmp eq %struct.net_device.773585* %28, null %30 = select i1 %29, %struct.net_device.773585* %4, %struct.net_device.773585* %28 %31 = tail call i32 bitcast (i32 (%struct.net_device.763141*, i32)* @netdev_txq_to_tc to i32 (%struct.net_device.773585*, i32)*)(%struct.net_device.773585* %30, i32 %15) #78 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %34 %35 = getelementptr inbounds %struct.net_device.773585, %struct.net_device.773585* %30, i64 0, i32 113 %36 = tail call %struct.device.773229* bitcast (%struct.device* (%struct.device*)* @get_device to %struct.device.773229* (%struct.device.773229*)*)(%struct.device.773229* %35) #78 ------------- Use: =BAD PATH= Call Stack: 0 scsi_device_get 1 sg_open ------------- Path:  Function:sg_open %3 = alloca %struct.wait_queue_entry, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.inode.295425, %struct.inode.295425* %0, i64 0, i32 13 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %1, i64 0, i32 7 %8 = load i32, i32* %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode*, %struct.file*)* @nonseekable_open to i32 (%struct.inode.295425*, %struct.file.295345*)*)(%struct.inode.295425* %0, %struct.file.295345* %1) #78 %10 = trunc i32 %8 to i8 %11 = icmp sgt i8 %10, -1 %12 = xor i1 %11, true %13 = and i32 %8, 3 %14 = icmp eq i32 %13, 0 %15 = and i1 %14, %12 br i1 %15, label %358, label %16 %17 = and i32 %6, 1048575 %18 = tail call i64 @_raw_read_lock_irqsave(%struct.rwlock_t* nonnull @sg_index_lock) #78 %19 = zext i32 %17 to i64 %20 = tail call i8* @idr_find(%struct.idr* nonnull @sg_index_idr, i64 %19) #78 %21 = bitcast i8* %20 to %struct.sg_device* %22 = icmp eq i8* %20, null br i1 %22, label %38, label %23 %24 = getelementptr inbounds i8, i8* %20, i64 96 %25 = bitcast i8* %24 to i32* %26 = load volatile i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %38 %29 = getelementptr inbounds i8, i8* %20, i64 152 %30 = bitcast i8* %29 to %struct.seqcount_spinlock* %31 = bitcast i8* %29 to i32* %32 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !4 %33 = icmp eq i32 %32, 0 br i1 %33, label %40, label %34, !prof !5, !misexpect !6 %35 = add i32 %32, 1 %36 = or i32 %35, %32 %37 = icmp sgt i32 %36, -1 br i1 %37, label %42, label %40, !prof !7, !misexpect !6 %41 = phi i32 [ 2, %28 ], [ 1, %34 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %30, i32 %41) #78 br label %42 tail call void @_raw_read_unlock_irqrestore(%struct.rwlock_t* nonnull @sg_index_lock, i64 %18) #78 %43 = icmp ugt i8* %20, inttoptr (i64 -4096 to i8*) br i1 %43, label %44, label %48 %49 = bitcast i8* %20 to %struct.scsi_device.630307** %50 = load %struct.scsi_device.630307*, %struct.scsi_device.630307** %49, align 8 %51 = tail call i32 bitcast (i32 (%struct.scsi_device*)* @scsi_device_get to i32 (%struct.scsi_device.630307*)*)(%struct.scsi_device.630307* %50) #78 Function:scsi_device_get %2 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 62 %3 = load i32, i32* %2, align 8 %4 = add i32 %3, -3 %5 = icmp ult i32 %4, 2 br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 49 %8 = tail call %struct.device* @get_device(%struct.device* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 scsi_device_get 1 sdev_store_delete ------------- Path:  Function:sdev_store_delete %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 11, i32 8, i32 1 %6 = bitcast i64* %5 to %struct.scsi_device.625378* %7 = tail call i32 bitcast (i32 (%struct.scsi_device*)* @scsi_device_get to i32 (%struct.scsi_device.625378*)*)(%struct.scsi_device.625378* %6) #78 Function:scsi_device_get %2 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 62 %3 = load i32, i32* %2, align 8 %4 = add i32 %3, -3 %5 = icmp ult i32 %4, 2 br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.scsi_device, %struct.scsi_device* %0, i64 0, i32 49 %8 = tail call %struct.device* @get_device(%struct.device* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_dev_get 1 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46658, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %300 = bitcast i32* %9 to i8* store i32 0, i32* %9, align 4 %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46659, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %305 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** @vga_default, align 8 %306 = call %struct.pci_dev.318968* @pci_dev_get(%struct.pci_dev.318968* %305) #78 Function:pci_dev_get %2 = icmp eq %struct.pci_dev.318968* %0, null br i1 %2, label %6, label %3 %4 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46 %5 = tail call %struct.device* @get_device(%struct.device* %4) #78 ------------- Good: 149 Bad: 4 Ignored: 165 Check Use of Function:blk_execute_rq Check Use of Function:blk_rq_unmap_user Use: =BAD PATH= Call Stack: 0 sg_new_read 1 sg_read ------------- Path:  Function:sg_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %0, i64 0, i32 12 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295320** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295320**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.295320* %10 = getelementptr inbounds %struct.task_struct.295320, %struct.task_struct.295320* %9, i64 0, i32 84 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = icmp eq %struct.cred* %7, %11 br i1 %12, label %19, label %13 %20 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %0, i64 0, i32 16 %21 = bitcast i8** %20 to %struct.sg_fd** %22 = load %struct.sg_fd*, %struct.sg_fd** %21, align 8 %23 = icmp eq %struct.sg_fd* %22, null br i1 %23, label %484, label %24 %25 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 1 %26 = load %struct.sg_device*, %struct.sg_device** %25, align 8 %27 = icmp eq %struct.sg_device* %26, null br i1 %27, label %484, label %28 %29 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 11 %30 = load i8, i8* %29, align 8 %31 = icmp ne i8 %30, 0 %32 = icmp ugt i64 %2, 35 %33 = and i1 %32, %31 br i1 %33, label %34, label %83 %84 = phi i32 [ %74, %71 ], [ -1, %28 ], [ -1, %64 ] %85 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 3 %86 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #78 %87 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 8 %88 = bitcast %struct.list_head* %87 to %struct.sg_request** %89 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %90 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %113, label %92 %93 = icmp eq i32 %84, -1 br label %94 %95 = phi %struct.sg_request* [ %89, %92 ], [ %110, %108 ] %96 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 7 %97 = load i8, i8* %96, align 2 %98 = icmp eq i8 %97, 0 br i1 %98, label %99, label %108 br i1 %93, label %104, label %100 %101 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 3, i32 11 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, %84 br i1 %103, label %104, label %108 %105 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 8 %106 = load i8, i8* %105, align 1 %107 = icmp eq i8 %106, 1 br i1 %107, label %114, label %108 %109 = bitcast %struct.sg_request* %95 to %struct.sg_request** %110 = load %struct.sg_request*, %struct.sg_request** %109, align 8 %111 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %110, i64 0, i32 0 %112 = icmp eq %struct.list_head* %111, %87 br i1 %112, label %113, label %94 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %86) #78 br label %117 %118 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %0, i64 0, i32 7 %119 = load i32, i32* %118, align 8 %120 = and i32 %119, 2048 %121 = icmp eq i32 %120, 0 br i1 %121, label %122, label %484 %123 = tail call i32 @__cond_resched() #78 %124 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #78 %125 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %126 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %125, i64 0, i32 0 %127 = icmp eq %struct.list_head* %126, %87 br i1 %127, label %152, label %128 %129 = icmp eq i32 %84, -1 br label %130 %131 = phi i8 [ 0, %128 ], [ %147, %146 ] %132 = phi %struct.sg_request* [ %125, %128 ], [ %149, %146 ] %133 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 7 %134 = load i8, i8* %133, align 2 %135 = icmp eq i8 %134, 0 br i1 %135, label %136, label %146 br i1 %129, label %141, label %137 %138 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 3, i32 11 %139 = load i32, i32* %138, align 8 %140 = icmp eq i32 %139, %84 br i1 %140, label %141, label %146 %142 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 8 %143 = load i8, i8* %142, align 1 %144 = sext i8 %143 to i32 switch i32 %144, label %146 [ i32 0, label %145 i32 1, label %154 ] %155 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 8 store i8 2, i8* %155, align 1 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %124) #78 %156 = icmp eq %struct.sg_request* %132, null br i1 %156, label %157, label %222 %223 = phi %struct.sg_request* [ %95, %114 ], [ %212, %211 ], [ %132, %154 ] %224 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %223, i64 0, i32 3, i32 0 %225 = load i32, i32* %224, align 8 %226 = icmp eq i32 %225, 0 br i1 %226, label %229, label %227 %228 = call fastcc i64 @sg_new_read(%struct.sg_fd* nonnull %22, i8* %1, i64 %2, %struct.sg_request* nonnull %223) #80 Function:sg_new_read %5 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295320** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295320**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.295320* %8 = getelementptr inbounds %struct.task_struct.295320, %struct.task_struct.295320* %7, i64 0, i32 0, i32 2 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = icmp ult i64 %2, 88 br i1 %15, label %70, label %16 %17 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 16 store i8 0, i8* %17, align 1 %18 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 3 %19 = load i8, i8* %18, align 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %52, label %21 %22 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 8 %23 = load i8*, i8** %22, align 8 %24 = icmp eq i8* %23, null br i1 %24, label %52, label %25 %26 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 14 %27 = load i8, i8* %26, align 1 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %35 %36 = icmp ult i8 %19, 96 %37 = select i1 %36, i8 %19, i8 96 %38 = zext i8 %37 to i32 %39 = getelementptr %struct.sg_request, %struct.sg_request* %3, i64 0, i32 4, i64 7 %40 = load i8, i8* %39, align 1 %41 = zext i8 %40 to i32 %42 = add nuw nsw i32 %41, 8 %43 = icmp ugt i32 %42, %38 %44 = select i1 %43, i32 %38, i32 %42 %45 = zext i32 %44 to i64 %46 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 4, i64 0 %47 = tail call i64 @_copy_to_user(i8* nonnull %23, i8* %46, i64 %45) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %70 %71 = phi i32 [ %69, %68 ], [ -22, %12 ], [ -22, %14 ], [ -14, %35 ] %72 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 1 %73 = load %struct.sg_fd*, %struct.sg_fd** %72, align 8 %74 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 2 %75 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 10 %76 = load %struct.bio.295430*, %struct.bio.295430** %75, align 8 %77 = icmp eq %struct.bio.295430* %76, null br i1 %77, label %80, label %78 %79 = tail call i32 @blk_rq_unmap_user(%struct.bio.295430* nonnull %76) #78 ------------- Good: 16 Bad: 1 Ignored: 8 Check Use of Function:reboot_pid_ns Check Use of Function:kernel_restart Check Use of Function:kernel_power_off Check Use of Function:kernel_kexec Check Use of Function:hibernate Use: =BAD PATH= Call Stack: 0 state_store ------------- Path:  Function:state_store %5 = tail call i8* @memchr(i8* %2, i32 10, i64 %3) #78 %6 = icmp eq i8* %5, null %7 = ptrtoint i8* %5 to i64 %8 = ptrtoint i8* %2 to i64 %9 = sub i64 %7, %8 %10 = select i1 %6, i64 %3, i64 %9 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 4 br i1 %12, label %13, label %16 %14 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.32.7714, i64 0, i64 0), i64 4) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %50, label %16 %51 = tail call i32 @hibernate() #78 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:perf_uprobe_init Check Use of Function:trace_event_dyn_put_ref Check Use of Function:destroy_local_trace_kprobe Check Use of Function:chroot_fs_refs Check Use of Function:dev_change_flags Check Use of Function:ipv6_chk_addr_and_flags Check Use of Function:rt6_lookup Check Use of Function:ipv6_chk_prefix Check Use of Function:mq_clear_sbinfo Use: =BAD PATH= Call Stack: 0 put_ipc_ns 1 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #78 Function:put_ipc_ns %2 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 24, i32 3 %3 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %2, %struct.spinlock* nonnull @mq_lock) #78 br i1 %3, label %4, label %10 tail call void @mq_clear_sbinfo(%struct.ipc_namespace* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_put ------------- Path:  Function:ipcns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -34, i32 2 %3 = getelementptr inbounds i32, i32* %2, i64 205 %4 = bitcast i32* %3 to %struct.seqcount_spinlock* %5 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %4, %struct.spinlock* nonnull @mq_lock) #78 br i1 %5, label %6, label %14 %7 = bitcast i32* %2 to %struct.ipc_namespace* tail call void @mq_clear_sbinfo(%struct.ipc_namespace* %7) #78 ------------- Good: 13 Bad: 2 Ignored: 5 Check Use of Function:efivar_entry_iter_begin Check Use of Function:efivar_entry_find Check Use of Function:__efivar_entry_delete Check Use of Function:efivar_entry_iter_end Check Use of Function:efivar_entry_set Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.719470* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.719371** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.719371**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.719371* %14 = getelementptr inbounds %struct.task_struct.719371, %struct.task_struct.719371* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.719470* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %54 %40 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1 %41 = bitcast %struct.uuid_t* %40 to i64* %42 = load i64, i64* %41, align 1 %43 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 1 %46 = bitcast { i64, i64 }* %6 to i8* %47 = bitcast { i64, i64 }* %7 to i8* %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %26, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %29, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %42, i64* %50, align 8 %51 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %45, i64* %51, align 8 %52 = call i32 @bcmp(i8* nonnull dereferenceable(16) %46, i8* nonnull dereferenceable(16) %47, i64 16) #6 %53 = icmp eq i32 %52, 0 br i1 %53, label %56, label %54 %57 = icmp eq i32 %33, 0 %58 = icmp eq i32 %23, 0 %59 = or i1 %58, %57 br i1 %59, label %60, label %62 %63 = icmp ult i32 %23, 128 br i1 %63, label %64, label %66 %65 = tail call zeroext i1 @efivar_validate(i64 %26, i64 %29, i16* nonnull %30, i8* %35, i64 %34) #79 br i1 %65, label %68, label %66 %69 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 3, i64 0 %70 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %71 = load i32, i32* %32, align 1 %72 = zext i32 %71 to i64 %73 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 2 store i64 %72, i64* %73, align 1 %74 = load i32, i32* %22, align 1 %75 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 5 store i32 %74, i32* %75, align 1 br label %126 %127 = phi i64 [ %34, %68 ], [ %91, %125 ] %128 = phi i32 [ %23, %68 ], [ %81, %125 ] %129 = phi i8* [ %35, %68 ], [ %92, %125 ] %130 = tail call i32 bitcast (i32 (%struct.efivar_entry.718593*, i32, i64, i8*, %struct.list_head*)* @efivar_entry_set to i32 (%struct.efivar_entry.719470*, i32, i64, i8*, %struct.list_head*)*)(%struct.efivar_entry.719470* nonnull %0, i32 %128, i64 %127, i8* %129, %struct.list_head* null) #79 ------------- Good: 2 Bad: 1 Ignored: 0 Check Use of Function:efivar_create_sysfs_entry Check Use of Function:rtnl_create_link Check Use of Function:rtnl_configure_link Check Use of Function:__dev_change_net_namespace Check Use of Function:fget Use: =BAD PATH= Call Stack: 0 loop_configure 1 lo_ioctl 2 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %8 = load %struct.gendisk*, %struct.gendisk** %7, align 8 %9 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device* %0, i32 %1, i32 %2, i64 %35) #79 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %14 = load %struct.gendisk*, %struct.gendisk** %13, align 8 %15 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %367 [ i32 19456, label %18 i32 19466, label %24 i32 19462, label %33 i32 19457, label %207 i32 19458, label %226 i32 19459, label %280 i32 19460, label %335 i32 19461, label %349 i32 19463, label %362 i32 19464, label %362 i32 19465, label %362 ] %25 = inttoptr i64 %3 to i8* %26 = bitcast %struct.loop_config* %12 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %26, i8* %25, i64 304) #79 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %30 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device* %0, %struct.loop_config* nonnull %12) #78 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file* @fget(i32 %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 loop_configure 1 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %14 = load %struct.gendisk*, %struct.gendisk** %13, align 8 %15 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %367 [ i32 19456, label %18 i32 19466, label %24 i32 19462, label %33 i32 19457, label %207 i32 19458, label %226 i32 19459, label %280 i32 19460, label %335 i32 19461, label %349 i32 19463, label %362 i32 19464, label %362 i32 19465, label %362 ] %25 = inttoptr i64 %3 to i8* %26 = bitcast %struct.loop_config* %12 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %26, i8* %25, i64 304) #79 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %30 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device* %0, %struct.loop_config* nonnull %12) #78 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file* @fget(i32 %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl 1 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %8 = load %struct.gendisk*, %struct.gendisk** %7, align 8 %9 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device* %0, i32 %1, i32 %2, i64 %35) #79 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %14 = load %struct.gendisk*, %struct.gendisk** %13, align 8 %15 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %367 [ i32 19456, label %18 i32 19466, label %24 i32 19462, label %33 i32 19457, label %207 i32 19458, label %226 i32 19459, label %280 i32 19460, label %335 i32 19461, label %349 i32 19463, label %362 i32 19464, label %362 i32 19465, label %362 ] %34 = trunc i64 %3 to i32 %35 = tail call %struct.file* @fget(i32 %34) #79 ------------- Use: =BAD PATH= Call Stack: 0 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %14 = load %struct.gendisk*, %struct.gendisk** %13, align 8 %15 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %367 [ i32 19456, label %18 i32 19466, label %24 i32 19462, label %33 i32 19457, label %207 i32 19458, label %226 i32 19459, label %280 i32 19460, label %335 i32 19461, label %349 i32 19463, label %362 i32 19464, label %362 i32 19465, label %362 ] %34 = trunc i64 %3 to i32 %35 = tail call %struct.file* @fget(i32 %34) #79 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #78 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #78 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102742, %struct.file.102742* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #78 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #78 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.102742* bitcast (%struct.file* (i32)* @fget to %struct.file.102742* (i32)*)(i32 %269) #78 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102742, %struct.file.102742* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #78 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #78 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.102742* bitcast (%struct.file* (i32)* @fget to %struct.file.102742* (i32)*)(i32 %269) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 ------------- Good: 26 Bad: 13 Ignored: 36 Check Use of Function:mnt_clone_internal Check Use of Function:wbinvd_on_cpu Check Use of Function:amd_set_subcaches Check Use of Function:cgroup_kn_lock_live Use: =BAD PATH= Call Stack: 0 __cgroup1_procs_write 1 cgroup1_procs_write ------------- Path:  Function:cgroup1_procs_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file* %0, i8* %1, i64 %2, i1 zeroext true) #78 Function:__cgroup1_procs_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %7, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 __cgroup1_procs_write 1 cgroup1_tasks_write ------------- Path:  Function:cgroup1_tasks_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file* %0, i8* %1, i64 %2, i1 zeroext false) #78 Function:__cgroup1_procs_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %7, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_mkdir 1 kernfs_iop_mkdir ------------- Path:  Function:kernfs_iop_mkdir %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 47 %6 = bitcast i8** %5 to %struct.kernfs_node** %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 2 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = icmp eq %struct.kernfs_node* %9, null %11 = select i1 %10, %struct.kernfs_node* %7, %struct.kernfs_node* %9 %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 7, i32 0, i32 2 %13 = load %struct.kernfs_root*, %struct.kernfs_root** %12, align 8 %14 = getelementptr inbounds %struct.kernfs_root, %struct.kernfs_root* %13, i64 0, i32 5 %15 = load %struct.kernfs_syscall_ops*, %struct.kernfs_syscall_ops** %14, align 8 %16 = icmp eq %struct.kernfs_syscall_ops* %15, null br i1 %16, label %51, label %17 %18 = getelementptr inbounds %struct.kernfs_syscall_ops, %struct.kernfs_syscall_ops* %15, i64 0, i32 1 %19 = load i32 (%struct.kernfs_node*, i8*, i16)*, i32 (%struct.kernfs_node*, i8*, i16)** %18, align 8 %20 = icmp eq i32 (%struct.kernfs_node*, i8*, i16)* %19, null br i1 %20, label %51, label %21 %22 = icmp eq %struct.kernfs_node* %7, null br i1 %22, label %51, label %23, !prof !4, !misexpect !5 %24 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 1, i32 0 %25 = load volatile i32, i32* %24, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %27, label %51, !prof !6, !misexpect !5 %28 = phi i32 [ %35, %34 ], [ %25, %23 ] %29 = add nuw i32 %28, 1 %30 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %24, i32 %29, i32* %24, i32 %28) #6, !srcloc !7 %31 = extractvalue { i8, i32 } %30, 0 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %34, label %37, !prof !4, !misexpect !5 %38 = load i32 (%struct.kernfs_node*, i8*, i16)*, i32 (%struct.kernfs_node*, i8*, i16)** %18, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4, i32 1 %40 = load i8*, i8** %39, align 8 %41 = tail call i32 %38(%struct.kernfs_node* nonnull %7, i8* %40, i16 zeroext %3) #78 Function:cgroup_mkdir %4 = alloca %struct.iattr, align 8 %5 = tail call i8* @strchr(i8* %1, i32 10) #78 %6 = icmp eq i8* %5, null br i1 %6, label %7, label %317 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %0, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_type_write ------------- Path:  Function:cgroup_type_write %5 = tail call i8* @strim(i8* %1) #78 %6 = tail call i32 @strcmp(i8* %5, i8* dereferenceable(9) getelementptr inbounds ([9 x i8], [9 x i8]* @.str.65.10430, i64 0, i64 0)) #79 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %242 %9 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %10 = load %struct.kernfs_node*, %struct.kernfs_node** %9, align 8 %11 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %10, i1 zeroext true) #79 ------------- Use: =BAD PATH= Call Stack: 0 __cgroup_procs_write 1 cgroup_procs_write ------------- Path:  Function:cgroup_procs_write %5 = tail call fastcc i64 @__cgroup_procs_write(%struct.kernfs_open_file* %0, i8* %1, i1 zeroext true) #78 Function:__cgroup_procs_write %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %6 = bitcast i8** %5 to %struct.cgroup_file_ctx** %7 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %6, align 8 store i8 0, i8* %4, align 1 %8 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %9, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 __cgroup_procs_write 1 cgroup_threads_write ------------- Path:  Function:cgroup_threads_write %5 = tail call fastcc i64 @__cgroup_procs_write(%struct.kernfs_open_file* %0, i8* %1, i1 zeroext false) #78 Function:__cgroup_procs_write %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %6 = bitcast i8** %5 to %struct.cgroup_file_ctx** %7 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %6, align 8 store i8 0, i8* %4, align 1 %8 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %9, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_subtree_control_write ------------- Path:  Function:cgroup_subtree_control_write %5 = alloca i8*, align 8 %6 = tail call i8* @strim(i8* %1) #78 store i8* %6, i8** %5, align 8 br label %7 %8 = phi i16 [ %75, %73 ], [ 0, %4 ] %9 = phi i16 [ %76, %73 ], [ 0, %4 ] br label %10 %11 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.67.10424, i64 0, i64 0)) #78 %12 = icmp eq i8* %11, null br i1 %12, label %78, label %13 %79 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %80 = load %struct.kernfs_node*, %struct.kernfs_node** %79, align 8 %81 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %80, i1 zeroext true) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_max_descendants_write ------------- Path:  Function:cgroup_max_descendants_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 %8 = tail call i32 @strcmp(i8* %7, i8* dereferenceable(4) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.10420, i64 0, i64 0)) #79 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11 store i32 2147483647, i32* %5, align 4 br label %19 %20 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %21 = load %struct.kernfs_node*, %struct.kernfs_node** %20, align 8 %22 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %21, i1 zeroext false) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_max_depth_write ------------- Path:  Function:cgroup_max_depth_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 %8 = tail call i32 @strcmp(i8* %7, i8* dereferenceable(4) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.10420, i64 0, i64 0)) #79 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11 store i32 2147483647, i32* %5, align 4 br label %19 %20 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %21 = load %struct.kernfs_node*, %struct.kernfs_node** %20, align 8 %22 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %21, i1 zeroext false) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_freeze_write ------------- Path:  Function:cgroup_freeze_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 %8 = call i32 @kstrtoint(i8* %7, i32 0, i32* nonnull %5) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %13 = load i32, i32* %5, align 4 %14 = icmp ugt i32 %13, 1 br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %17 = load %struct.kernfs_node*, %struct.kernfs_node** %16, align 8 %18 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %17, i1 zeroext false) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kill_write ------------- Path:  Function:cgroup_kill_write %5 = alloca %struct.css_task_iter, align 8 %6 = alloca i32, align 4 %7 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %8 = tail call i8* @strim(i8* %1) #78 %9 = call i32 @kstrtoint(i8* %8, i32 0, i32* nonnull %6) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i32, i32* %6, align 4 %15 = icmp eq i32 %14, 1 br i1 %15, label %16, label %135 %17 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %18 = load %struct.kernfs_node*, %struct.kernfs_node** %17, align 8 %19 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %18, i1 zeroext false) #79 ------------- Good: 1 Bad: 11 Ignored: 8 Check Use of Function:strim Use: =BAD PATH= Call Stack: 0 cgroup_kill_write ------------- Path:  Function:cgroup_kill_write %5 = alloca %struct.css_task_iter, align 8 %6 = alloca i32, align 4 %7 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %8 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_freeze_write ------------- Path:  Function:cgroup_freeze_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_max_depth_write ------------- Path:  Function:cgroup_max_depth_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_max_descendants_write ------------- Path:  Function:cgroup_max_descendants_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_subtree_control_write ------------- Path:  Function:cgroup_subtree_control_write %5 = alloca i8*, align 8 %6 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_type_write ------------- Path:  Function:cgroup_type_write %5 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 freezer_write ------------- Path:  Function:freezer_write %5 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_resmask ------------- Path:  Function:cpuset_write_resmask %5 = alloca %struct.tmpmasks, align 8 %6 = tail call %struct.cgroup_subsys_state* @of_css(%struct.kernfs_open_file* %0) #78 %7 = bitcast %struct.cgroup_subsys_state* %6 to %struct.cpuset* %8 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_resmask ------------- Path:  Function:cpuset_write_resmask %5 = alloca %struct.tmpmasks, align 8 %6 = tail call %struct.cgroup_subsys_state* @of_css(%struct.kernfs_open_file* %0) #78 %7 = bitcast %struct.cgroup_subsys_state* %6 to %struct.cpuset* %8 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_resmask ------------- Path:  Function:cpuset_write_resmask %5 = alloca %struct.tmpmasks, align 8 %6 = tail call %struct.cgroup_subsys_state* @of_css(%struct.kernfs_open_file* %0) #78 %7 = bitcast %struct.cgroup_subsys_state* %6 to %struct.cpuset* %8 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_resmask ------------- Path:  Function:cpuset_write_resmask %5 = alloca %struct.tmpmasks, align 8 %6 = tail call %struct.cgroup_subsys_state* @of_css(%struct.kernfs_open_file* %0) #78 %7 = bitcast %struct.cgroup_subsys_state* %6 to %struct.cpuset* %8 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_partition_write ------------- Path:  Function:sched_partition_write %5 = tail call %struct.cgroup_subsys_state* @of_css(%struct.kernfs_open_file* %0) #78 %6 = bitcast %struct.cgroup_subsys_state* %5 to %struct.cpuset* %7 = tail call i8* @strim(i8* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_clock_write ------------- Path:  Function:tracing_clock_write %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.trace_array** %11 = load %struct.trace_array*, %struct.trace_array** %10, align 8 %12 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 63 br i1 %13, label %27, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #78 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %27 %18 = getelementptr [64 x i8], [64 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call i8* @strim(i8* nonnull %12) #78 ------------- Use: =BAD PATH= Call Stack: 0 trace_set_options 1 tracing_trace_options_write ------------- Path:  Function:tracing_trace_options_write %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.trace_array** %11 = load %struct.trace_array*, %struct.trace_array** %10, align 8 %12 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 63 br i1 %13, label %26, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #78 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %26 %18 = getelementptr [64 x i8], [64 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call i32 @trace_set_options(%struct.trace_array* %11, i8* nonnull %12) #79 Function:trace_set_options %3 = tail call i64 @strlen(i8* %1) #78 %4 = tail call i8* @strim(i8* %1) #79 ------------- Use: =BAD PATH= Call Stack: 0 clear_refs_write ------------- Path:  Function:clear_refs_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = alloca %struct.mmu_notifier_range, align 8 %8 = alloca %struct.kuid_t, align 4 %9 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %10 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %11 = icmp ult i64 %2, 12 %12 = select i1 %11, i64 %2, i64 12 %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %1, i64 %12) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %123 %16 = call i8* @strim(i8* nonnull %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 oom_score_adj_write ------------- Path:  Function:oom_score_adj_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %8 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %9 = icmp ult i64 %2, 12 %10 = select i1 %9, i64 %2, i64 12 %11 = call i64 @_copy_from_user(i8* nonnull %7, i8* %1, i64 %10) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %27 %14 = call i8* @strim(i8* nonnull %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 oom_adj_write ------------- Path:  Function:oom_adj_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %8 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %9 = icmp ult i64 %2, 12 %10 = select i1 %9, i64 %2, i64 12 %11 = call i64 @_copy_from_user(i8* nonnull %7, i8* %1, i64 %10) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %35 %14 = call i8* @strim(i8* nonnull %7) #78 ------------- Good: 15 Bad: 17 Ignored: 8 Check Use of Function:cgroup_kn_unlock Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup1_procs_write 2 cgroup1_procs_write ------------- Path:  Function:cgroup1_procs_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file* %0, i8* %1, i64 %2, i1 zeroext true) #78 Function:__cgroup1_procs_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %7, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup1_procs_write 2 cgroup1_tasks_write ------------- Path:  Function:cgroup1_tasks_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file* %0, i8* %1, i64 %2, i1 zeroext false) #78 Function:__cgroup1_procs_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %7, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_mkdir 2 kernfs_iop_mkdir ------------- Path:  Function:kernfs_iop_mkdir %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 47 %6 = bitcast i8** %5 to %struct.kernfs_node** %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 2 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = icmp eq %struct.kernfs_node* %9, null %11 = select i1 %10, %struct.kernfs_node* %7, %struct.kernfs_node* %9 %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 7, i32 0, i32 2 %13 = load %struct.kernfs_root*, %struct.kernfs_root** %12, align 8 %14 = getelementptr inbounds %struct.kernfs_root, %struct.kernfs_root* %13, i64 0, i32 5 %15 = load %struct.kernfs_syscall_ops*, %struct.kernfs_syscall_ops** %14, align 8 %16 = icmp eq %struct.kernfs_syscall_ops* %15, null br i1 %16, label %51, label %17 %18 = getelementptr inbounds %struct.kernfs_syscall_ops, %struct.kernfs_syscall_ops* %15, i64 0, i32 1 %19 = load i32 (%struct.kernfs_node*, i8*, i16)*, i32 (%struct.kernfs_node*, i8*, i16)** %18, align 8 %20 = icmp eq i32 (%struct.kernfs_node*, i8*, i16)* %19, null br i1 %20, label %51, label %21 %22 = icmp eq %struct.kernfs_node* %7, null br i1 %22, label %51, label %23, !prof !4, !misexpect !5 %24 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 1, i32 0 %25 = load volatile i32, i32* %24, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %27, label %51, !prof !6, !misexpect !5 %28 = phi i32 [ %35, %34 ], [ %25, %23 ] %29 = add nuw i32 %28, 1 %30 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %24, i32 %29, i32* %24, i32 %28) #6, !srcloc !7 %31 = extractvalue { i8, i32 } %30, 0 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %34, label %37, !prof !4, !misexpect !5 %38 = load i32 (%struct.kernfs_node*, i8*, i16)*, i32 (%struct.kernfs_node*, i8*, i16)** %18, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4, i32 1 %40 = load i8*, i8** %39, align 8 %41 = tail call i32 %38(%struct.kernfs_node* nonnull %7, i8* %40, i16 zeroext %3) #78 Function:cgroup_mkdir %4 = alloca %struct.iattr, align 8 %5 = tail call i8* @strchr(i8* %1, i32 10) #78 %6 = icmp eq i8* %5, null br i1 %6, label %7, label %317 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %0, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_type_write ------------- Path:  Function:cgroup_type_write %5 = tail call i8* @strim(i8* %1) #78 %6 = tail call i32 @strcmp(i8* %5, i8* dereferenceable(9) getelementptr inbounds ([9 x i8], [9 x i8]* @.str.65.10430, i64 0, i64 0)) #79 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %242 %9 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %10 = load %struct.kernfs_node*, %struct.kernfs_node** %9, align 8 %11 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %10, i1 zeroext true) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup_procs_write 2 cgroup_procs_write ------------- Path:  Function:cgroup_procs_write %5 = tail call fastcc i64 @__cgroup_procs_write(%struct.kernfs_open_file* %0, i8* %1, i1 zeroext true) #78 Function:__cgroup_procs_write %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %6 = bitcast i8** %5 to %struct.cgroup_file_ctx** %7 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %6, align 8 store i8 0, i8* %4, align 1 %8 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %9, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup_procs_write 2 cgroup_threads_write ------------- Path:  Function:cgroup_threads_write %5 = tail call fastcc i64 @__cgroup_procs_write(%struct.kernfs_open_file* %0, i8* %1, i1 zeroext false) #78 Function:__cgroup_procs_write %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %6 = bitcast i8** %5 to %struct.cgroup_file_ctx** %7 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %6, align 8 store i8 0, i8* %4, align 1 %8 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %9, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_subtree_control_write ------------- Path:  Function:cgroup_subtree_control_write %5 = alloca i8*, align 8 %6 = tail call i8* @strim(i8* %1) #78 store i8* %6, i8** %5, align 8 br label %7 %8 = phi i16 [ %75, %73 ], [ 0, %4 ] %9 = phi i16 [ %76, %73 ], [ 0, %4 ] br label %10 %11 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.67.10424, i64 0, i64 0)) #78 %12 = icmp eq i8* %11, null br i1 %12, label %78, label %13 %79 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %80 = load %struct.kernfs_node*, %struct.kernfs_node** %79, align 8 %81 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %80, i1 zeroext true) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_max_descendants_write ------------- Path:  Function:cgroup_max_descendants_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 %8 = tail call i32 @strcmp(i8* %7, i8* dereferenceable(4) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.10420, i64 0, i64 0)) #79 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11 store i32 2147483647, i32* %5, align 4 br label %19 %20 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %21 = load %struct.kernfs_node*, %struct.kernfs_node** %20, align 8 %22 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %21, i1 zeroext false) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_max_depth_write ------------- Path:  Function:cgroup_max_depth_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 %8 = tail call i32 @strcmp(i8* %7, i8* dereferenceable(4) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.10420, i64 0, i64 0)) #79 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11 store i32 2147483647, i32* %5, align 4 br label %19 %20 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %21 = load %struct.kernfs_node*, %struct.kernfs_node** %20, align 8 %22 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %21, i1 zeroext false) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_freeze_write ------------- Path:  Function:cgroup_freeze_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 %8 = call i32 @kstrtoint(i8* %7, i32 0, i32* nonnull %5) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %13 = load i32, i32* %5, align 4 %14 = icmp ugt i32 %13, 1 br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %17 = load %struct.kernfs_node*, %struct.kernfs_node** %16, align 8 %18 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %17, i1 zeroext false) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_kill_write ------------- Path:  Function:cgroup_kill_write %5 = alloca %struct.css_task_iter, align 8 %6 = alloca i32, align 4 %7 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %8 = tail call i8* @strim(i8* %1) #78 %9 = call i32 @kstrtoint(i8* %8, i32 0, i32* nonnull %6) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i32, i32* %6, align 4 %15 = icmp eq i32 %14, 1 br i1 %15, label %16, label %135 %17 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %18 = load %struct.kernfs_node*, %struct.kernfs_node** %17, align 8 %19 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %18, i1 zeroext false) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @mutex_lock(%struct.mutex* nonnull @cgroup_mutex) #78 br label %48 %49 = load i32, i32* %15, align 4 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53 tail call void @cgroup_kn_unlock(%struct.kernfs_node* %0) #79 ------------- Good: 12 Bad: 11 Ignored: 8 Check Use of Function:__SCT__tp_func_ext4_shutdown Check Use of Function:freeze_bdev Check Use of Function:dst_release Use: =BAD PATH= Call Stack: 0 rt6_remove_exception 1 fib6_nh_remove_exception 2 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %4 = icmp eq %struct.dst_entry.902548* %0, null br i1 %4, label %64, label %5 %6 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.902525** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %63, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1 %13 = bitcast %struct.dst_entry.902548* %12 to %struct.fib6_info.902564** %14 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %13, align 8 %15 = load i32, i32* %7, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq %struct.fib6_info.902564* %14, null br i1 %25, label %61, label %26 %27 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %13, align 8 %43 = icmp eq %struct.fib6_info.902564* %42, null %44 = and i32 %15, 16777216 %45 = icmp eq i32 %44, 0 %46 = or i1 %45, %43 br i1 %46, label %61, label %47 %48 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %42, i64 0, i32 20 %49 = load %struct.nexthop.902560*, %struct.nexthop.902560** %48, align 8 %50 = icmp eq %struct.nexthop.902560* %49, null br i1 %50, label %58, label %51 %59 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %42, i64 0, i32 21, i64 0 %60 = tail call fastcc i32 @fib6_nh_remove_exception(%struct.fib6_nh.902563* %59, %struct.rt6_info.902561* nonnull %3) #78 Function:fib6_nh_remove_exception %3 = alloca %struct.anon.273, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.902563, %struct.fib6_nh.902563* %0, i64 0, i32 2 %6 = load volatile %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %7 = icmp eq %struct.rt6_exception_bucket* %6, null br i1 %7, label %63, label %8 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #78 %9 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %10 = icmp eq %struct.rt6_exception_bucket* %9, null %11 = ptrtoint %struct.rt6_exception_bucket* %9 to i64 %12 = and i64 %11, -2 %13 = inttoptr i64 %12 to %struct.rt6_exception_bucket* %14 = select i1 %10, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %13 %15 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %1, i64 0, i32 3, i32 0 %16 = icmp ne %struct.rt6_exception_bucket* %14, null %17 = icmp ne %struct.in6_addr* %15, null %18 = and i1 %17, %16 br i1 %18, label %19, label %61 %20 = bitcast %struct.anon.273* %3 to i8* %21 = bitcast %struct.in6_addr* %15 to i8* %22 = getelementptr inbounds %struct.anon.273, %struct.anon.273* %3, i64 0, i32 1 %23 = bitcast %struct.in6_addr* %22 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_remove_exception, %24)) #6 to label %29 [label %24], !srcloc !4 %30 = call i64 @__siphash_unaligned(i8* nonnull %20, i64 32, %struct.siphash_key_t* nonnull @rt6_exception_hash.rt6_exception_key) #78 %31 = mul i64 %30, 7046029254386353131 %32 = lshr i64 %31, 54 %33 = getelementptr %struct.rt6_exception_bucket, %struct.rt6_exception_bucket* %14, i64 %32 %34 = bitcast %struct.rt6_exception_bucket* %33 to %struct.rt6_exception** %35 = load %struct.rt6_exception*, %struct.rt6_exception** %34, align 8 %36 = icmp eq %struct.rt6_exception* %35, null br i1 %36, label %61, label %37 %38 = bitcast %struct.in6_addr* %15 to i64* %39 = load i64, i64* %38, align 8 %40 = getelementptr %struct.rt6_info.902561, %struct.rt6_info.902561* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i64 2 %41 = bitcast i32* %40 to i64* %42 = load i64, i64* %41, align 8 br label %43 %44 = phi %struct.rt6_exception* [ %35, %37 ], [ %58, %56 ] %45 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %44, i64 0, i32 1 %46 = load %struct.rt6_info.902561*, %struct.rt6_info.902561** %45, align 8 %47 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %46, i64 0, i32 3, i32 0 %48 = bitcast %struct.in6_addr* %47 to i64* %49 = load i64, i64* %48, align 8 %50 = getelementptr %struct.rt6_info.902561, %struct.rt6_info.902561* %46, i64 0, i32 3, i32 0, i32 0, i32 0, i64 2 %51 = bitcast i32* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = icmp eq i64 %39, %49 %54 = icmp eq i64 %42, %52 %55 = and i1 %53, %54 br i1 %55, label %60, label %56 call fastcc void @rt6_remove_exception(%struct.rt6_exception_bucket* %33, %struct.rt6_exception* nonnull %44) #79 Function:rt6_remove_exception %3 = icmp ne %struct.rt6_exception_bucket* %0, null %4 = icmp ne %struct.rt6_exception* %1, null %5 = and i1 %3, %4 br i1 %5, label %6, label %56 %7 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 1 %8 = load %struct.rt6_info.902561*, %struct.rt6_info.902561** %7, align 8 %9 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %8, i64 0, i32 0, i32 0 %10 = load %struct.net_device.902651*, %struct.net_device.902651** %9, align 8 %11 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %10, i64 0, i32 109, i32 0 %12 = load %struct.net.902772*, %struct.net.902772** %11, align 8 %13 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %12, i64 0, i32 35, i32 8 %14 = load %struct.rt6_statistics*, %struct.rt6_statistics** %13, align 8 %15 = getelementptr inbounds %struct.rt6_statistics, %struct.rt6_statistics* %14, i64 0, i32 3 %16 = load i32, i32* %15, align 4 %17 = add i32 %16, -1 store i32 %17, i32* %15, align 4 %18 = load %struct.rt6_info.902561*, %struct.rt6_info.902561** %7, align 8 %19 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %18, i64 0, i32 1 %20 = tail call %struct.fib6_info.902564* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.fib6_info.902564** %19, %struct.fib6_info.902564* null, %struct.fib6_info.902564** %19) #6, !srcloc !4 %21 = icmp eq %struct.fib6_info.902564* %20, null br i1 %21, label %34, label %22 %35 = load %struct.rt6_info.902561*, %struct.rt6_info.902561** %7, align 8 %36 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %35, i64 0, i32 0 tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.902548*)*)(%struct.dst_entry.902548* %36) #78 %37 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 0, i32 0 %38 = load %struct.hlist_node*, %struct.hlist_node** %37, align 8 %39 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 0, i32 1 %40 = load %struct.hlist_node**, %struct.hlist_node*** %39, align 8 store volatile %struct.hlist_node* %38, %struct.hlist_node** %40, align 8 %41 = icmp eq %struct.hlist_node* %38, null br i1 %41, label %44, label %42 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %39, align 8 %45 = load %struct.rt6_info.902561*, %struct.rt6_info.902561** %7, align 8 %46 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %45, i64 0, i32 0 tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.902548*)*)(%struct.dst_entry.902548* %46) #78 ------------- Use: =BAD PATH= Call Stack: 0 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %4 = icmp eq %struct.dst_entry.902548* %0, null br i1 %4, label %64, label %5 %6 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.902525** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %63, label %11 tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.902548*)*)(%struct.dst_entry.902548* nonnull %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __udp_disconnect ------------- Path:  Function:__udp_disconnect %3 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 0, i32 4 store volatile i8 7, i8* %3, align 2 %4 = bitcast %struct.sock.857324* %0 to i32* store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 0, i32 2 %6 = bitcast %struct.kuid_t* %5 to i16* store i16 0, i16* %6, align 4 %7 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 0, i32 21, i32 0 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 0, i32 6 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 45 %10 = load i8, i8* %9, align 8 %11 = and i8 %10, 64 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %46 %14 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 1, i32 0, i32 1, i32 0 store i32 0, i32* %14, align 8 %15 = bitcast %struct.sock.857324* %0 to %struct.util_est* %16 = getelementptr inbounds %struct.util_est, %struct.util_est* %15, i64 0, i32 1 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 0, i32 3 %18 = load i16, i16* %17, align 8 %19 = icmp eq i16 %18, 10 br i1 %19, label %20, label %34 %35 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 0, i32 8 %36 = load %struct.proto.857304*, %struct.proto.857304** %35, align 8 %37 = getelementptr inbounds %struct.proto.857304, %struct.proto.857304* %36, i64 0, i32 23 %38 = load void (%struct.sock.857324*)*, void (%struct.sock.857324*)** %37, align 8 %39 = icmp eq void (%struct.sock.857324*)* %38, null br i1 %39, label %44, label %40 %41 = load i8, i8* %9, align 8 %42 = icmp sgt i8 %41, -1 br i1 %42, label %52, label %43 tail call void %38(%struct.sock.857324* %0) #78 br label %44 %45 = load i8, i8* %9, align 8 br label %46 %47 = phi i8 [ %45, %44 ], [ %10, %2 ] %48 = icmp sgt i8 %47, -1 br i1 %48, label %49, label %58 %59 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 0, i32 16 store i16 -1, i16* %59, align 8 %60 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 29 store i32 0, i32* %60, align 8 %61 = getelementptr inbounds %struct.sock.857324, %struct.sock.857324* %0, i64 0, i32 18 %62 = tail call %struct.dst_entry.856970* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.dst_entry.856970** %61, %struct.dst_entry.856970* null, %struct.dst_entry.856970** %61) #6, !srcloc !4 tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.856970*)*)(%struct.dst_entry.856970* %62) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %3 = icmp eq %struct.dst_entry.836531* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %2, i64 0, i32 2 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 262144 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %18 %15 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 0, i32 3 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* nonnull %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 fib6_rule_lookup 1 ip6_route_output_flags_noref 2 ip6_route_output_flags 3 icmp6_send 4 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %10 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 br label %25 %26 = phi %struct.rt6_info.836572* [ %10, %9 ], [ %14, %13 ], [ %18, %17 ], [ %22, %21 ], [ %24, %23 ] %27 = getelementptr inbounds %struct.rt6_info.836572, %struct.rt6_info.836572* %26, i64 0, i32 0, i32 16 %28 = load i16, i16* %27, align 8 %29 = icmp eq i16 %28, -11 br i1 %29, label %30, label %60 %31 = trunc i32 %3 to i8 %32 = icmp sgt i8 %31, -1 br i1 %32, label %41, label %33 %42 = getelementptr inbounds %struct.rt6_info.836572, %struct.rt6_info.836572* %26, i64 0, i32 0 tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %3 = icmp eq %struct.dst_entry.836531* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* nonnull %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #78 %13 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.836557* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.836557* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.836557* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.836557* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.836557** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.836557* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.836557** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.836556*, %struct.rtable.836556** %35, align 8 %37 = icmp eq %struct.rtable.836556* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.836556* null, %struct.rtable.836556** %35, align 8 %39 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #78 %13 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.836557* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.836557* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.836557* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.836557* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.836557** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.836557* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.836557** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.836556*, %struct.rtable.836556** %35, align 8 %37 = icmp eq %struct.rtable.836556* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.836556* null, %struct.rtable.836556** %35, align 8 %39 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #78 %13 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.836557* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.836557* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.836557* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.836557* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.836557** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.836557* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.836557** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.836556*, %struct.rtable.836556** %35, align 8 %37 = icmp eq %struct.rtable.836556* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.836556* null, %struct.rtable.836556** %35, align 8 %39 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #78 %13 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.836557* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.836557* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.836557* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.836557* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.836557** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.836557* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.836557** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.836556*, %struct.rtable.836556** %35, align 8 %37 = icmp eq %struct.rtable.836556* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.836556* null, %struct.rtable.836556** %35, align 8 %39 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 br label %40 %41 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 8 %42 = load volatile %struct.rtable.836556*, %struct.rtable.836556** %41, align 8 %43 = icmp eq %struct.rtable.836556* %42, null br i1 %43, label %46, label %44 store volatile %struct.rtable.836556* null, %struct.rtable.836556** %41, align 8 %45 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %42, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %45) #78 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %45) #78 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #78 %13 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.836557* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.836557* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.836557* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.836557* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.836557** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.836557* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.836557** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.836556*, %struct.rtable.836556** %35, align 8 %37 = icmp eq %struct.rtable.836556* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.836556* null, %struct.rtable.836556** %35, align 8 %39 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 br label %40 %41 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 8 %42 = load volatile %struct.rtable.836556*, %struct.rtable.836556** %41, align 8 %43 = icmp eq %struct.rtable.836556* %42, null br i1 %43, label %46, label %44 store volatile %struct.rtable.836556* null, %struct.rtable.836556** %41, align 8 %45 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %42, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %45) #78 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %45) #78 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #78 %13 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.836557* %16, null br i1 %17, label %53, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %48 %49 = phi %struct.fib_nh_exception.836557* [ %51, %22 ], [ %16, %18 ] %50 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 %51 = load %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %50, align 8 %52 = icmp eq %struct.fib_nh_exception.836557* %51, null br i1 %52, label %53, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %51, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %48 %27 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %49, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.836557* [ %16, %18 ], [ %51, %26 ] %30 = phi %struct.fib_nh_exception.836557** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.836557* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.836557** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 7 %36 = load volatile %struct.rtable.836556*, %struct.rtable.836556** %35, align 8 %37 = icmp eq %struct.rtable.836556* %36, null br i1 %37, label %40, label %38 store volatile %struct.rtable.836556* null, %struct.rtable.836556** %35, align 8 %39 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %36, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %39) #78 br label %40 %41 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %29, i64 0, i32 8 %42 = load volatile %struct.rtable.836556*, %struct.rtable.836556** %41, align 8 %43 = icmp eq %struct.rtable.836556* %42, null br i1 %43, label %46, label %44 store volatile %struct.rtable.836556* null, %struct.rtable.836556** %41, align 8 %45 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %42, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.763984*)* @dst_dev_put to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %45) #78 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.836531*)*)(%struct.dst_entry.836531* %45) #78 ------------- Use: =BAD PATH= Call Stack: 0 dst_cache_per_cpu_get 1 dst_cache_get_ip4 2 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %481, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.868117*, i32)*)(%struct.sk_buff.868117* %0, i32 %33) #78 %35 = icmp eq i8* %34, null br i1 %35, label %481, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %481 [ i16 8, label %40 i16 -8826, label %53 ] %54 = load i8*, i8** %11, align 8 %55 = load i16, i16* %13, align 4 %56 = zext i16 %55 to i64 %57 = getelementptr i8, i8* %54, i64 %56 %58 = bitcast i8* %57 to %struct.ipv6hdr* %59 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2361 %60 = load i8, i8* %59, align 1 %61 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2366 %62 = bitcast i8* %61 to i16* %63 = load i16, i16* %62, align 2 %64 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2372 %65 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2376 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %69 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2388 %70 = bitcast i8* %69 to i32* %71 = load i32, i32* %70, align 4 %72 = icmp eq i8 %60, 1 br i1 %72, label %73, label %79 %74 = bitcast i8* %57 to i16* %75 = load i16, i16* %74, align 2 %77 = lshr i16 %76, 4 %78 = trunc i16 %77 to i8 br label %79 %80 = phi i8 [ %78, %73 ], [ %60, %53 ] %81 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 15 %82 = load i32, i32* %81, align 4 %83 = and i32 %82, 8 %84 = icmp eq i32 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 4, i32 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = and i64 %87, -2 %89 = inttoptr i64 %88 to %struct.dst_entry.867883* %90 = icmp eq i64 %88, 0 br i1 %90, label %477, label %91 %92 = getelementptr inbounds i8, i8* %57, i64 24 %93 = getelementptr inbounds %struct.dst_entry.867883, %struct.dst_entry.867883* %89, i64 0, i32 1 %94 = load %struct.dst_ops.867865*, %struct.dst_ops.867865** %93, align 8 %95 = getelementptr inbounds %struct.dst_ops.867865, %struct.dst_ops.867865* %94, i64 0, i32 14 %96 = load %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)*, %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)** %95, align 8 %97 = tail call %struct.neighbour.867864* %96(%struct.dst_entry.867883* nonnull %89, %struct.sk_buff.868117* null, i8* %92) #78 %98 = icmp ugt %struct.neighbour.867864* %97, inttoptr (i64 -4096 to %struct.neighbour.867864*) %99 = icmp eq %struct.neighbour.867864* %97, null %100 = or i1 %98, %99 br i1 %100, label %477, label %101 %102 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %97, i64 0, i32 26 %103 = bitcast [0 x i8]* %102 to %struct.in6_addr* %104 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %103) #78 %105 = and i32 %104, 1 %106 = icmp eq i32 %105, 0 br i1 %106, label %116, label %107 %108 = getelementptr %struct.in6_addr, %struct.in6_addr* %103, i64 0, i32 0, i32 0, i64 2 %109 = load i32, i32* %108, align 4 %110 = and i32 %109, -3 %111 = icmp eq i32 %110, -27394048 br i1 %111, label %112, label %116 %113 = bitcast [0 x i8]* %102 to [4 x i32]* %114 = getelementptr [4 x i32], [4 x i32]* %113, i64 0, i64 3 %115 = load i32, i32* %114, align 4 br label %116 %117 = phi i32 [ %115, %112 ], [ %67, %101 ], [ %67, %107 ] %118 = phi i1 [ false, %112 ], [ true, %101 ], [ true, %107 ] %119 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %97, i64 0, i32 6 %120 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %119, i64 0, i32 0, i32 0 %121 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32 -1, i32* %120) #6, !srcloc !8 %122 = icmp eq i32 %121, 1 br i1 %122, label %128, label %123 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.867864*)*)(%struct.neighbour.867864* nonnull %97) #78 br label %129 br i1 %118, label %477, label %130 %131 = phi i32 [ %67, %79 ], [ %117, %129 ] %132 = icmp eq i32 %131, 0 br i1 %132, label %133, label %195 %134 = getelementptr inbounds i8, i8* %57, i64 24 %135 = bitcast i8* %134 to i16* %136 = load i16, i16* %135, align 4 %137 = icmp eq i16 %136, 544 br i1 %137, label %138, label %143 %139 = getelementptr i8, i8* %134, i64 2 %140 = bitcast i8* %139 to i32* %141 = load i32, i32* %140, align 2 %142 = icmp eq i32 %141, 0 br i1 %142, label %143, label %195 %144 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 4, i32 0, i32 0 %145 = load i64, i64* %144, align 8 %146 = and i64 %145, -2 %147 = inttoptr i64 %146 to %struct.dst_entry.867883* %148 = icmp eq i64 %146, 0 br i1 %148, label %477, label %149 %150 = getelementptr inbounds %struct.dst_entry.867883, %struct.dst_entry.867883* %147, i64 0, i32 1 %151 = load %struct.dst_ops.867865*, %struct.dst_ops.867865** %150, align 8 %152 = getelementptr inbounds %struct.dst_ops.867865, %struct.dst_ops.867865* %151, i64 0, i32 14 %153 = load %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)*, %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)** %152, align 8 %154 = tail call %struct.neighbour.867864* %153(%struct.dst_entry.867883* nonnull %147, %struct.sk_buff.868117* null, i8* %134) #78 %155 = icmp ugt %struct.neighbour.867864* %154, inttoptr (i64 -4096 to %struct.neighbour.867864*) %156 = icmp eq %struct.neighbour.867864* %154, null %157 = or i1 %155, %156 br i1 %157, label %477, label %158 %159 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %154, i64 0, i32 26 %160 = bitcast [0 x i8]* %159 to %struct.in6_addr* %161 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %160) #78 %162 = and i32 %161, 65535 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %173 %165 = load i8*, i8** %11, align 8 %166 = load i16, i16* %13, align 4 %167 = zext i16 %166 to i64 %168 = getelementptr i8, i8* %165, i64 %167 %169 = getelementptr inbounds i8, i8* %168, i64 24 %170 = bitcast i8* %169 to %struct.in6_addr* %171 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %170) #78 %172 = and i32 %171, 65535 br label %173 %174 = phi %struct.in6_addr* [ %170, %164 ], [ %160, %158 ] %175 = phi i32 [ %172, %164 ], [ %162, %158 ] %176 = trunc i32 %175 to i8 %177 = icmp sgt i8 %176, -1 br i1 %177, label %181, label %178 %179 = getelementptr %struct.in6_addr, %struct.in6_addr* %174, i64 0, i32 0, i32 0, i64 3 %180 = load i32, i32* %179, align 4 br label %181 %182 = phi i32 [ %180, %178 ], [ 0, %173 ] %183 = phi i1 [ false, %178 ], [ true, %173 ] %184 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %154, i64 0, i32 6 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !8 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.867864*)*)(%struct.neighbour.867864* nonnull %154) #78 br label %194 br i1 %183, label %477, label %195 %196 = phi i32 [ %141, %138 ], [ %182, %194 ], [ %131, %130 ] %197 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2344 %198 = bitcast i8* %197 to i32* %199 = load i32, i32* %198, align 8 %200 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2424 %201 = bitcast i8* %200 to i32* %202 = load i32, i32* %201, align 8 %203 = and i8 %80, 30 %204 = bitcast i8* %64 to i32* %205 = load i32, i32* %204, align 4 %206 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2272 %207 = bitcast i8* %206 to %struct.net.867996** %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %199, i32* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %202, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %203, i8* %211, align 4 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %212, align 1 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 %215 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %196, i32* %215, align 4 %216 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %205, i32* %216, align 8 %217 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %218 = bitcast %struct.kuid_t* %217 to %struct.raw_hdlc_proto* %219 = bitcast %struct.kuid_t* %217 to i16* store i16 0, i16* %219, align 8 %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %218, i64 0, i32 1 store i16 0, i16* %220, align 2 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 10 store i32 0, i32* %221, align 8 %222 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2312 %223 = bitcast i8* %222 to %struct.dst_cache* %224 = call %struct.rtable.867947* bitcast (%struct.rtable.778344* (%struct.dst_cache*, i32*)* @dst_cache_get_ip4 to %struct.rtable.867947* (%struct.dst_cache*, i32*)*)(%struct.dst_cache* %223, i32* %216) #78 Function:dst_cache_get_ip4 %3 = getelementptr inbounds %struct.dst_cache, %struct.dst_cache* %0, i64 0, i32 0 %4 = load %struct.dst_cache_pcpu*, %struct.dst_cache_pcpu** %3, align 8 %5 = icmp eq %struct.dst_cache_pcpu* %4, null br i1 %5, label %15, label %6 %7 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.dst_cache_pcpu* nonnull %4) #6, !srcloc !4 %8 = inttoptr i64 %7 to %struct.dst_cache_pcpu* %9 = tail call fastcc %struct.dst_entry.778843* @dst_cache_per_cpu_get(%struct.dst_cache* %0, %struct.dst_cache_pcpu* %8) #78 Function:dst_cache_per_cpu_get %3 = getelementptr inbounds %struct.dst_cache_pcpu, %struct.dst_cache_pcpu* %1, i64 0, i32 1 %4 = load %struct.dst_entry.778843*, %struct.dst_entry.778843** %3, align 8 %5 = icmp eq %struct.dst_entry.778843* %4, null br i1 %5, label %44, label %6 %7 = getelementptr inbounds %struct.dst_entry.778843, %struct.dst_entry.778843* %4, i64 0, i32 11, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 0 br i1 %9, label %20, label %10, !prof !4, !misexpect !5 %11 = phi i32 [ %18, %17 ], [ %8, %6 ] %12 = add i32 %11, 1 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 %12, i32* %7, i32 %11) #6, !srcloc !6 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %17, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.dst_cache, %struct.dst_cache* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.dst_cache_pcpu, %struct.dst_cache_pcpu* %1, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = sub i64 %23, %25 %27 = icmp slt i64 %26, 0 br i1 %27, label %28, label %41, !prof !8 %29 = getelementptr inbounds %struct.dst_entry.778843, %struct.dst_entry.778843* %4, i64 0, i32 8 %30 = load i16, i16* %29, align 2 %31 = icmp eq i16 %30, 0 br i1 %31, label %47, label %32 %33 = getelementptr inbounds %struct.dst_entry.778843, %struct.dst_entry.778843* %4, i64 0, i32 1 %34 = load %struct.dst_ops.778331*, %struct.dst_ops.778331** %33, align 8 %35 = getelementptr inbounds %struct.dst_ops.778331, %struct.dst_ops.778331* %34, i64 0, i32 3 %36 = load %struct.dst_entry.778843* (%struct.dst_entry.778843*, i32)*, %struct.dst_entry.778843* (%struct.dst_entry.778843*, i32)** %35, align 16 %37 = getelementptr inbounds %struct.dst_cache_pcpu, %struct.dst_cache_pcpu* %1, i64 0, i32 2 %38 = load i32, i32* %37, align 8 %39 = tail call %struct.dst_entry.778843* %36(%struct.dst_entry.778843* nonnull %4, i32 %38) #78 %40 = icmp eq %struct.dst_entry.778843* %39, null br i1 %40, label %41, label %47, !prof !4, !misexpect !5 %42 = load %struct.dst_entry.778843*, %struct.dst_entry.778843** %3, align 8 tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.778843*)*)(%struct.dst_entry.778843* %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 unix_release_sock 5 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 %123 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %124 = icmp eq %struct.sk_buff* %123, null br i1 %124, label %125, label %113 %126 = getelementptr inbounds %struct.path, %struct.path* %3, i64 0, i32 1 %127 = load %struct.dentry*, %struct.dentry** %126, align 8 %128 = icmp eq %struct.dentry* %127, null br i1 %128, label %130, label %129 %131 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %132 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %131, i64 0, i32 0, i32 0 %133 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %132, i32 -1, i32* %132) #6, !srcloc !7 %134 = icmp eq i32 %133, 1 br i1 %134, label %140, label %135 %136 = add i32 %133, -1 %137 = or i32 %136, %133 %138 = icmp sgt i32 %137, -1 br i1 %138, label %141, label %139, !prof !13, !misexpect !5 %142 = load i32, i32* @unix_tot_inflight, align 4 %143 = icmp eq i32 %142, 0 br i1 %143, label %145, label %144 call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 unix_release_sock 5 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 %123 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %124 = icmp eq %struct.sk_buff* %123, null br i1 %124, label %125, label %113 %126 = getelementptr inbounds %struct.path, %struct.path* %3, i64 0, i32 1 %127 = load %struct.dentry*, %struct.dentry** %126, align 8 %128 = icmp eq %struct.dentry* %127, null br i1 %128, label %130, label %129 %131 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %132 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %131, i64 0, i32 0, i32 0 %133 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %132, i32 -1, i32* %132) #6, !srcloc !7 %134 = icmp eq i32 %133, 1 br i1 %134, label %140, label %135 %136 = add i32 %133, -1 %137 = or i32 %136, %133 %138 = icmp sgt i32 %137, -1 br i1 %138, label %141, label %139, !prof !13, !misexpect !5 %142 = load i32, i32* @unix_tot_inflight, align 4 %143 = icmp eq i32 %142, 0 br i1 %143, label %145, label %144 call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 unix_release_sock 5 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 %123 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %124 = icmp eq %struct.sk_buff* %123, null br i1 %124, label %125, label %113 %126 = getelementptr inbounds %struct.path, %struct.path* %3, i64 0, i32 1 %127 = load %struct.dentry*, %struct.dentry** %126, align 8 %128 = icmp eq %struct.dentry* %127, null br i1 %128, label %130, label %129 %131 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %132 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %131, i64 0, i32 0, i32 0 %133 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %132, i32 -1, i32* %132) #6, !srcloc !7 %134 = icmp eq i32 %133, 1 br i1 %134, label %140, label %135 %136 = add i32 %133, -1 %137 = or i32 %136, %133 %138 = icmp sgt i32 %137, -1 br i1 %138, label %141, label %139, !prof !13, !misexpect !5 %142 = load i32, i32* @unix_tot_inflight, align 4 %143 = icmp eq i32 %142, 0 br i1 %143, label %145, label %144 call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 wait_for_unix_gc 5 unix_dgram_sendmsg ------------- Path:  Function:unix_dgram_sendmsg %4 = alloca i32, align 4 %5 = alloca %struct.scm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %9 = load %struct.net*, %struct.net** %8, align 8 %10 = bitcast %struct.msghdr* %1 to %struct.sockaddr_un** %11 = load %struct.sockaddr_un*, %struct.sockaddr_un** %10, align 8 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast %struct.scm_cookie* %5 to i8* tail call void @wait_for_unix_gc() #78 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load volatile i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %8 %5 = load volatile i8, i8* @gc_in_progress, align 1, !range !4 %6 = icmp eq i8 %5, 0 br i1 %6, label %7, label %8 tail call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 wait_for_unix_gc 5 unix_dgram_sendmsg 6 unix_seqpacket_sendmsg ------------- Path:  Function:unix_seqpacket_sendmsg %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 53 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %13, label %9, !prof !4, !misexpect !5 %14 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 %16 = icmp eq i8 %15, 1 br i1 %16, label %17, label %24 %18 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %22, label %21 %23 = tail call i32 @unix_dgram_sendmsg(%struct.socket* %0, %struct.msghdr* %1, i64 %2) #78 Function:unix_dgram_sendmsg %4 = alloca i32, align 4 %5 = alloca %struct.scm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %9 = load %struct.net*, %struct.net** %8, align 8 %10 = bitcast %struct.msghdr* %1 to %struct.sockaddr_un** %11 = load %struct.sockaddr_un*, %struct.sockaddr_un** %10, align 8 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast %struct.scm_cookie* %5 to i8* tail call void @wait_for_unix_gc() #78 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load volatile i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %8 %5 = load volatile i8, i8* @gc_in_progress, align 1, !range !4 %6 = icmp eq i8 %5, 0 br i1 %6, label %7, label %8 tail call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 wait_for_unix_gc 5 unix_stream_sendmsg ------------- Path:  Function:unix_stream_sendmsg %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca %struct.scm_cookie, align 8 %7 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %8 = load %struct.sock*, %struct.sock** %7, align 8 %9 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %10 = bitcast %struct.scm_cookie* %6 to i8* tail call void @wait_for_unix_gc() #78 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load volatile i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %8 %5 = load volatile i8, i8* @gc_in_progress, align 1, !range !4 %6 = icmp eq i8 %5, 0 br i1 %6, label %7, label %8 tail call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 __pskb_pull_tail 4 packet_parse_headers 5 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 %131 = icmp eq i8* %130, null br i1 %131, label %146, label %132 tail call void @kfree_skb_reason(%struct.sk_buff.756266* %118, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 __pskb_pull_tail 4 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 %131 = icmp eq i8* %130, null br i1 %131, label %146, label %132 tail call void @kfree_skb_reason(%struct.sk_buff.756266* %118, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 cn_rx_skb ------------- Path:  Function:cn_rx_skb %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %3 = load i32, i32* %2, align 8 %4 = icmp ugt i32 %3, 15 br i1 %4, label %5, label %87 %6 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.nlmsghdr** %8 = load %struct.nlmsghdr*, %struct.nlmsghdr** %7, align 8 %9 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 4 %11 = add i32 %10, -16 %12 = icmp slt i32 %11, 20 br i1 %12, label %87, label %13 %14 = icmp ult i32 %3, %10 %15 = icmp sgt i32 %11, 16384 %16 = or i1 %14, %15 br i1 %16, label %87, label %17 %18 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22, !prof !5, !misexpect !6 %23 = add i32 %20, 1 %24 = or i32 %23, %20 %25 = icmp sgt i32 %24, -1 br i1 %25, label %28, label %26, !prof !7, !misexpect !6 %27 = phi i32 [ 2, %17 ], [ 1, %22 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 %27) #78 br label %28 %29 = load %struct.nlmsghdr*, %struct.nlmsghdr** %7, align 8 %30 = getelementptr %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 1 %31 = bitcast %struct.nlmsghdr* %30 to %struct.cn_msg* %32 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 3 %33 = bitcast [48 x i8]* %32 to %struct.netlink_skb_parms* %34 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 0, i32 0 %35 = load i32, i32* %34, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 2 %38 = bitcast %struct.nlmsghdr* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = zext i16 %39 to i64 %41 = add nuw nsw i64 %40, 36 %42 = icmp ugt i64 %41, %36 br i1 %42, label %86, label %43 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 __neigh_event_send 4 __ip_do_redirect 5 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.836545*, %struct.sk_buff.836958*)*)(%struct.neighbour.836545* %181, %struct.sk_buff.836958* null) #78 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #78 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %269 = and i32 %6, 4 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %249 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %3) #78 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 __neigh_update 4 neigh_update 5 ndisc_update 6 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.903079, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.903079* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %58 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.902571*, %struct.inet6_dev.902571** %58, align 16 %60 = icmp eq %struct.inet6_dev.902571* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.905443*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.902651*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.902651* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #78 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %79 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %102 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.902525** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %109 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.902548*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %122 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121) #78 %123 = icmp eq %struct.neighbour.902458* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121, i1 zeroext true) #78 %126 = icmp ugt %struct.neighbour.902458* %125, inttoptr (i64 -4096 to %struct.neighbour.902458*) %127 = icmp eq %struct.neighbour.902458* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.902458* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.905443*, %struct.neighbour.904925*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.902651*, %struct.neighbour.902458*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.902651* %131, %struct.neighbour.902458* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #78 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.904925*, i8*, i8, i32, i32)*)(%struct.neighbour.904925* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #78 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #78 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 %35 = icmp sgt i32 %3, -1 %36 = xor i1 %35, true %37 = icmp ult i8 %26, 64 %38 = or i1 %37, %36 br i1 %38, label %39, label %398 br i1 %35, label %53, label %40 %54 = phi i32 [ 0, %39 ], [ 0, %40 ], [ 1, %48 ] %55 = phi i1 [ false, %39 ], [ false, %40 ], [ true, %48 ] %56 = and i32 %3, 268435456 %57 = icmp eq i32 %56, 0 br i1 %57, label %60, label %58 %61 = zext i8 %2 to i32 %62 = and i32 %61, 222 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %102 %103 = getelementptr inbounds %struct.net_device, %struct.net_device* %24, i64 0, i32 51 %104 = load i8, i8* %103, align 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %108 %109 = icmp eq i8* %1, null %110 = and i8 %26, -34 %111 = icmp eq i8 %110, 0 br i1 %109, label %119, label %112 br i1 %111, label %126, label %113 %114 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %115 = zext i8 %104 to i64 %116 = tail call i32 @bcmp(i8* nonnull %1, i8* %114, i64 %115) %117 = icmp eq i32 %116, 0 %118 = select i1 %117, i8* %114, i8* %1 br label %126 %127 = phi i8* [ %1, %112 ], [ %125, %124 ], [ %107, %106 ], [ %118, %113 ] %128 = and i32 %61, 194 %129 = icmp eq i32 %128, 0 br i1 %129, label %133, label %130 %134 = and i32 %3, 4 %135 = zext i8 %26 to i32 %136 = and i32 %135, 222 %137 = icmp eq i32 %136, 0 br i1 %137, label %156, label %138 %139 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %140 = icmp ne i8* %127, %139 %141 = and i32 %3, 1 %142 = icmp eq i32 %141, 0 %143 = and i1 %142, %140 br i1 %143, label %144, label %150 %151 = icmp eq i8* %127, %139 %152 = icmp eq i8 %2, 4 %153 = and i1 %152, %151 %154 = and i1 %35, %153 %155 = select i1 %154, i8 %26, i8 %2 br label %156 %157 = phi i8 [ %2, %133 ], [ 4, %144 ], [ %155, %150 ] %158 = phi i8* [ %127, %133 ], [ %139, %144 ], [ %127, %150 ] %159 = phi i32 [ %134, %133 ], [ 0, %144 ], [ %134, %150 ] %160 = zext i8 %157 to i32 %161 = icmp eq i8 %157, %26 %162 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %163 = icmp eq i8* %158, %162 %164 = and i1 %161, %163 br i1 %164, label %168, label %165 br i1 %161, label %227, label %169 %228 = phi i32 [ %54, %168 ], [ 1, %226 ] br i1 %163, label %274, label %229 %230 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %230) #78 %231 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 0, i32 0, i32 0 %232 = load i32, i32* %231, align 4 %233 = add i32 %232, 1 store i32 %233, i32* %231, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %234 = load i8, i8* %103, align 1 %235 = zext i8 %234 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %236 = load i32, i32* %231, align 4 %237 = add i32 %236, 1 store i32 %237, i32* %231, align 4 %238 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %239 = bitcast %struct.spinlock* %238 to i8* store volatile i8 0, i8* %239, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %240 = load %struct.net_device*, %struct.net_device** %23, align 8 %241 = getelementptr inbounds %struct.net_device, %struct.net_device* %240, i64 0, i32 44 %242 = load %struct.header_ops*, %struct.header_ops** %241, align 16 %243 = icmp eq %struct.header_ops* %242, null br i1 %243, label %261, label %244 %262 = and i32 %160, 194 %263 = icmp eq i32 %262, 0 br i1 %263, label %264, label %274 %265 = load volatile i64, i64* @jiffies, align 64 %266 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %267 = load %struct.neigh_parms*, %struct.neigh_parms** %266, align 8 %268 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %267, i64 0, i32 10, i64 5 %269 = load i32, i32* %268, align 4 %270 = shl i32 %269, 1 %271 = sext i32 %270 to i64 %272 = sub i64 %265, %271 %273 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 3 store i64 %272, i64* %273, align 8 br label %274 %275 = phi i32 [ %228, %227 ], [ 1, %261 ], [ 1, %264 ] br i1 %161, label %385, label %276 %277 = and i32 %160, 194 %278 = icmp eq i32 %277, 0 %279 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 22 %280 = load %struct.neigh_ops*, %struct.neigh_ops** %279, align 8 %281 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %280, i64 0, i32 3 %282 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %280, i64 0, i32 4 %283 = select i1 %278, i32 (%struct.neighbour*, %struct.sk_buff*)** %281, i32 (%struct.neighbour*, %struct.sk_buff*)** %282 %284 = bitcast i32 (%struct.neighbour*, %struct.sk_buff*)** %283 to i64* %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 21 %287 = bitcast i32 (%struct.neighbour*, %struct.sk_buff*)** %286 to i64* store i64 %285, i64* %287, align 8 br i1 %137, label %288, label %385 %289 = load i8, i8* %25, align 1 %290 = and i8 %289, -34 %291 = icmp eq i8 %290, 0 br i1 %291, label %358, label %292 %293 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %294 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %293, i64 0, i32 0 %295 = bitcast %struct.sk_buff_head* %293 to %struct.sk_buff* %296 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %297 %298 = load %struct.sk_buff*, %struct.sk_buff** %294, align 8 %299 = icmp eq %struct.sk_buff* %298, %295 %300 = icmp eq %struct.sk_buff* %298, null %301 = or i1 %299, %300 br i1 %301, label %358, label %302 %303 = load i32, i32* %296, align 8 %304 = add i32 %303, -1 store volatile i32 %304, i32* %296, align 8 %305 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 0, i32 0, i32 0 %306 = load %struct.sk_buff*, %struct.sk_buff** %305, align 8 %307 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 0, i32 0, i32 1 %308 = load %struct.sk_buff*, %struct.sk_buff** %307, align 8 %309 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %306, i64 0, i32 0, i32 0, i32 1 %310 = bitcast %struct.sk_buff* %298 to i8* store volatile %struct.sk_buff* %308, %struct.sk_buff** %309, align 8 %311 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %308, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %306, %struct.sk_buff** %311, align 8 %312 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 4, i32 0, i32 0 %313 = load i64, i64* %312, align 8 %314 = and i64 %313, -2 %315 = inttoptr i64 %314 to %struct.dst_entry* tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %22) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %316 = icmp eq i64 %314, 0 br i1 %316, label %336, label %317 %318 = getelementptr inbounds %struct.dst_entry, %struct.dst_entry* %315, i64 0, i32 8 %319 = load i16, i16* %318, align 2 %320 = icmp eq i16 %319, 2 br i1 %320, label %336, label %321 %322 = getelementptr inbounds %struct.dst_entry, %struct.dst_entry* %315, i64 0, i32 1 %323 = load %struct.dst_ops*, %struct.dst_ops** %322, align 8 %324 = getelementptr inbounds %struct.dst_ops, %struct.dst_ops* %323, i64 0, i32 14 %325 = load %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)*, %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)** %324, align 8 %326 = icmp eq %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)* %325, null br i1 %326, label %327, label %328, !prof !14, !misexpect !11 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.16.63751, i64 0, i64 0), i32 409, i32 2307, i64 12) #6, !srcloc !20 br label %332 %333 = phi %struct.neighbour* [ %331, %328 ], [ null, %327 ] %334 = icmp eq %struct.neighbour* %333, null %335 = select i1 %334, %struct.neighbour* %0, %struct.neighbour* %333 br label %336 %337 = phi %struct.neighbour* [ null, %317 ], [ null, %302 ], [ %333, %332 ] %338 = phi %struct.neighbour* [ %0, %317 ], [ %0, %302 ], [ %335, %332 ] %339 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %338, i64 0, i32 21 %340 = load i32 (%struct.neighbour*, %struct.sk_buff*)*, i32 (%struct.neighbour*, %struct.sk_buff*)** %339, align 8 %341 = tail call i32 %340(%struct.neighbour* %338, %struct.sk_buff* nonnull %298) #78 %342 = icmp eq %struct.neighbour* %337, null br i1 %342, label %354, label %343 %344 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %337, i64 0, i32 6 %345 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %344, i64 0, i32 0, i32 0 %346 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %345, i32 -1, i32* %345) #6, !srcloc !9 %347 = icmp eq i32 %346, 1 br i1 %347, label %353, label %348 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @neigh_destroy(%struct.neighbour* nonnull %337) #78 br label %354 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void @rcu_read_unlock_strict() #78 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %355 = load i8, i8* %25, align 1 %356 = and i8 %355, -34 %357 = icmp eq i8 %356, 0 br i1 %357, label %358, label %297 %359 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %360 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %359, i64 0, i32 0 %361 = load %struct.sk_buff*, %struct.sk_buff** %360, align 8 %362 = bitcast %struct.sk_buff_head* %359 to %struct.sk_buff* %363 = icmp eq %struct.sk_buff* %361, %362 %364 = icmp eq %struct.sk_buff* %361, null %365 = or i1 %363, %364 br i1 %365, label %383, label %366 %367 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %368 %369 = phi %struct.sk_buff* [ %361, %366 ], [ %379, %368 ] %370 = load i32, i32* %367, align 8 %371 = add i32 %370, -1 store volatile i32 %371, i32* %367, align 8 %372 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 0 %373 = load %struct.sk_buff*, %struct.sk_buff** %372, align 8 %374 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 1 %375 = load %struct.sk_buff*, %struct.sk_buff** %374, align 8 %376 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %373, i64 0, i32 0, i32 0, i32 1 %377 = bitcast %struct.sk_buff* %369 to i8* store volatile %struct.sk_buff* %375, %struct.sk_buff** %376, align 8 %378 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %375, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %373, %struct.sk_buff** %378, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %369, i32 0) #78 %369 = phi %struct.sk_buff* [ %361, %366 ], [ %379, %368 ] %370 = load i32, i32* %367, align 8 %371 = add i32 %370, -1 store volatile i32 %371, i32* %367, align 8 %372 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 0 %373 = load %struct.sk_buff*, %struct.sk_buff** %372, align 8 %374 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 1 %375 = load %struct.sk_buff*, %struct.sk_buff** %374, align 8 %376 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %373, i64 0, i32 0, i32 0, i32 1 %377 = bitcast %struct.sk_buff* %369 to i8* store volatile %struct.sk_buff* %375, %struct.sk_buff** %376, align 8 %378 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %375, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %373, %struct.sk_buff** %378, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %369, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 nf_queue 4 nf_hook_slow 5 __ip6_local_out ------------- Path:  Function:__ip6_local_out %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = add i32 %6, -40 %8 = icmp sgt i32 %7, 65535 %9 = trunc i32 %7 to i16 %10 = select i1 %8, i16 0, i16 %9 %12 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds i8, i8* %17, i64 4 %19 = bitcast i8* %18 to i16* store i16 %11, i16* %19, align 4 %20 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 3, i64 14 %21 = bitcast i8* %20 to i16* store i16 6, i16* %21, align 2 %22 = icmp eq %struct.sk_buff.763154* %2, null br i1 %22, label %46, label %23, !prof !4, !misexpect !5 %24 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 33 store i16 -8826, i16* %24, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 4, i32 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -2 %28 = inttoptr i64 %27 to i64* %29 = load i64, i64* %28, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds ([13 x [5 x %struct.static_key]], [13 x [5 x %struct.static_key]]* @nf_hooks_needed, i64 0, i64 10, i64 3), i32 2, i8* blockaddress(@__ip6_local_out, %30)) #6 to label %46 [label %30], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %31 = getelementptr %struct.net.762977, %struct.net.762977* %0, i64 0, i32 36, i32 4, i64 3 %32 = load volatile %struct.nf_hook_entries.762956*, %struct.nf_hook_entries.762956** %31, align 8 %33 = icmp eq %struct.nf_hook_entries.762956* %32, null br i1 %33, label %44, label %34 %35 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %36 = bitcast %struct.nf_hook_state.762954* %4 to i64* store i64 2563, i64* %36, align 8 %37 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 store %struct.net_device.763141* null, %struct.net_device.763141** %37, align 8 %38 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %39 = bitcast %struct.net_device.763141** %38 to i64* store i64 %29, i64* %39, align 8 %40 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 4 store %struct.sock.762871* %1, %struct.sock.762871** %40, align 8 %41 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 store %struct.net.762977* %0, %struct.net.762977** %41, align 8 %42 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 store i32 (%struct.net.762977*, %struct.sock.762871*, %struct.sk_buff.763154*)* @dst_output.68437, i32 (%struct.net.762977*, %struct.sock.762871*, %struct.sk_buff.763154*)** %42, align 8 %43 = call i32 bitcast (i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, %struct.nf_hook_entries.806847*, i32)* @nf_hook_slow to i32 (%struct.sk_buff.763154*, %struct.nf_hook_state.762954*, %struct.nf_hook_entries.762956*, i32)*)(%struct.sk_buff.763154* nonnull %2, %struct.nf_hook_state.762954* nonnull %4, %struct.nf_hook_entries.762956* nonnull %32, i32 0) #78 Function:nf_hook_slow %5 = getelementptr inbounds %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = zext i16 %6 to i32 %8 = icmp ugt i32 %7, %3 br i1 %8, label %9, label %33 %10 = zext i32 %3 to i64 br label %11 %12 = phi i64 [ %10, %9 ], [ %29, %28 ] %13 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 0 %14 = load i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)*, i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)** %13, align 8 %15 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 1 %16 = load i8*, i8** %15, align 8 %17 = tail call i32 %14(i8* %16, %struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1) #78 %18 = trunc i32 %17 to i8 switch i8 %18, label %33 [ i8 1, label %28 i8 0, label %19 i8 3, label %24 ] %25 = trunc i64 %12 to i32 %26 = tail call i32 bitcast (i32 (%struct.sk_buff.273360*, %struct.nf_hook_state*, i32, i32)* @nf_queue to i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, i32, i32)*)(%struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1, i32 %25, i32 %17) #78 Function:nf_queue %5 = alloca [6 x i8], align 2 %6 = lshr i32 %3, 16 %7 = getelementptr inbounds [6 x i8], [6 x i8]* %5, i64 0, i64 0 %8 = load volatile %struct.nf_queue_handler*, %struct.nf_queue_handler** @nf_queue_handler, align 8 %9 = icmp eq %struct.nf_queue_handler* %8, null br i1 %9, label %231, label %10 %11 = getelementptr inbounds %struct.nf_hook_state, %struct.nf_hook_state* %1, i64 0, i32 1 %12 = load i8, i8* %11, align 1 %13 = icmp eq i8 %12, 10 %14 = select i1 %13, i64 124, i64 88 %15 = icmp eq i8 %12, 2 %16 = select i1 %15, i64 104, i64 %14 %17 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 4, i32 0, i32 1 %18 = load void (%struct.sk_buff.273360*)*, void (%struct.sk_buff.273360*)** %17, align 8 %19 = icmp eq void (%struct.sk_buff.273360*)* %18, @sock_pfree br i1 %19, label %20, label %58 %21 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 1, i32 0 %22 = load %struct.sock.273622*, %struct.sock.273622** %21, align 8 %23 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 4 %24 = load volatile i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = shl nuw i32 1, %25 %27 = and i32 %26, -4161 %28 = icmp eq i32 %27, 0 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 13, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = and i64 %31, 8388608 %33 = icmp eq i64 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 19 %36 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %35, i64 0, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %49, label %39 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 %41, i32* %36, i32 %40) #6, !srcloc !4 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !5, !misexpect !6 %47 = extractvalue { i8, i32 } %42, 1 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %39 %50 = phi i32 [ 0, %34 ], [ %40, %39 ], [ 0, %46 ] %51 = add i32 %50, 1 %52 = or i32 %51, %50 %53 = icmp sgt i32 %52, -1 br i1 %53, label %55, label %54, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %35, i32 0) #78 br label %55 %56 = icmp eq i32 %50, 0 br i1 %56, label %230, label %57 br label %236 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.273360*, i32)*)(%struct.sk_buff.273360* %0, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 nf_queue 4 nf_hook_slow 5 __ip_local_out ------------- Path:  Function:__ip_local_out %4 = alloca %struct.nf_hook_state.841147, align 8 %5 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 40 %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 35 %8 = load i16, i16* %7, align 4 %9 = zext i16 %8 to i64 %10 = getelementptr i8, i8* %6, i64 %9 %11 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i16 %15 = getelementptr inbounds i8, i8* %10, i64 2 %16 = bitcast i8* %15 to i16* store i16 %14, i16* %16, align 2 %17 = getelementptr inbounds i8, i8* %10, i64 10 %18 = bitcast i8* %17 to i16* store i16 0, i16* %18, align 2 %19 = load i8, i8* %10, align 4 %20 = and i8 %19, 15 %21 = zext i8 %20 to i32 %22 = tail call { i32, i8*, i32 } asm " movl ($1), $0\0A subl $$4, $2\0A jbe 2f\0A addl 4($1), $0\0A adcl 8($1), $0\0A adcl 12($1), $0\0A1: adcl 16($1), $0\0A lea 4($1), $1\0A decl $2\0A jne\091b\0A adcl $$0, $0\0A movl $0, $2\0A shrl $$16, $0\0A addw ${2:w}, ${0:w}\0A adcl $$0, $0\0A notl $0\0A2:", "=r,=r,=r,1,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 %21) #6, !srcloc !4 %23 = extractvalue { i32, i8*, i32 } %22, 0 %24 = trunc i32 %23 to i16 store i16 %24, i16* %18, align 2 %25 = icmp eq %struct.sk_buff.841525* %2, null br i1 %25, label %50, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 33 store i16 8, i16* %27, align 8 %28 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 4, i32 0, i32 0 %29 = load i64, i64* %28, align 8 %30 = and i64 %29, -2 %31 = inttoptr i64 %30 to i64* %32 = load i64, i64* %31, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds ([13 x [5 x %struct.static_key]], [13 x [5 x %struct.static_key]]* @nf_hooks_needed, i64 0, i64 2, i64 3), i32 2, i8* blockaddress(@__ip_local_out, %33)) #6 to label %50 [label %33], !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %34 = getelementptr %struct.net.841211, %struct.net.841211* %0, i64 0, i32 36, i32 3, i64 3 %35 = load volatile %struct.nf_hook_entries.841149*, %struct.nf_hook_entries.841149** %34, align 8 %36 = icmp eq %struct.nf_hook_entries.841149* %35, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 0 %39 = bitcast %struct.nf_hook_state.841147* %4 to i64* store i64 515, i64* %39, align 8 %40 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 2 store %struct.net_device.841632* null, %struct.net_device.841632** %40, align 8 %41 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 3 %42 = bitcast %struct.net_device.841632** %41 to i64* store i64 %32, i64* %42, align 8 %43 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 4 store %struct.sock.841515* %1, %struct.sock.841515** %43, align 8 %44 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 5 store %struct.net.841211* %0, %struct.net.841211** %44, align 8 %45 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 6 %46 = bitcast {}** %45 to i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)** store i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)* @dst_output, i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)** %46, align 8 %47 = call i32 bitcast (i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, %struct.nf_hook_entries.806847*, i32)* @nf_hook_slow to i32 (%struct.sk_buff.841525*, %struct.nf_hook_state.841147*, %struct.nf_hook_entries.841149*, i32)*)(%struct.sk_buff.841525* nonnull %2, %struct.nf_hook_state.841147* nonnull %4, %struct.nf_hook_entries.841149* nonnull %35, i32 0) #78 Function:nf_hook_slow %5 = getelementptr inbounds %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = zext i16 %6 to i32 %8 = icmp ugt i32 %7, %3 br i1 %8, label %9, label %33 %10 = zext i32 %3 to i64 br label %11 %12 = phi i64 [ %10, %9 ], [ %29, %28 ] %13 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 0 %14 = load i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)*, i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)** %13, align 8 %15 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 1 %16 = load i8*, i8** %15, align 8 %17 = tail call i32 %14(i8* %16, %struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1) #78 %18 = trunc i32 %17 to i8 switch i8 %18, label %33 [ i8 1, label %28 i8 0, label %19 i8 3, label %24 ] %25 = trunc i64 %12 to i32 %26 = tail call i32 bitcast (i32 (%struct.sk_buff.273360*, %struct.nf_hook_state*, i32, i32)* @nf_queue to i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, i32, i32)*)(%struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1, i32 %25, i32 %17) #78 Function:nf_queue %5 = alloca [6 x i8], align 2 %6 = lshr i32 %3, 16 %7 = getelementptr inbounds [6 x i8], [6 x i8]* %5, i64 0, i64 0 %8 = load volatile %struct.nf_queue_handler*, %struct.nf_queue_handler** @nf_queue_handler, align 8 %9 = icmp eq %struct.nf_queue_handler* %8, null br i1 %9, label %231, label %10 %11 = getelementptr inbounds %struct.nf_hook_state, %struct.nf_hook_state* %1, i64 0, i32 1 %12 = load i8, i8* %11, align 1 %13 = icmp eq i8 %12, 10 %14 = select i1 %13, i64 124, i64 88 %15 = icmp eq i8 %12, 2 %16 = select i1 %15, i64 104, i64 %14 %17 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 4, i32 0, i32 1 %18 = load void (%struct.sk_buff.273360*)*, void (%struct.sk_buff.273360*)** %17, align 8 %19 = icmp eq void (%struct.sk_buff.273360*)* %18, @sock_pfree br i1 %19, label %20, label %58 %21 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 1, i32 0 %22 = load %struct.sock.273622*, %struct.sock.273622** %21, align 8 %23 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 4 %24 = load volatile i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = shl nuw i32 1, %25 %27 = and i32 %26, -4161 %28 = icmp eq i32 %27, 0 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 13, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = and i64 %31, 8388608 %33 = icmp eq i64 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 19 %36 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %35, i64 0, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %49, label %39 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 %41, i32* %36, i32 %40) #6, !srcloc !4 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !5, !misexpect !6 %47 = extractvalue { i8, i32 } %42, 1 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %39 %50 = phi i32 [ 0, %34 ], [ %40, %39 ], [ 0, %46 ] %51 = add i32 %50, 1 %52 = or i32 %51, %50 %53 = icmp sgt i32 %52, -1 br i1 %53, label %55, label %54, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %35, i32 0) #78 br label %55 %56 = icmp eq i32 %50, 0 br i1 %56, label %230, label %57 br label %236 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.273360*, i32)*)(%struct.sk_buff.273360* %0, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 ___neigh_create 5 __neigh_create 6 ip6_neigh_lookup 7 ip6_dst_neigh_lookup ------------- Path:  Function:ip6_dst_neigh_lookup %4 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %5 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %6 = bitcast %struct.lwtunnel_state.902525** %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 2 %9 = icmp eq i32 %8, 0 %10 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %4, i64 0, i32 5 %11 = and i32 %7, 16777216 %12 = icmp eq i32 %11, 0 %13 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %4, i64 0, i32 3, i32 0 %14 = select i1 %12, %struct.in6_addr* bitcast ({ { [16 x i8] } }* @in6addr_any to %struct.in6_addr*), %struct.in6_addr* %13 %15 = select i1 %9, %struct.in6_addr* %14, %struct.in6_addr* %10 %16 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 0 %17 = load %struct.net_device.902651*, %struct.net_device.902651** %16, align 8 %18 = tail call %struct.neighbour.902458* @ip6_neigh_lookup(%struct.in6_addr* %15, %struct.net_device.902651* %17, %struct.sk_buff.902664* %1, i8* %2) #78 Function:ip6_neigh_lookup %5 = bitcast %struct.in6_addr* %0 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.in6_addr, %struct.in6_addr* %0, i64 0, i32 0, i32 0, i64 2 %8 = bitcast i32* %7 to i64* %9 = load i64, i64* %8, align 8 %10 = or i64 %9, %6 %11 = icmp eq i64 %10, 0 br i1 %11, label %14, label %12 %13 = bitcast %struct.in6_addr* %0 to i8* br label %24 %25 = phi i8* [ %23, %16 ], [ %13, %12 ], [ %3, %14 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = load volatile %struct.neigh_hash_table.902453*, %struct.neigh_hash_table.902453** getelementptr inbounds (%struct.neigh_table.902454, %struct.neigh_table.902454* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i64 0, i32 29), align 8 %27 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 0 %28 = bitcast i8* %25 to i32* %29 = load i32, i32* %28, align 4 %30 = ptrtoint %struct.net_device.902651* %1 to i64 %31 = lshr i64 %30, 32 %32 = xor i64 %31, %30 %33 = trunc i64 %32 to i32 %34 = xor i32 %29, %33 %35 = load i32, i32* %27, align 4 %36 = mul i32 %34, %35 %37 = getelementptr i8, i8* %25, i64 4 %38 = bitcast i8* %37 to i32* %39 = load i32, i32* %38, align 4 %40 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 1 %41 = load i32, i32* %40, align 4 %42 = mul i32 %41, %39 %43 = add i32 %42, %36 %44 = getelementptr i8, i8* %25, i64 8 %45 = bitcast i8* %44 to i32* %46 = load i32, i32* %45, align 4 %47 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 2 %48 = load i32, i32* %47, align 4 %49 = mul i32 %48, %46 %50 = add i32 %43, %49 %51 = getelementptr i8, i8* %25, i64 12 %52 = bitcast i8* %51 to i32* %53 = load i32, i32* %52, align 4 %54 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 3 %55 = load i32, i32* %54, align 4 %56 = mul i32 %55, %53 %57 = add i32 %50, %56 %58 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 1 %59 = load i32, i32* %58, align 8 %60 = sub i32 32, %59 %61 = lshr i32 %57, %60 %62 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 0 %63 = load %struct.neighbour.902458**, %struct.neighbour.902458*** %62, align 8 %64 = zext i32 %61 to i64 %65 = getelementptr %struct.neighbour.902458*, %struct.neighbour.902458** %63, i64 %64 %66 = load volatile %struct.neighbour.902458*, %struct.neighbour.902458** %65, align 8 %67 = icmp eq %struct.neighbour.902458* %66, null br i1 %67, label %121, label %68 %69 = phi %struct.neighbour.902458* [ %96, %94 ], [ %66, %24 ] %70 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 25 %71 = load %struct.net_device.902651*, %struct.net_device.902651** %70, align 8 %72 = icmp eq %struct.net_device.902651* %71, %1 br i1 %72, label %73, label %94 %74 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 0 %75 = bitcast i8* %74 to i32* %76 = load i32, i32* %75, align 4 %77 = xor i32 %76, %29 %78 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 4 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 4 %81 = xor i32 %80, %39 %82 = or i32 %81, %77 %83 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 8 %84 = bitcast i8* %83 to i32* %85 = load i32, i32* %84, align 4 %86 = xor i32 %85, %46 %87 = or i32 %82, %86 %88 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 12 %89 = bitcast i8* %88 to i32* %90 = load i32, i32* %89, align 4 %91 = xor i32 %90, %53 %92 = or i32 %87, %91 %93 = icmp eq i32 %92, 0 br i1 %93, label %98, label %94 %95 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 0 %96 = load volatile %struct.neighbour.902458*, %struct.neighbour.902458** %95, align 8 %97 = icmp eq %struct.neighbour.902458* %96, null br i1 %97, label %121, label %68 tail call fastcc void @local_bh_enable.67548() #78 br label %124 %125 = tail call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %25, %struct.net_device.902651* %1, i1 zeroext true) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) %331 = icmp eq i32 %330, 0 br i1 %331, label %332, label %344 br i1 %5, label %333, label %382 %334 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 6 %335 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %334, i64 0, i32 0, i32 0 %336 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %335, i32 1, i32* %335) #6, !srcloc !9 %337 = icmp eq i32 %336, 0 br i1 %337, label %338, label %339, !prof !10, !misexpect !11 %340 = add i32 %336, 1 %341 = or i32 %340, %336 %342 = icmp sgt i32 %341, -1 br i1 %342, label %382, label %343, !prof !12, !misexpect !11 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %334, i32 1) #78 br label %382 %383 = phi %struct.neighbour* [ %324, %332 ], [ inttoptr (i64 -22 to %struct.neighbour*), %302 ], [ %324, %338 ], [ %324, %339 ], [ %324, %343 ] tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %243) #78 br label %384 %385 = phi %struct.neighbour* [ %207, %205 ], [ %219, %217 ], [ %233, %231 ], [ %383, %382 ] br i1 %4, label %388, label %386 %387 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 24, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %387, i32* %387) #6, !srcloc !15 br label %388 %389 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 6 %390 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %389, i64 0, i32 0, i32 0 %391 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %390, i32 -1, i32* %390) #6, !srcloc !28 %392 = icmp eq i32 %391, 1 br i1 %392, label %398, label %393 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !29 tail call void @neigh_destroy(%struct.neighbour* nonnull %173) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 ___neigh_create 5 __neigh_create 6 ipv4_neigh_lookup ------------- Path:  Function:ipv4_neigh_lookup %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %7 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 0, i32 0 %8 = load %struct.net_device.837070*, %struct.net_device.837070** %7, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 1, i32 2 %10 = bitcast i64* %9 to i8* %11 = load i8, i8* %10, align 8 switch i8 %11, label %138 [ i8 2, label %12 i8 10, label %58 ], !prof !6 %13 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %6, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %14 = load i32, i32* %13, align 4 %15 = bitcast i32* %5 to i8* store i32 %14, i32* %5, align 4 %16 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %8, i64 0, i32 14 %17 = load i32, i32* %16, align 64 %18 = and i32 %17, 24 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 %14, i32 0 %21 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %22 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 2, i64 0 %23 = ptrtoint %struct.net_device.837070* %8 to i64 %24 = lshr i64 %23, 32 %25 = xor i64 %24, %23 %26 = trunc i64 %25 to i32 %27 = xor i32 %20, %26 %28 = load i32, i32* %22, align 4 %29 = mul i32 %27, %28 %30 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = sub i32 32, %31 %33 = lshr i32 %29, %32 %34 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 0 %35 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %34, align 8 %36 = zext i32 %33 to i64 %37 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %35, i64 %36 %38 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %37, align 8 %39 = icmp eq %struct.neighbour.836545* %38, null br i1 %39, label %54, label %40 %41 = phi %struct.neighbour.836545* [ %52, %50 ], [ %38, %12 ] %42 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 25 %43 = load %struct.net_device.837070*, %struct.net_device.837070** %42, align 8 %44 = icmp eq %struct.net_device.837070* %43, %8 br i1 %44, label %45, label %50 %46 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 26, i64 0 %47 = bitcast i8* %46 to i32* %48 = load i32, i32* %47, align 8 %49 = icmp eq i32 %48, %20 br i1 %49, label %56, label %50 %51 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 0 %52 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %51, align 8 %53 = icmp eq %struct.neighbour.836545* %52, null br i1 %53, label %54, label %40 %55 = call %struct.neighbour.836545* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.836545* (%struct.neigh_table.836542*, i8*, %struct.net_device.837070*, i1)*)(%struct.neigh_table.836542* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i8* nonnull %15, %struct.net_device.837070* %8, i1 zeroext false) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) %331 = icmp eq i32 %330, 0 br i1 %331, label %332, label %344 br i1 %5, label %333, label %382 %334 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 6 %335 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %334, i64 0, i32 0, i32 0 %336 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %335, i32 1, i32* %335) #6, !srcloc !9 %337 = icmp eq i32 %336, 0 br i1 %337, label %338, label %339, !prof !10, !misexpect !11 %340 = add i32 %336, 1 %341 = or i32 %340, %336 %342 = icmp sgt i32 %341, -1 br i1 %342, label %382, label %343, !prof !12, !misexpect !11 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %334, i32 1) #78 br label %382 %383 = phi %struct.neighbour* [ %324, %332 ], [ inttoptr (i64 -22 to %struct.neighbour*), %302 ], [ %324, %338 ], [ %324, %339 ], [ %324, %343 ] tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %243) #78 br label %384 %385 = phi %struct.neighbour* [ %207, %205 ], [ %219, %217 ], [ %233, %231 ], [ %383, %382 ] br i1 %4, label %388, label %386 %387 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 24, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %387, i32* %387) #6, !srcloc !15 br label %388 %389 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 6 %390 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %389, i64 0, i32 0, i32 0 %391 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %390, i32 -1, i32* %390) #6, !srcloc !28 %392 = icmp eq i32 %391, 1 br i1 %392, label %398, label %393 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !29 tail call void @neigh_destroy(%struct.neighbour* nonnull %173) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 fib_detect_death 5 fib_select_path 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 ipip6_tunnel_bind_dev 9 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 fib_detect_death 5 fib_select_path 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 fib_detect_death 5 fib_select_path 6 __ip_rt_update_pmtu 7 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 napi_gro_complete 4 busy_poll_stop 5 napi_busy_loop 6 tcp_recvmsg 7 inet6_recvmsg 8 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %125 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head* %126 = bitcast %struct.sk_buff.763154* %116 to %struct.list_head** %127 = load %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 0, i32 1 %129 = bitcast %struct.list_head** %128 to %struct.sk_buff.763154** store %struct.sk_buff.763154* %118, %struct.sk_buff.763154** %129, align 8 %130 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head** store volatile %struct.list_head* %127, %struct.list_head** %130, align 8 %131 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 0 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %131, align 8 tail call fastcc void @napi_gro_complete(%struct.napi_struct.763158* %0, %struct.sk_buff.763154* %116) #78 Function:napi_gro_complete %3 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 33 %4 = load i16, i16* %3, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 3, i64 20 %6 = bitcast i8* %5 to i16* %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 1 br i1 %8, label %9, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @offload_base, i64 0, i32 0), align 8 %20 = icmp eq %struct.list_head* %19, @offload_base br i1 %20, label %46, label %21 %22 = phi %struct.list_head* [ %44, %42 ], [ %19, %18 ] %23 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %24 = bitcast %struct.list_head* %23 to i16* %25 = load i16, i16* %24, align 8 %26 = icmp eq i16 %25, %4 br i1 %26, label %27, label %42 %28 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -1, i32 1 %29 = bitcast %struct.list_head** %28 to i32 (%struct.sk_buff.763154*, i32)** %30 = load i32 (%struct.sk_buff.763154*, i32)*, i32 (%struct.sk_buff.763154*, i32)** %29, align 8 %31 = icmp eq i32 (%struct.sk_buff.763154*, i32)* %30, null br i1 %31, label %42, label %32 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, @offload_base br i1 %45, label %46, label %21 %47 = phi i1 [ false, %34 ], [ false, %38 ], [ false, %40 ], [ true, %18 ], [ true, %42 ] %48 = phi i32 [ %35, %34 ], [ %39, %38 ], [ %41, %40 ], [ -2, %18 ], [ -2, %42 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 %49 = icmp eq i32 %48, 0 br i1 %49, label %53, label %50 br i1 %47, label %51, label %52, !prof !8, !misexpect !9 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.1.63505, i64 0, i64 0), i32 5887, i32 2305, i64 12) #6, !srcloc !10 br label %52 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %1, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 napi_gro_complete 4 busy_poll_stop 5 napi_busy_loop 6 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %125 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head* %126 = bitcast %struct.sk_buff.763154* %116 to %struct.list_head** %127 = load %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 0, i32 1 %129 = bitcast %struct.list_head** %128 to %struct.sk_buff.763154** store %struct.sk_buff.763154* %118, %struct.sk_buff.763154** %129, align 8 %130 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head** store volatile %struct.list_head* %127, %struct.list_head** %130, align 8 %131 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 0 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %131, align 8 tail call fastcc void @napi_gro_complete(%struct.napi_struct.763158* %0, %struct.sk_buff.763154* %116) #78 Function:napi_gro_complete %3 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 33 %4 = load i16, i16* %3, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 3, i64 20 %6 = bitcast i8* %5 to i16* %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 1 br i1 %8, label %9, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @offload_base, i64 0, i32 0), align 8 %20 = icmp eq %struct.list_head* %19, @offload_base br i1 %20, label %46, label %21 %22 = phi %struct.list_head* [ %44, %42 ], [ %19, %18 ] %23 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %24 = bitcast %struct.list_head* %23 to i16* %25 = load i16, i16* %24, align 8 %26 = icmp eq i16 %25, %4 br i1 %26, label %27, label %42 %28 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -1, i32 1 %29 = bitcast %struct.list_head** %28 to i32 (%struct.sk_buff.763154*, i32)** %30 = load i32 (%struct.sk_buff.763154*, i32)*, i32 (%struct.sk_buff.763154*, i32)** %29, align 8 %31 = icmp eq i32 (%struct.sk_buff.763154*, i32)* %30, null br i1 %31, label %42, label %32 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, @offload_base br i1 %45, label %46, label %21 %47 = phi i1 [ false, %34 ], [ false, %38 ], [ false, %40 ], [ true, %18 ], [ true, %42 ] %48 = phi i32 [ %35, %34 ], [ %39, %38 ], [ %41, %40 ], [ -2, %18 ], [ -2, %42 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 %49 = icmp eq i32 %48, 0 br i1 %49, label %53, label %50 br i1 %47, label %51, label %52, !prof !8, !misexpect !9 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.1.63505, i64 0, i64 0), i32 5887, i32 2305, i64 12) #6, !srcloc !10 br label %52 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %1, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.756156* tail call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.756156*)*)(%struct.dst_entry.756156* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #78 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #78 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #78 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 48 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #78 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #78 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 48 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.763154*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #78 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.763154* %0, %struct.net_device.763141* null) #78 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.763141*, %struct.net_device.763141** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %141 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 18 %142 = load i16, i16* %141, align 2 %143 = and i16 %142, -4097 store i16 %143, i16* %141, align 2 %144 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %6, i64 0, i32 15 %145 = load i32, i32* %144, align 4 %146 = and i32 %145, 32 %147 = icmp eq i32 %146, 0 %148 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 4, i32 0, i32 0 %149 = load i64, i64* %148, align 8 br i1 %147, label %159, label %150 %151 = icmp eq i64 %149, 0 br i1 %151, label %192, label %152 %153 = and i64 %149, 1 %154 = icmp eq i64 %153, 0 br i1 %154, label %155, label %158 %156 = and i64 %149, -2 %157 = inttoptr i64 %156 to %struct.dst_entry.762864* call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.762864*)*)(%struct.dst_entry.762864* %157) #78 ------------- Good: 1826 Bad: 34 Ignored: 4652 Check Use of Function:exportfs_decode_fh Check Use of Function:user_shm_lock Check Use of Function:random_write_iter Check Use of Function:devkmsg_write Check Use of Function:hung_up_tty_write Check Use of Function:pipe_write Check Use of Function:tty_write Check Use of Function:ext4_file_write_iter Check Use of Function:proc_sys_write Check Use of Function:proc_sys_read Check Use of Function:generic_file_read_iter Use: =BAD PATH= Call Stack: 0 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %4 = load %struct.file.294911*, %struct.file.294911** %3, align 8 %5 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %4, i64 0, i32 18 %6 = load %struct.address_space.294992*, %struct.address_space.294992** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %6, i64 0, i32 0 %8 = load %struct.inode.294985*, %struct.inode.294985** %7, align 8 %9 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 ------------- Good: 2 Bad: 1 Ignored: 1 Check Use of Function:tty_read Check Use of Function:read_iter_zero Check Use of Function:hung_up_tty_read Check Use of Function:seq_read_iter Use: =BAD PATH= Call Stack: 0 kernfs_fop_read_iter ------------- Path:  Function:kernfs_fop_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.kernfs_open_file** %10 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %9, align 8 %11 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 0 %12 = load %struct.kernfs_node*, %struct.kernfs_node** %11, align 8 %13 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %12, i64 0, i32 10 %14 = load i16, i16* %13, align 8 %15 = and i16 %14, 64 %16 = icmp eq i16 %15, 0 br i1 %16, label %19, label %17 %18 = tail call i64 @seq_read_iter(%struct.kiocb* %0, %struct.iov_iter* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 seq_read ------------- Path:  Function:seq_read %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.kiocb, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = bitcast %struct.iovec* %5 to i8* %9 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 0 store i8* %1, i8** %9, align 8 %10 = getelementptr inbounds %struct.iovec, %struct.iovec* %5, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = bitcast %struct.kiocb* %6 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %24 = load %struct.address_space*, %struct.address_space** %23, align 8 %25 = getelementptr inbounds %struct.address_space, %struct.address_space* %24, i64 0, i32 0 %26 = load %struct.inode*, %struct.inode** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode, %struct.inode* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %47 = load %struct.inode*, %struct.inode** %46, align 8 %48 = getelementptr inbounds %struct.inode, %struct.inode* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct* %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %54, i64 0, i32 123 %56 = load %struct.io_context*, %struct.io_context** %55, align 8 %57 = icmp eq %struct.io_context* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 0 store %struct.file* %0, %struct.file** %69, align 8 %70 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %6, i64 0, i32 7, i32 0 store %struct.wait_page_queue* null, %struct.wait_page_queue** %76, align 8 call void @iov_iter_init(%struct.iov_iter* nonnull %7, i32 0, %struct.iovec* nonnull %5, i64 1, i64 %2) #78 %77 = load i64, i64* %3, align 8 store i64 %77, i64* %70, align 8 %78 = call i64 @seq_read_iter(%struct.kiocb* nonnull %6, %struct.iov_iter* nonnull %7) #79 ------------- Good: 0 Bad: 115 Ignored: 120 Check Use of Function:rw_verify_area Check Use of Function:aio_complete_rw Check Use of Function:blkdev_read_iter Check Use of Function:ext4_file_read_iter Check Use of Function:sock_read_iter Check Use of Function:proc_reg_read_iter Check Use of Function:security_validate_transition_user Check Use of Function:memdup_user_nul Use: =BAD PATH= Call Stack: 0 i915_displayport_test_active_write ------------- Path:  Function:i915_displayport_test_active_write %5 = alloca %struct.drm_connector_list_iter, align 8 %6 = alloca i32, align 4 %7 = bitcast %struct.drm_connector_list_iter* %5 to i8* %8 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_device.382396** %14 = load %struct.drm_device.382396*, %struct.drm_device.382396** %13, align 8 %15 = icmp eq i64 %2, 0 br i1 %15, label %82, label %16 %17 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_write ------------- Path:  Function:crc_control_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_crtc.411393** %11 = load %struct.drm_crtc.411393*, %struct.drm_crtc.411393** %10, align 8 %12 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %13 = icmp eq i64 %2, 0 br i1 %13, label %51, label %14 %15 = icmp ugt i64 %2, 4095 br i1 %15, label %16, label %17 %18 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse_user 1 irq_affinity_proc_write ------------- Path:  Function:irq_affinity_proc_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = tail call i8* @PDE_DATA(%struct.inode* %7) #78 %9 = ptrtoint i8* %8 to i64 %10 = trunc i64 %9 to i32 %11 = bitcast [1 x %struct.cpumask]* %5 to i8* %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = tail call zeroext i1 @irq_can_set_affinity_usr(i32 %10) #78 %14 = xor i1 %13, true %15 = load i32, i32* @no_irq_affinity, align 4 %16 = icmp ne i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %35, label %18 store i64 0, i64* %12, align 8 %19 = trunc i64 %2 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %21 = call i32 @bitmap_parse_user(i8* %1, i32 %19, i64* nonnull %12, i32 64) #78 Function:bitmap_parse_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse_user 1 default_affinity_write ------------- Path:  Function:default_affinity_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = trunc i64 %2 to i32 %9 = call i32 @bitmap_parse_user(i8* %1, i32 %8, i64* nonnull %7, i32 64) #78 Function:bitmap_parse_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse_user 1 tracing_cpumask_write ------------- Path:  Function:tracing_cpumask_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 47 %9 = bitcast i8** %8 to %struct.trace_array** %10 = load %struct.trace_array*, %struct.trace_array** %9, align 8 %11 = bitcast [1 x %struct.cpumask]* %5 to i8* %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = trunc i64 %2 to i32 %14 = call i32 @bitmap_parse_user(i8* %1, i32 %13, i64* nonnull %12, i32 64) #78 Function:bitmap_parse_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parselist_user 1 irq_affinity_list_proc_write ------------- Path:  Function:irq_affinity_list_proc_write %5 = alloca [1 x %struct.cpumask], align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = tail call i8* @PDE_DATA(%struct.inode* %7) #78 %9 = ptrtoint i8* %8 to i64 %10 = trunc i64 %9 to i32 %11 = bitcast [1 x %struct.cpumask]* %5 to i8* %12 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = tail call zeroext i1 @irq_can_set_affinity_usr(i32 %10) #78 %14 = xor i1 %13, true %15 = load i32, i32* @no_irq_affinity, align 4 %16 = icmp ne i32 %15, 0 %17 = or i1 %16, %14 br i1 %17, label %35, label %18 store i64 0, i64* %12, align 8 %19 = trunc i64 %2 to i32 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %21 = call i32 @bitmap_parselist_user(i8* %1, i32 %19, i64* nonnull %12, i32 64) #78 Function:bitmap_parselist_user %5 = zext i32 %1 to i64 %6 = tail call i8* @memdup_user_nul(i8* %0, i64 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 sel_write_bool ------------- Path:  Function:sel_write_bool %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 11 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %15 to i32 %17 = and i32 %16, 16777215 %18 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %19 = load %struct.dentry*, %struct.dentry** %18, align 8 %20 = getelementptr inbounds %struct.dentry, %struct.dentry* %19, i64 0, i32 4, i32 1 %21 = load i8*, i8** %20, align 8 %22 = icmp ugt i64 %2, 4095 br i1 %22, label %78, label %23 %24 = load i64, i64* %3, align 8 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %78 %27 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 sel_write_enforce ------------- Path:  Function:sel_write_enforce %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %16 = icmp ugt i64 %2, 4095 br i1 %16, label %79, label %17 %18 = load i64, i64* %3, align 8 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %79 %21 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 sel_commit_bools_write ------------- Path:  Function:sel_commit_bools_write %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = icmp ugt i64 %2, 4095 br i1 %14, label %64, label %15 %16 = load i64, i64* %3, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %64 %19 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_simple_write ------------- Path:  Function:proc_simple_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 9 %12 = load i32 (%struct.file*, i8*, i64)*, i32 (%struct.file*, i8*, i64)** %11, align 8 %13 = icmp eq i32 (%struct.file*, i8*, i64)* %12, null br i1 %13, label %28, label %14 %15 = add i64 %2, -1 %16 = icmp ugt i64 %15, 4094 br i1 %16, label %28, label %17 %18 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_simple_write ------------- Path:  Function:proc_simple_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 9 %12 = load i32 (%struct.file*, i8*, i64)*, i32 (%struct.file*, i8*, i64)** %11, align 8 %13 = icmp eq i32 (%struct.file*, i8*, i64)* %12, null br i1 %13, label %28, label %14 %15 = add i64 %2, -1 %16 = icmp ugt i64 %15, 4094 br i1 %16, label %28, label %17 %18 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 timens_offsets_write ------------- Path:  Function:timens_offsets_write %5 = alloca [2 x %struct.proc_timens_offset], align 16 %6 = alloca [10 x i8], align 1 %7 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 2 %8 = load %struct.inode.177454*, %struct.inode.177454** %7, align 8 %9 = bitcast [2 x %struct.proc_timens_offset]* %5 to i8* %10 = load i64, i64* %3, align 8 %11 = icmp ne i64 %10, 0 %12 = icmp ugt i64 %2, 4095 %13 = or i1 %12, %11 br i1 %13, label %98, label %14 %15 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 blk_msg_write ------------- Path:  Function:blk_msg_write %5 = icmp ugt i64 %2, 127 br i1 %5, label %15, label %6 %7 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 event_filter_write ------------- Path:  Function:event_filter_write %5 = icmp ugt i64 %2, 4095 br i1 %5, label %28, label %6 %7 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 subsystem_filter_write ------------- Path:  Function:subsystem_filter_write %5 = getelementptr inbounds %struct.file.108861, %struct.file.108861* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_subsystem_dir.108808** %7 = load %struct.trace_subsystem_dir.108808*, %struct.trace_subsystem_dir.108808** %6, align 8 %8 = icmp ugt i64 %2, 4095 br i1 %8, label %22, label %9 %10 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 event_trigger_write ------------- Path:  Function:event_trigger_write %5 = icmp eq i64 %2, 0 br i1 %5, label %29, label %6 %7 = icmp ugt i64 %2, 4095 br i1 %7, label %29, label %8 %9 = tail call i8* @memdup_user_nul(i8* %1, i64 %2) #78 ------------- Good: 5 Bad: 16 Ignored: 13 Check Use of Function:security_change_sid Check Use of Function:security_context_str_to_sid Check Use of Function:security_compute_av_user Check Use of Function:security_sid_to_context Use: =BAD PATH= Call Stack: 0 sel_read_initcon ------------- Path:  Function:sel_read_initcon %5 = alloca i8*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %15 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %16 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %17 to i32 %19 = and i32 %18, 16777215 %20 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %13, i64 0, i32 9 %21 = load %struct.selinux_state*, %struct.selinux_state** %20, align 8 %22 = call i32 bitcast (i32 (%struct.selinux_state.273763*, i32, i8**, i32*)* @security_sid_to_context to i32 (%struct.selinux_state*, i32, i8**, i32*)*)(%struct.selinux_state* %21, i32 %19, i8** nonnull %5, i32* nonnull %6) #78 ------------- Good: 11 Bad: 1 Ignored: 7 Check Use of Function:avc_ss_reset Check Use of Function:security_get_permissions Check Use of Function:d_genocide Check Use of Function:security_load_policy Check Use of Function:security_get_classes Check Use of Function:get_zeroed_page Use: =BAD PATH= Call Stack: 0 simple_transaction_get 1 selinux_transaction_write ------------- Path:  Function:selinux_transaction_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = icmp ugt i64 %8, 14 br i1 %9, label %25, label %10 %11 = getelementptr [15 x i64 (%struct.file*, i8*, i64)*], [15 x i64 (%struct.file*, i8*, i64)*]* @write_op, i64 0, i64 %8 %12 = lshr i64 15391, %8 %13 = and i64 %12, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %25 %16 = tail call i8* bitcast (i8* (%struct.file.153936*, i8*, i64)* @simple_transaction_get to i8* (%struct.file*, i8*, i64)*)(%struct.file* %0, i8* %1, i64 %2) #78 Function:simple_transaction_get %4 = icmp ugt i64 %2, 4087 br i1 %4, label %20, label %5 %6 = tail call i64 @get_zeroed_page(i32 3264) #78 ------------- Good: 426 Bad: 1 Ignored: 554 Check Use of Function:unlock_rename Check Use of Function:from_mnt_ns Check Use of Function:copy_fs_struct Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __ia32_sys_unshare ------------- Path:  Function:__ia32_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call i32 @ksys_unshare(i64 %4) #78 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %156 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 65 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %156 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %156, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #78 br i1 %45, label %46, label %156 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 91 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 64 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %58 = getelementptr inbounds %struct.fs_struct, %struct.fs_struct* %52, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 1 br i1 %60, label %65, label %61 %62 = tail call %struct.fs_struct* @copy_fs_struct(%struct.fs_struct* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __x64_sys_unshare ------------- Path:  Function:__x64_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call i32 @ksys_unshare(i64 %3) #78 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %156 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 65 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %156 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %156, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #78 br i1 %45, label %46, label %156 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 91 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 64 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %58 = getelementptr inbounds %struct.fs_struct, %struct.fs_struct* %52, i64 0, i32 0 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 1 br i1 %60, label %65, label %61 %62 = tail call %struct.fs_struct* @copy_fs_struct(%struct.fs_struct* nonnull %52) #78 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:pidns_install Check Use of Function:proc_alloc_inum Check Use of Function:put_css_set_locked Use: =BAD PATH= Call Stack: 0 free_cgroup_ns 1 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = bitcast %struct.ns_common* %0 to %struct.cgroup_namespace* %3 = icmp eq %struct.ns_common* %0, null br i1 %3, label %15, label %4 %5 = getelementptr inbounds %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace* nonnull %2) #78 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace, %struct.cgroup_namespace* %0, i64 0, i32 3 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = getelementptr inbounds %struct.css_set, %struct.css_set* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %4) #78 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 tail call void @put_css_set_locked(%struct.css_set* %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_advance_css_set 1 css_task_iter_advance 2 css_task_iter_next 3 cgroup_procs_next ------------- Path:  Function:cgroup_procs_next %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %8 = bitcast i8** %7 to %struct.cgroup_file_ctx** %9 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %8, align 8 %10 = icmp eq i64* %2, null br i1 %10, label %14, label %11 %15 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %9, i64 0, i32 2, i32 1 %16 = tail call %struct.task_struct* @css_task_iter_next(%struct.css_task_iter* %15) #78 Function:css_task_iter_next %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 10 %3 = load %struct.task_struct*, %struct.task_struct** %2, align 8 %4 = icmp eq %struct.task_struct* %3, null br i1 %4, label %17, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %18 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 65536 %21 = icmp eq i32 %20, 0 br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %25 = load %struct.list_head*, %struct.list_head** %24, align 8 %26 = icmp eq %struct.list_head* %25, null br i1 %26, label %42, label %27 %28 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -140, i32 1 %29 = bitcast %struct.task_struct** %2 to %struct.list_head*** store %struct.list_head** %28, %struct.list_head*** %29, align 8 %30 = getelementptr inbounds %struct.list_head*, %struct.list_head** %28, i64 5 %31 = bitcast %struct.list_head** %30 to %struct.seqcount_spinlock* %32 = bitcast %struct.list_head** %30 to i32* %33 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32 1, i32* %32) #6, !srcloc !8 %34 = icmp eq i32 %33, 0 br i1 %34, label %39, label %35, !prof !9, !misexpect !6 %36 = add i32 %33, 1 %37 = or i32 %36, %33 %38 = icmp sgt i32 %37, -1 br i1 %38, label %41, label %39, !prof !5, !misexpect !6 %40 = phi i32 [ 2, %27 ], [ 1, %35 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %31, i32 %40) #78 br label %41 tail call fastcc void @css_task_iter_advance(%struct.css_task_iter* %0) #79 Function:css_task_iter_advance %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %5 = bitcast %struct.list_head** %3 to i64* %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %7 = load %struct.list_head*, %struct.list_head** %3, align 8 br label %8 %9 = phi %struct.list_head* [ %7, %1 ], [ %47, %59 ] %10 = icmp eq %struct.list_head* %9, null br i1 %10, label %44, label %11 tail call fastcc void @css_task_iter_advance_css_set(%struct.css_task_iter* %0) #78 Function:css_task_iter_advance_css_set %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 4 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 5 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 0 %7 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %9 = load %struct.list_head*, %struct.list_head** %2, align 8 br label %10 %11 = phi %struct.list_head* [ %69, %82 ], [ %9, %1 ] %12 = icmp eq %struct.list_head* %11, null br i1 %12, label %22, label %13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = load %struct.list_head*, %struct.list_head** %3, align 8 %17 = icmp eq %struct.list_head* %15, %16 br i1 %17, label %21, label %18 store %struct.list_head* %15, %struct.list_head** %2, align 8 %19 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -13 %20 = bitcast %struct.list_head* %19 to %struct.css_set* br label %68 %69 = phi %struct.list_head* [ %15, %18 ], [ null, %46 ], [ %67, %66 ] %70 = phi %struct.css_set* [ %20, %18 ], [ %47, %46 ], [ %47, %66 ] %71 = icmp eq %struct.css_set* %70, null br i1 %71, label %87, label %72 %73 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 5 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 %75 = load volatile %struct.list_head*, %struct.list_head** %74, align 8 %76 = icmp eq %struct.list_head* %75, %73 br i1 %76, label %77, label %89 %78 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 6 %79 = getelementptr inbounds %struct.list_head, %struct.list_head* %78, i64 0, i32 0 %80 = load volatile %struct.list_head*, %struct.list_head** %79, align 8 %81 = icmp eq %struct.list_head* %80, %78 br i1 %81, label %82, label %89 %83 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 7 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 0 %85 = load volatile %struct.list_head*, %struct.list_head** %84, align 8 %86 = icmp eq %struct.list_head* %85, %83 br i1 %86, label %10, label %89 %90 = phi %struct.list_head* [ %73, %72 ], [ %78, %77 ], [ %83, %82 ] %91 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 store %struct.list_head* %90, %struct.list_head** %91, align 8 %92 = bitcast %struct.list_head* %90 to i64* %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %95 = bitcast %struct.list_head** %94 to i64* store i64 %93, i64* %95, align 8 %96 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %97 = load %struct.css_set*, %struct.css_set** %96, align 8 %98 = icmp eq %struct.css_set* %97, null br i1 %98, label %107, label %99 %100 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 0 %103 = load %struct.list_head*, %struct.list_head** %102, align 8 %104 = getelementptr inbounds %struct.list_head, %struct.list_head* %103, i64 0, i32 1 store %struct.list_head* %101, %struct.list_head** %104, align 8 %105 = getelementptr inbounds %struct.list_head, %struct.list_head* %101, i64 0, i32 0 store volatile %struct.list_head* %103, %struct.list_head** %105, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %102, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %100, align 8 %106 = load %struct.css_set*, %struct.css_set** %96, align 8 tail call void @put_css_set_locked(%struct.css_set* %106) #79 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_advance_css_set 1 css_task_iter_advance 2 css_task_iter_next 3 cgroup_procs_next ------------- Path:  Function:cgroup_procs_next %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %8 = bitcast i8** %7 to %struct.cgroup_file_ctx** %9 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %8, align 8 %10 = icmp eq i64* %2, null br i1 %10, label %14, label %11 %15 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %9, i64 0, i32 2, i32 1 %16 = tail call %struct.task_struct* @css_task_iter_next(%struct.css_task_iter* %15) #78 Function:css_task_iter_next %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 10 %3 = load %struct.task_struct*, %struct.task_struct** %2, align 8 %4 = icmp eq %struct.task_struct* %3, null br i1 %4, label %17, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %18 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 65536 %21 = icmp eq i32 %20, 0 br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %25 = load %struct.list_head*, %struct.list_head** %24, align 8 %26 = icmp eq %struct.list_head* %25, null br i1 %26, label %42, label %27 %28 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -140, i32 1 %29 = bitcast %struct.task_struct** %2 to %struct.list_head*** store %struct.list_head** %28, %struct.list_head*** %29, align 8 %30 = getelementptr inbounds %struct.list_head*, %struct.list_head** %28, i64 5 %31 = bitcast %struct.list_head** %30 to %struct.seqcount_spinlock* %32 = bitcast %struct.list_head** %30 to i32* %33 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32 1, i32* %32) #6, !srcloc !8 %34 = icmp eq i32 %33, 0 br i1 %34, label %39, label %35, !prof !9, !misexpect !6 %36 = add i32 %33, 1 %37 = or i32 %36, %33 %38 = icmp sgt i32 %37, -1 br i1 %38, label %41, label %39, !prof !5, !misexpect !6 %40 = phi i32 [ 2, %27 ], [ 1, %35 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %31, i32 %40) #78 br label %41 tail call fastcc void @css_task_iter_advance(%struct.css_task_iter* %0) #79 Function:css_task_iter_advance %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %5 = bitcast %struct.list_head** %3 to i64* %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %7 = load %struct.list_head*, %struct.list_head** %3, align 8 br label %8 %9 = phi %struct.list_head* [ %7, %1 ], [ %47, %59 ] %10 = icmp eq %struct.list_head* %9, null br i1 %10, label %44, label %11 tail call fastcc void @css_task_iter_advance_css_set(%struct.css_task_iter* %0) #78 Function:css_task_iter_advance_css_set %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 4 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 5 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 0 %7 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %9 = load %struct.list_head*, %struct.list_head** %2, align 8 br label %10 %11 = phi %struct.list_head* [ %69, %82 ], [ %9, %1 ] %12 = icmp eq %struct.list_head* %11, null br i1 %12, label %22, label %13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = load %struct.list_head*, %struct.list_head** %3, align 8 %17 = icmp eq %struct.list_head* %15, %16 br i1 %17, label %21, label %18 store %struct.list_head* %15, %struct.list_head** %2, align 8 %19 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -13 %20 = bitcast %struct.list_head* %19 to %struct.css_set* br label %68 %69 = phi %struct.list_head* [ %15, %18 ], [ null, %46 ], [ %67, %66 ] %70 = phi %struct.css_set* [ %20, %18 ], [ %47, %46 ], [ %47, %66 ] %71 = icmp eq %struct.css_set* %70, null br i1 %71, label %87, label %72 %73 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 5 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 %75 = load volatile %struct.list_head*, %struct.list_head** %74, align 8 %76 = icmp eq %struct.list_head* %75, %73 br i1 %76, label %77, label %89 %78 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 6 %79 = getelementptr inbounds %struct.list_head, %struct.list_head* %78, i64 0, i32 0 %80 = load volatile %struct.list_head*, %struct.list_head** %79, align 8 %81 = icmp eq %struct.list_head* %80, %78 br i1 %81, label %82, label %89 %83 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 7 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 0 %85 = load volatile %struct.list_head*, %struct.list_head** %84, align 8 %86 = icmp eq %struct.list_head* %85, %83 br i1 %86, label %10, label %89 %90 = phi %struct.list_head* [ %73, %72 ], [ %78, %77 ], [ %83, %82 ] %91 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 store %struct.list_head* %90, %struct.list_head** %91, align 8 %92 = bitcast %struct.list_head* %90 to i64* %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %95 = bitcast %struct.list_head** %94 to i64* store i64 %93, i64* %95, align 8 %96 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %97 = load %struct.css_set*, %struct.css_set** %96, align 8 %98 = icmp eq %struct.css_set* %97, null br i1 %98, label %107, label %99 %100 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 0 %103 = load %struct.list_head*, %struct.list_head** %102, align 8 %104 = getelementptr inbounds %struct.list_head, %struct.list_head* %103, i64 0, i32 1 store %struct.list_head* %101, %struct.list_head** %104, align 8 %105 = getelementptr inbounds %struct.list_head, %struct.list_head* %101, i64 0, i32 0 store volatile %struct.list_head* %103, %struct.list_head** %105, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %102, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %100, align 8 %106 = load %struct.css_set*, %struct.css_set** %96, align 8 tail call void @put_css_set_locked(%struct.css_set* %106) #79 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_advance_css_set 1 css_task_iter_advance 2 css_task_iter_next 3 cgroup_procs_next ------------- Path:  Function:cgroup_procs_next %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %8 = bitcast i8** %7 to %struct.cgroup_file_ctx** %9 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %8, align 8 %10 = icmp eq i64* %2, null br i1 %10, label %14, label %11 %15 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %9, i64 0, i32 2, i32 1 %16 = tail call %struct.task_struct* @css_task_iter_next(%struct.css_task_iter* %15) #78 Function:css_task_iter_next %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 10 %3 = load %struct.task_struct*, %struct.task_struct** %2, align 8 %4 = icmp eq %struct.task_struct* %3, null br i1 %4, label %17, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %18 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 65536 %21 = icmp eq i32 %20, 0 br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %25 = load %struct.list_head*, %struct.list_head** %24, align 8 %26 = icmp eq %struct.list_head* %25, null br i1 %26, label %42, label %27 %28 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -140, i32 1 %29 = bitcast %struct.task_struct** %2 to %struct.list_head*** store %struct.list_head** %28, %struct.list_head*** %29, align 8 %30 = getelementptr inbounds %struct.list_head*, %struct.list_head** %28, i64 5 %31 = bitcast %struct.list_head** %30 to %struct.seqcount_spinlock* %32 = bitcast %struct.list_head** %30 to i32* %33 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32 1, i32* %32) #6, !srcloc !8 %34 = icmp eq i32 %33, 0 br i1 %34, label %39, label %35, !prof !9, !misexpect !6 %36 = add i32 %33, 1 %37 = or i32 %36, %33 %38 = icmp sgt i32 %37, -1 br i1 %38, label %41, label %39, !prof !5, !misexpect !6 %40 = phi i32 [ 2, %27 ], [ 1, %35 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %31, i32 %40) #78 br label %41 tail call fastcc void @css_task_iter_advance(%struct.css_task_iter* %0) #79 Function:css_task_iter_advance %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %5 = bitcast %struct.list_head** %3 to i64* %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %7 = load %struct.list_head*, %struct.list_head** %3, align 8 br label %8 %9 = phi %struct.list_head* [ %7, %1 ], [ %47, %59 ] %10 = icmp eq %struct.list_head* %9, null br i1 %10, label %44, label %11 tail call fastcc void @css_task_iter_advance_css_set(%struct.css_task_iter* %0) #78 Function:css_task_iter_advance_css_set %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 4 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 5 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 0 %7 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %9 = load %struct.list_head*, %struct.list_head** %2, align 8 br label %10 %11 = phi %struct.list_head* [ %69, %82 ], [ %9, %1 ] %12 = icmp eq %struct.list_head* %11, null br i1 %12, label %22, label %13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = load %struct.list_head*, %struct.list_head** %3, align 8 %17 = icmp eq %struct.list_head* %15, %16 br i1 %17, label %21, label %18 store %struct.list_head* null, %struct.list_head** %2, align 8 br label %22 %23 = load %struct.list_head*, %struct.list_head** %4, align 8 %24 = getelementptr inbounds %struct.list_head, %struct.list_head* %23, i64 0, i32 0 %25 = load %struct.list_head*, %struct.list_head** %24, align 8 %26 = load %struct.list_head*, %struct.list_head** %5, align 8 %27 = icmp eq %struct.list_head* %25, %26 br i1 %27, label %28, label %29 %30 = load %struct.cgroup_subsys*, %struct.cgroup_subsys** %6, align 8 %31 = icmp eq %struct.cgroup_subsys* %30, null br i1 %31, label %42, label %32 %43 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -1, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.css_set** %45 = load %struct.css_set*, %struct.css_set** %44, align 8 br label %46 %47 = phi %struct.css_set* [ %41, %32 ], [ %45, %42 ] store %struct.list_head* %25, %struct.list_head** %4, align 8 %48 = load i32, i32* %7, align 8 %49 = and i32 %48, 2 %50 = icmp eq i32 %49, 0 br i1 %50, label %68, label %51 %52 = load %struct.css_set*, %struct.css_set** %8, align 8 %53 = icmp eq %struct.css_set* %52, null br i1 %53, label %55, label %54 tail call void @put_css_set_locked(%struct.css_set* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_advance_css_set 1 css_task_iter_advance 2 css_task_iter_next 3 cgroup_procs_next ------------- Path:  Function:cgroup_procs_next %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %8 = bitcast i8** %7 to %struct.cgroup_file_ctx** %9 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %8, align 8 %10 = icmp eq i64* %2, null br i1 %10, label %14, label %11 %15 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %9, i64 0, i32 2, i32 1 %16 = tail call %struct.task_struct* @css_task_iter_next(%struct.css_task_iter* %15) #78 Function:css_task_iter_next %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 10 %3 = load %struct.task_struct*, %struct.task_struct** %2, align 8 %4 = icmp eq %struct.task_struct* %3, null br i1 %4, label %17, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %18 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 65536 %21 = icmp eq i32 %20, 0 br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %25 = load %struct.list_head*, %struct.list_head** %24, align 8 %26 = icmp eq %struct.list_head* %25, null br i1 %26, label %42, label %27 %28 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -140, i32 1 %29 = bitcast %struct.task_struct** %2 to %struct.list_head*** store %struct.list_head** %28, %struct.list_head*** %29, align 8 %30 = getelementptr inbounds %struct.list_head*, %struct.list_head** %28, i64 5 %31 = bitcast %struct.list_head** %30 to %struct.seqcount_spinlock* %32 = bitcast %struct.list_head** %30 to i32* %33 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32 1, i32* %32) #6, !srcloc !8 %34 = icmp eq i32 %33, 0 br i1 %34, label %39, label %35, !prof !9, !misexpect !6 %36 = add i32 %33, 1 %37 = or i32 %36, %33 %38 = icmp sgt i32 %37, -1 br i1 %38, label %41, label %39, !prof !5, !misexpect !6 %40 = phi i32 [ 2, %27 ], [ 1, %35 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %31, i32 %40) #78 br label %41 tail call fastcc void @css_task_iter_advance(%struct.css_task_iter* %0) #79 Function:css_task_iter_advance %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %5 = bitcast %struct.list_head** %3 to i64* %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %7 = load %struct.list_head*, %struct.list_head** %3, align 8 br label %8 %9 = phi %struct.list_head* [ %7, %1 ], [ %47, %59 ] %10 = icmp eq %struct.list_head* %9, null br i1 %10, label %44, label %11 tail call fastcc void @css_task_iter_advance_css_set(%struct.css_task_iter* %0) #78 Function:css_task_iter_advance_css_set %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 4 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 5 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 0 %7 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %9 = load %struct.list_head*, %struct.list_head** %2, align 8 br label %10 %11 = phi %struct.list_head* [ %69, %82 ], [ %9, %1 ] %12 = icmp eq %struct.list_head* %11, null br i1 %12, label %22, label %13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = load %struct.list_head*, %struct.list_head** %3, align 8 %17 = icmp eq %struct.list_head* %15, %16 br i1 %17, label %21, label %18 store %struct.list_head* null, %struct.list_head** %2, align 8 br label %22 %23 = load %struct.list_head*, %struct.list_head** %4, align 8 %24 = getelementptr inbounds %struct.list_head, %struct.list_head* %23, i64 0, i32 0 %25 = load %struct.list_head*, %struct.list_head** %24, align 8 %26 = load %struct.list_head*, %struct.list_head** %5, align 8 %27 = icmp eq %struct.list_head* %25, %26 br i1 %27, label %28, label %29 %30 = load %struct.cgroup_subsys*, %struct.cgroup_subsys** %6, align 8 %31 = icmp eq %struct.cgroup_subsys* %30, null br i1 %31, label %42, label %32 %43 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -1, i32 1 %44 = bitcast %struct.list_head** %43 to %struct.css_set** %45 = load %struct.css_set*, %struct.css_set** %44, align 8 br label %46 %47 = phi %struct.css_set* [ %41, %32 ], [ %45, %42 ] store %struct.list_head* %25, %struct.list_head** %4, align 8 %48 = load i32, i32* %7, align 8 %49 = and i32 %48, 2 %50 = icmp eq i32 %49, 0 br i1 %50, label %68, label %51 %52 = load %struct.css_set*, %struct.css_set** %8, align 8 %53 = icmp eq %struct.css_set* %52, null br i1 %53, label %55, label %54 tail call void @put_css_set_locked(%struct.css_set* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 free_cgroup_ns 2 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = bitcast %struct.ns_common* %0 to %struct.cgroup_namespace* %3 = icmp eq %struct.ns_common* %0, null br i1 %3, label %15, label %4 %5 = getelementptr inbounds %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace* nonnull %2) #78 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace, %struct.cgroup_namespace* %0, i64 0, i32 3 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = getelementptr inbounds %struct.css_set, %struct.css_set* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %4) #78 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 tail call void @put_css_set_locked(%struct.css_set* %3) #78 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 10 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16, !prof !5, !misexpect !6 br label %18 %19 = phi i64 [ %53, %52 ], [ 0, %17 ] %20 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 1 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 0 %23 = load %struct.list_head*, %struct.list_head** %22, align 8 %24 = getelementptr inbounds %struct.list_head, %struct.list_head* %23, i64 0, i32 1 store %struct.list_head* %21, %struct.list_head** %24, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 store volatile %struct.list_head* %23, %struct.list_head** %25, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %22, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %20, align 8 %26 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 0, i64 %19 %27 = load %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %26, align 8 %28 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %27, i64 0, i32 7 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %52 %53 = add nuw nsw i64 %19, 1 %54 = icmp eq i64 %53, 4 br i1 %54, label %55, label %18 %56 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12 %57 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12, i32 1 %58 = load %struct.hlist_node**, %struct.hlist_node*** %57, align 8 %59 = icmp eq %struct.hlist_node** %58, null br i1 %59, label %68, label %60 %69 = load i32, i32* @css_set_count, align 4 %70 = add i32 %69, -1 store i32 %70, i32* @css_set_count, align 4 %71 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 13 %72 = bitcast %struct.list_head* %71 to i8** %73 = load i8*, i8** %72, align 8 %74 = bitcast i8* %73 to %struct.list_head* %75 = icmp eq %struct.list_head* %71, %74 br i1 %75, label %130, label %76 %77 = phi i8* [ %80, %127 ], [ %73, %68 ] %78 = getelementptr i8, i8* %77, i64 -32 %79 = bitcast i8* %77 to i8** %80 = load i8*, i8** %79, align 8 %81 = getelementptr i8, i8* %77, i64 -16 %82 = getelementptr i8, i8* %77, i64 -8 %83 = bitcast i8* %82 to %struct.list_head** %84 = load %struct.list_head*, %struct.list_head** %83, align 8 %85 = bitcast i8* %81 to %struct.list_head** %86 = load %struct.list_head*, %struct.list_head** %85, align 8 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 1 store %struct.list_head* %84, %struct.list_head** %87, align 8 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %84, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %88, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %85, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 %89 = getelementptr inbounds i8, i8* %77, i64 8 %90 = bitcast i8* %89 to %struct.list_head** %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = bitcast i8* %77 to %struct.list_head** %93 = load %struct.list_head*, %struct.list_head** %92, align 8 %94 = getelementptr inbounds %struct.list_head, %struct.list_head* %93, i64 0, i32 1 store %struct.list_head* %91, %struct.list_head** %94, align 8 %95 = getelementptr inbounds %struct.list_head, %struct.list_head* %91, i64 0, i32 0 store volatile %struct.list_head* %93, %struct.list_head** %95, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %92, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %90, align 8 %96 = bitcast i8* %78 to %struct.cgroup** %97 = load %struct.cgroup*, %struct.cgroup** %96, align 8 %98 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 12 %99 = bitcast %struct.cgroup_subsys_state** %98 to %struct.cgroup** %100 = load %struct.cgroup*, %struct.cgroup** %99, align 8 %101 = icmp eq %struct.cgroup* %100, null br i1 %101, label %127, label %102 %103 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 7 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, 1 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %127 %108 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %109 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %108, i64 0, i32 0 %110 = load volatile i64, i64* %109, align 8 %111 = and i64 %110, 3 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %115, !prof !5, !misexpect !6 %116 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2, i32 1 %117 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %118 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %117, i64 0, i32 0, i32 0 %119 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %118, i64 1, i64* %118) #6, !srcloc !11 %120 = and i8 %119, 1 %121 = icmp eq i8 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %124 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %123, i64 0, i32 1 %125 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %124, align 8 tail call void %125(%struct.percpu_ref* %108) #78 br label %126 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %127 tail call void @kfree(i8* %78) #78 %128 = bitcast i8* %80 to %struct.list_head* %129 = icmp eq %struct.list_head* %71, %128 br i1 %129, label %130, label %76 %131 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 2 %132 = load %struct.css_set*, %struct.css_set** %131, align 8 %133 = icmp eq %struct.css_set* %132, %0 br i1 %133, label %142, label %134 %135 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 1 %136 = load %struct.list_head*, %struct.list_head** %135, align 8 %137 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 0 %138 = load %struct.list_head*, %struct.list_head** %137, align 8 %139 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 1 store %struct.list_head* %136, %struct.list_head** %139, align 8 %140 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 0 store volatile %struct.list_head* %138, %struct.list_head** %140, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %137, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %135, align 8 %141 = load %struct.css_set*, %struct.css_set** %131, align 8 tail call void @put_css_set_locked(%struct.css_set* %141) #79 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 css_task_iter_advance_css_set 2 css_task_iter_advance 3 css_task_iter_next 4 cgroup_procs_next ------------- Path:  Function:cgroup_procs_next %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %8 = bitcast i8** %7 to %struct.cgroup_file_ctx** %9 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %8, align 8 %10 = icmp eq i64* %2, null br i1 %10, label %14, label %11 %15 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %9, i64 0, i32 2, i32 1 %16 = tail call %struct.task_struct* @css_task_iter_next(%struct.css_task_iter* %15) #78 Function:css_task_iter_next %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 10 %3 = load %struct.task_struct*, %struct.task_struct** %2, align 8 %4 = icmp eq %struct.task_struct* %3, null br i1 %4, label %17, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %18 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 65536 %21 = icmp eq i32 %20, 0 br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %25 = load %struct.list_head*, %struct.list_head** %24, align 8 %26 = icmp eq %struct.list_head* %25, null br i1 %26, label %42, label %27 %28 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -140, i32 1 %29 = bitcast %struct.task_struct** %2 to %struct.list_head*** store %struct.list_head** %28, %struct.list_head*** %29, align 8 %30 = getelementptr inbounds %struct.list_head*, %struct.list_head** %28, i64 5 %31 = bitcast %struct.list_head** %30 to %struct.seqcount_spinlock* %32 = bitcast %struct.list_head** %30 to i32* %33 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32 1, i32* %32) #6, !srcloc !8 %34 = icmp eq i32 %33, 0 br i1 %34, label %39, label %35, !prof !9, !misexpect !6 %36 = add i32 %33, 1 %37 = or i32 %36, %33 %38 = icmp sgt i32 %37, -1 br i1 %38, label %41, label %39, !prof !5, !misexpect !6 %40 = phi i32 [ 2, %27 ], [ 1, %35 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %31, i32 %40) #78 br label %41 tail call fastcc void @css_task_iter_advance(%struct.css_task_iter* %0) #79 Function:css_task_iter_advance %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %5 = bitcast %struct.list_head** %3 to i64* %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %7 = load %struct.list_head*, %struct.list_head** %3, align 8 br label %8 %9 = phi %struct.list_head* [ %7, %1 ], [ %47, %59 ] %10 = icmp eq %struct.list_head* %9, null br i1 %10, label %44, label %11 tail call fastcc void @css_task_iter_advance_css_set(%struct.css_task_iter* %0) #78 Function:css_task_iter_advance_css_set %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 4 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 5 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 0 %7 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %9 = load %struct.list_head*, %struct.list_head** %2, align 8 br label %10 %11 = phi %struct.list_head* [ %69, %82 ], [ %9, %1 ] %12 = icmp eq %struct.list_head* %11, null br i1 %12, label %22, label %13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = load %struct.list_head*, %struct.list_head** %3, align 8 %17 = icmp eq %struct.list_head* %15, %16 br i1 %17, label %21, label %18 store %struct.list_head* %15, %struct.list_head** %2, align 8 %19 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -13 %20 = bitcast %struct.list_head* %19 to %struct.css_set* br label %68 %69 = phi %struct.list_head* [ %15, %18 ], [ null, %46 ], [ %67, %66 ] %70 = phi %struct.css_set* [ %20, %18 ], [ %47, %46 ], [ %47, %66 ] %71 = icmp eq %struct.css_set* %70, null br i1 %71, label %87, label %72 %73 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 5 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 %75 = load volatile %struct.list_head*, %struct.list_head** %74, align 8 %76 = icmp eq %struct.list_head* %75, %73 br i1 %76, label %77, label %89 %78 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 6 %79 = getelementptr inbounds %struct.list_head, %struct.list_head* %78, i64 0, i32 0 %80 = load volatile %struct.list_head*, %struct.list_head** %79, align 8 %81 = icmp eq %struct.list_head* %80, %78 br i1 %81, label %82, label %89 %83 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 7 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 0 %85 = load volatile %struct.list_head*, %struct.list_head** %84, align 8 %86 = icmp eq %struct.list_head* %85, %83 br i1 %86, label %10, label %89 %90 = phi %struct.list_head* [ %73, %72 ], [ %78, %77 ], [ %83, %82 ] %91 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 store %struct.list_head* %90, %struct.list_head** %91, align 8 %92 = bitcast %struct.list_head* %90 to i64* %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %95 = bitcast %struct.list_head** %94 to i64* store i64 %93, i64* %95, align 8 %96 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %97 = load %struct.css_set*, %struct.css_set** %96, align 8 %98 = icmp eq %struct.css_set* %97, null br i1 %98, label %107, label %99 %100 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 0 %103 = load %struct.list_head*, %struct.list_head** %102, align 8 %104 = getelementptr inbounds %struct.list_head, %struct.list_head* %103, i64 0, i32 1 store %struct.list_head* %101, %struct.list_head** %104, align 8 %105 = getelementptr inbounds %struct.list_head, %struct.list_head* %101, i64 0, i32 0 store volatile %struct.list_head* %103, %struct.list_head** %105, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %102, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %100, align 8 %106 = load %struct.css_set*, %struct.css_set** %96, align 8 tail call void @put_css_set_locked(%struct.css_set* %106) #79 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 10 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16, !prof !5, !misexpect !6 br label %18 %19 = phi i64 [ %53, %52 ], [ 0, %17 ] %20 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 1 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 0 %23 = load %struct.list_head*, %struct.list_head** %22, align 8 %24 = getelementptr inbounds %struct.list_head, %struct.list_head* %23, i64 0, i32 1 store %struct.list_head* %21, %struct.list_head** %24, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 store volatile %struct.list_head* %23, %struct.list_head** %25, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %22, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %20, align 8 %26 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 0, i64 %19 %27 = load %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %26, align 8 %28 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %27, i64 0, i32 7 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %52 %53 = add nuw nsw i64 %19, 1 %54 = icmp eq i64 %53, 4 br i1 %54, label %55, label %18 %56 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12 %57 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12, i32 1 %58 = load %struct.hlist_node**, %struct.hlist_node*** %57, align 8 %59 = icmp eq %struct.hlist_node** %58, null br i1 %59, label %68, label %60 %69 = load i32, i32* @css_set_count, align 4 %70 = add i32 %69, -1 store i32 %70, i32* @css_set_count, align 4 %71 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 13 %72 = bitcast %struct.list_head* %71 to i8** %73 = load i8*, i8** %72, align 8 %74 = bitcast i8* %73 to %struct.list_head* %75 = icmp eq %struct.list_head* %71, %74 br i1 %75, label %130, label %76 %77 = phi i8* [ %80, %127 ], [ %73, %68 ] %78 = getelementptr i8, i8* %77, i64 -32 %79 = bitcast i8* %77 to i8** %80 = load i8*, i8** %79, align 8 %81 = getelementptr i8, i8* %77, i64 -16 %82 = getelementptr i8, i8* %77, i64 -8 %83 = bitcast i8* %82 to %struct.list_head** %84 = load %struct.list_head*, %struct.list_head** %83, align 8 %85 = bitcast i8* %81 to %struct.list_head** %86 = load %struct.list_head*, %struct.list_head** %85, align 8 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 1 store %struct.list_head* %84, %struct.list_head** %87, align 8 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %84, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %88, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %85, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 %89 = getelementptr inbounds i8, i8* %77, i64 8 %90 = bitcast i8* %89 to %struct.list_head** %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = bitcast i8* %77 to %struct.list_head** %93 = load %struct.list_head*, %struct.list_head** %92, align 8 %94 = getelementptr inbounds %struct.list_head, %struct.list_head* %93, i64 0, i32 1 store %struct.list_head* %91, %struct.list_head** %94, align 8 %95 = getelementptr inbounds %struct.list_head, %struct.list_head* %91, i64 0, i32 0 store volatile %struct.list_head* %93, %struct.list_head** %95, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %92, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %90, align 8 %96 = bitcast i8* %78 to %struct.cgroup** %97 = load %struct.cgroup*, %struct.cgroup** %96, align 8 %98 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 12 %99 = bitcast %struct.cgroup_subsys_state** %98 to %struct.cgroup** %100 = load %struct.cgroup*, %struct.cgroup** %99, align 8 %101 = icmp eq %struct.cgroup* %100, null br i1 %101, label %127, label %102 %103 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 7 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, 1 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %127 %108 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %109 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %108, i64 0, i32 0 %110 = load volatile i64, i64* %109, align 8 %111 = and i64 %110, 3 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %115, !prof !5, !misexpect !6 %116 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2, i32 1 %117 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %118 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %117, i64 0, i32 0, i32 0 %119 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %118, i64 1, i64* %118) #6, !srcloc !11 %120 = and i8 %119, 1 %121 = icmp eq i8 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %124 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %123, i64 0, i32 1 %125 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %124, align 8 tail call void %125(%struct.percpu_ref* %108) #78 br label %126 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %127 tail call void @kfree(i8* %78) #78 %128 = bitcast i8* %80 to %struct.list_head* %129 = icmp eq %struct.list_head* %71, %128 br i1 %129, label %130, label %76 %131 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 2 %132 = load %struct.css_set*, %struct.css_set** %131, align 8 %133 = icmp eq %struct.css_set* %132, %0 br i1 %133, label %142, label %134 %135 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 1 %136 = load %struct.list_head*, %struct.list_head** %135, align 8 %137 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 0 %138 = load %struct.list_head*, %struct.list_head** %137, align 8 %139 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 1 store %struct.list_head* %136, %struct.list_head** %139, align 8 %140 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 0 store volatile %struct.list_head* %138, %struct.list_head** %140, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %137, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %135, align 8 %141 = load %struct.css_set*, %struct.css_set** %131, align 8 tail call void @put_css_set_locked(%struct.css_set* %141) #79 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 css_task_iter_advance_css_set 2 css_task_iter_advance 3 css_task_iter_next 4 cgroup_procs_next ------------- Path:  Function:cgroup_procs_next %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %8 = bitcast i8** %7 to %struct.cgroup_file_ctx** %9 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %8, align 8 %10 = icmp eq i64* %2, null br i1 %10, label %14, label %11 %15 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %9, i64 0, i32 2, i32 1 %16 = tail call %struct.task_struct* @css_task_iter_next(%struct.css_task_iter* %15) #78 Function:css_task_iter_next %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 10 %3 = load %struct.task_struct*, %struct.task_struct** %2, align 8 %4 = icmp eq %struct.task_struct* %3, null br i1 %4, label %17, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %18 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 65536 %21 = icmp eq i32 %20, 0 br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %25 = load %struct.list_head*, %struct.list_head** %24, align 8 %26 = icmp eq %struct.list_head* %25, null br i1 %26, label %42, label %27 %28 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -140, i32 1 %29 = bitcast %struct.task_struct** %2 to %struct.list_head*** store %struct.list_head** %28, %struct.list_head*** %29, align 8 %30 = getelementptr inbounds %struct.list_head*, %struct.list_head** %28, i64 5 %31 = bitcast %struct.list_head** %30 to %struct.seqcount_spinlock* %32 = bitcast %struct.list_head** %30 to i32* %33 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32 1, i32* %32) #6, !srcloc !8 %34 = icmp eq i32 %33, 0 br i1 %34, label %39, label %35, !prof !9, !misexpect !6 %36 = add i32 %33, 1 %37 = or i32 %36, %33 %38 = icmp sgt i32 %37, -1 br i1 %38, label %41, label %39, !prof !5, !misexpect !6 %40 = phi i32 [ 2, %27 ], [ 1, %35 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %31, i32 %40) #78 br label %41 tail call fastcc void @css_task_iter_advance(%struct.css_task_iter* %0) #79 Function:css_task_iter_advance %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %5 = bitcast %struct.list_head** %3 to i64* %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %7 = load %struct.list_head*, %struct.list_head** %3, align 8 br label %8 %9 = phi %struct.list_head* [ %7, %1 ], [ %47, %59 ] %10 = icmp eq %struct.list_head* %9, null br i1 %10, label %44, label %11 tail call fastcc void @css_task_iter_advance_css_set(%struct.css_task_iter* %0) #78 Function:css_task_iter_advance_css_set %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 4 %3 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 5 %4 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 2 %5 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 0 %7 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %9 = load %struct.list_head*, %struct.list_head** %2, align 8 br label %10 %11 = phi %struct.list_head* [ %69, %82 ], [ %9, %1 ] %12 = icmp eq %struct.list_head* %11, null br i1 %12, label %22, label %13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = load %struct.list_head*, %struct.list_head** %3, align 8 %17 = icmp eq %struct.list_head* %15, %16 br i1 %17, label %21, label %18 store %struct.list_head* %15, %struct.list_head** %2, align 8 %19 = getelementptr %struct.list_head, %struct.list_head* %15, i64 -13 %20 = bitcast %struct.list_head* %19 to %struct.css_set* br label %68 %69 = phi %struct.list_head* [ %15, %18 ], [ null, %46 ], [ %67, %66 ] %70 = phi %struct.css_set* [ %20, %18 ], [ %47, %46 ], [ %47, %66 ] %71 = icmp eq %struct.css_set* %70, null br i1 %71, label %87, label %72 %73 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 5 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 %75 = load volatile %struct.list_head*, %struct.list_head** %74, align 8 %76 = icmp eq %struct.list_head* %75, %73 br i1 %76, label %77, label %89 %78 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 6 %79 = getelementptr inbounds %struct.list_head, %struct.list_head* %78, i64 0, i32 0 %80 = load volatile %struct.list_head*, %struct.list_head** %79, align 8 %81 = icmp eq %struct.list_head* %80, %78 br i1 %81, label %82, label %89 %83 = getelementptr inbounds %struct.css_set, %struct.css_set* %70, i64 0, i32 7 %84 = getelementptr inbounds %struct.list_head, %struct.list_head* %83, i64 0, i32 0 %85 = load volatile %struct.list_head*, %struct.list_head** %84, align 8 %86 = icmp eq %struct.list_head* %85, %83 br i1 %86, label %10, label %89 %90 = phi %struct.list_head* [ %73, %72 ], [ %78, %77 ], [ %83, %82 ] %91 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 7 store %struct.list_head* %90, %struct.list_head** %91, align 8 %92 = bitcast %struct.list_head* %90 to i64* %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 6 %95 = bitcast %struct.list_head** %94 to i64* store i64 %93, i64* %95, align 8 %96 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %97 = load %struct.css_set*, %struct.css_set** %96, align 8 %98 = icmp eq %struct.css_set* %97, null br i1 %98, label %107, label %99 %100 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 1 %101 = load %struct.list_head*, %struct.list_head** %100, align 8 %102 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 0 %103 = load %struct.list_head*, %struct.list_head** %102, align 8 %104 = getelementptr inbounds %struct.list_head, %struct.list_head* %103, i64 0, i32 1 store %struct.list_head* %101, %struct.list_head** %104, align 8 %105 = getelementptr inbounds %struct.list_head, %struct.list_head* %101, i64 0, i32 0 store volatile %struct.list_head* %103, %struct.list_head** %105, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %102, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %100, align 8 %106 = load %struct.css_set*, %struct.css_set** %96, align 8 tail call void @put_css_set_locked(%struct.css_set* %106) #79 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 10 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16, !prof !5, !misexpect !6 br label %18 %19 = phi i64 [ %53, %52 ], [ 0, %17 ] %20 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 1 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 0 %23 = load %struct.list_head*, %struct.list_head** %22, align 8 %24 = getelementptr inbounds %struct.list_head, %struct.list_head* %23, i64 0, i32 1 store %struct.list_head* %21, %struct.list_head** %24, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 store volatile %struct.list_head* %23, %struct.list_head** %25, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %22, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %20, align 8 %26 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 0, i64 %19 %27 = load %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %26, align 8 %28 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %27, i64 0, i32 7 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %52 %53 = add nuw nsw i64 %19, 1 %54 = icmp eq i64 %53, 4 br i1 %54, label %55, label %18 %56 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12 %57 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12, i32 1 %58 = load %struct.hlist_node**, %struct.hlist_node*** %57, align 8 %59 = icmp eq %struct.hlist_node** %58, null br i1 %59, label %68, label %60 %69 = load i32, i32* @css_set_count, align 4 %70 = add i32 %69, -1 store i32 %70, i32* @css_set_count, align 4 %71 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 13 %72 = bitcast %struct.list_head* %71 to i8** %73 = load i8*, i8** %72, align 8 %74 = bitcast i8* %73 to %struct.list_head* %75 = icmp eq %struct.list_head* %71, %74 br i1 %75, label %130, label %76 %77 = phi i8* [ %80, %127 ], [ %73, %68 ] %78 = getelementptr i8, i8* %77, i64 -32 %79 = bitcast i8* %77 to i8** %80 = load i8*, i8** %79, align 8 %81 = getelementptr i8, i8* %77, i64 -16 %82 = getelementptr i8, i8* %77, i64 -8 %83 = bitcast i8* %82 to %struct.list_head** %84 = load %struct.list_head*, %struct.list_head** %83, align 8 %85 = bitcast i8* %81 to %struct.list_head** %86 = load %struct.list_head*, %struct.list_head** %85, align 8 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 1 store %struct.list_head* %84, %struct.list_head** %87, align 8 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %84, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %88, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %85, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 %89 = getelementptr inbounds i8, i8* %77, i64 8 %90 = bitcast i8* %89 to %struct.list_head** %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = bitcast i8* %77 to %struct.list_head** %93 = load %struct.list_head*, %struct.list_head** %92, align 8 %94 = getelementptr inbounds %struct.list_head, %struct.list_head* %93, i64 0, i32 1 store %struct.list_head* %91, %struct.list_head** %94, align 8 %95 = getelementptr inbounds %struct.list_head, %struct.list_head* %91, i64 0, i32 0 store volatile %struct.list_head* %93, %struct.list_head** %95, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %92, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %90, align 8 %96 = bitcast i8* %78 to %struct.cgroup** %97 = load %struct.cgroup*, %struct.cgroup** %96, align 8 %98 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 12 %99 = bitcast %struct.cgroup_subsys_state** %98 to %struct.cgroup** %100 = load %struct.cgroup*, %struct.cgroup** %99, align 8 %101 = icmp eq %struct.cgroup* %100, null br i1 %101, label %127, label %102 %103 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 7 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, 1 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %127 %108 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %109 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %108, i64 0, i32 0 %110 = load volatile i64, i64* %109, align 8 %111 = and i64 %110, 3 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %115, !prof !5, !misexpect !6 %116 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2, i32 1 %117 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %118 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %117, i64 0, i32 0, i32 0 %119 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %118, i64 1, i64* %118) #6, !srcloc !11 %120 = and i8 %119, 1 %121 = icmp eq i8 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %124 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %123, i64 0, i32 1 %125 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %124, align 8 tail call void %125(%struct.percpu_ref* %108) #78 br label %126 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %127 tail call void @kfree(i8* %78) #78 %128 = bitcast i8* %80 to %struct.list_head* %129 = icmp eq %struct.list_head* %71, %128 br i1 %129, label %130, label %76 %131 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 2 %132 = load %struct.css_set*, %struct.css_set** %131, align 8 %133 = icmp eq %struct.css_set* %132, %0 br i1 %133, label %142, label %134 %135 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 1 %136 = load %struct.list_head*, %struct.list_head** %135, align 8 %137 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 0 %138 = load %struct.list_head*, %struct.list_head** %137, align 8 %139 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 1 store %struct.list_head* %136, %struct.list_head** %139, align 8 %140 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 0 store volatile %struct.list_head* %138, %struct.list_head** %140, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %137, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %135, align 8 %141 = load %struct.css_set*, %struct.css_set** %131, align 8 tail call void @put_css_set_locked(%struct.css_set* %141) #79 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 css_task_iter_end 2 cgroup_procs_release ------------- Path:  Function:cgroup_procs_release %2 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %3 = bitcast i8** %2 to %struct.cgroup_file_ctx** %4 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %3, align 8 %5 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 0 %6 = load i8, i8* %5, align 8, !range !4 %7 = icmp eq i8 %6, 0 br i1 %7, label %10, label %8 %9 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 1 tail call void @css_task_iter_end(%struct.css_task_iter* %9) #78 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 %14 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %15 = load %struct.css_set*, %struct.css_set** %14, align 8 %16 = icmp eq %struct.css_set* %15, null br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.css_set, %struct.css_set* %15, i64 0, i32 1 %19 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %18) #78 br i1 %19, label %22, label %20 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 tail call void @put_css_set_locked(%struct.css_set* nonnull %15) #78 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 10 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16, !prof !5, !misexpect !6 br label %18 %19 = phi i64 [ %53, %52 ], [ 0, %17 ] %20 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 1 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 0 %23 = load %struct.list_head*, %struct.list_head** %22, align 8 %24 = getelementptr inbounds %struct.list_head, %struct.list_head* %23, i64 0, i32 1 store %struct.list_head* %21, %struct.list_head** %24, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 store volatile %struct.list_head* %23, %struct.list_head** %25, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %22, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %20, align 8 %26 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 0, i64 %19 %27 = load %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %26, align 8 %28 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %27, i64 0, i32 7 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %52 %53 = add nuw nsw i64 %19, 1 %54 = icmp eq i64 %53, 4 br i1 %54, label %55, label %18 %56 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12 %57 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12, i32 1 %58 = load %struct.hlist_node**, %struct.hlist_node*** %57, align 8 %59 = icmp eq %struct.hlist_node** %58, null br i1 %59, label %68, label %60 %69 = load i32, i32* @css_set_count, align 4 %70 = add i32 %69, -1 store i32 %70, i32* @css_set_count, align 4 %71 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 13 %72 = bitcast %struct.list_head* %71 to i8** %73 = load i8*, i8** %72, align 8 %74 = bitcast i8* %73 to %struct.list_head* %75 = icmp eq %struct.list_head* %71, %74 br i1 %75, label %130, label %76 %77 = phi i8* [ %80, %127 ], [ %73, %68 ] %78 = getelementptr i8, i8* %77, i64 -32 %79 = bitcast i8* %77 to i8** %80 = load i8*, i8** %79, align 8 %81 = getelementptr i8, i8* %77, i64 -16 %82 = getelementptr i8, i8* %77, i64 -8 %83 = bitcast i8* %82 to %struct.list_head** %84 = load %struct.list_head*, %struct.list_head** %83, align 8 %85 = bitcast i8* %81 to %struct.list_head** %86 = load %struct.list_head*, %struct.list_head** %85, align 8 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 1 store %struct.list_head* %84, %struct.list_head** %87, align 8 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %84, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %88, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %85, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 %89 = getelementptr inbounds i8, i8* %77, i64 8 %90 = bitcast i8* %89 to %struct.list_head** %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = bitcast i8* %77 to %struct.list_head** %93 = load %struct.list_head*, %struct.list_head** %92, align 8 %94 = getelementptr inbounds %struct.list_head, %struct.list_head* %93, i64 0, i32 1 store %struct.list_head* %91, %struct.list_head** %94, align 8 %95 = getelementptr inbounds %struct.list_head, %struct.list_head* %91, i64 0, i32 0 store volatile %struct.list_head* %93, %struct.list_head** %95, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %92, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %90, align 8 %96 = bitcast i8* %78 to %struct.cgroup** %97 = load %struct.cgroup*, %struct.cgroup** %96, align 8 %98 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 12 %99 = bitcast %struct.cgroup_subsys_state** %98 to %struct.cgroup** %100 = load %struct.cgroup*, %struct.cgroup** %99, align 8 %101 = icmp eq %struct.cgroup* %100, null br i1 %101, label %127, label %102 %103 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 7 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, 1 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %127 %108 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %109 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %108, i64 0, i32 0 %110 = load volatile i64, i64* %109, align 8 %111 = and i64 %110, 3 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %115, !prof !5, !misexpect !6 %116 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2, i32 1 %117 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %118 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %117, i64 0, i32 0, i32 0 %119 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %118, i64 1, i64* %118) #6, !srcloc !11 %120 = and i8 %119, 1 %121 = icmp eq i8 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %124 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %123, i64 0, i32 1 %125 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %124, align 8 tail call void %125(%struct.percpu_ref* %108) #78 br label %126 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %127 tail call void @kfree(i8* %78) #78 %128 = bitcast i8* %80 to %struct.list_head* %129 = icmp eq %struct.list_head* %71, %128 br i1 %129, label %130, label %76 %131 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 2 %132 = load %struct.css_set*, %struct.css_set** %131, align 8 %133 = icmp eq %struct.css_set* %132, %0 br i1 %133, label %142, label %134 %135 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 1 %136 = load %struct.list_head*, %struct.list_head** %135, align 8 %137 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 0 %138 = load %struct.list_head*, %struct.list_head** %137, align 8 %139 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 1 store %struct.list_head* %136, %struct.list_head** %139, align 8 %140 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 0 store volatile %struct.list_head* %138, %struct.list_head** %140, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %137, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %135, align 8 %141 = load %struct.css_set*, %struct.css_set** %131, align 8 tail call void @put_css_set_locked(%struct.css_set* %141) #79 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 css_task_iter_end 2 cgroup_procs_release ------------- Path:  Function:cgroup_procs_release %2 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %3 = bitcast i8** %2 to %struct.cgroup_file_ctx** %4 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %3, align 8 %5 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 0 %6 = load i8, i8* %5, align 8, !range !4 %7 = icmp eq i8 %6, 0 br i1 %7, label %10, label %8 %9 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 1 tail call void @css_task_iter_end(%struct.css_task_iter* %9) #78 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 %14 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %15 = load %struct.css_set*, %struct.css_set** %14, align 8 %16 = icmp eq %struct.css_set* %15, null br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.css_set, %struct.css_set* %15, i64 0, i32 1 %19 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %18) #78 br i1 %19, label %22, label %20 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 tail call void @put_css_set_locked(%struct.css_set* nonnull %15) #78 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 10 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %17, label %16, !prof !5, !misexpect !6 br label %18 %19 = phi i64 [ %53, %52 ], [ 0, %17 ] %20 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 1 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 9, i64 %19, i32 0 %23 = load %struct.list_head*, %struct.list_head** %22, align 8 %24 = getelementptr inbounds %struct.list_head, %struct.list_head* %23, i64 0, i32 1 store %struct.list_head* %21, %struct.list_head** %24, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 store volatile %struct.list_head* %23, %struct.list_head** %25, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %22, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %20, align 8 %26 = getelementptr %struct.css_set, %struct.css_set* %0, i64 0, i32 0, i64 %19 %27 = load %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %26, align 8 %28 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %27, i64 0, i32 7 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %52 %53 = add nuw nsw i64 %19, 1 %54 = icmp eq i64 %53, 4 br i1 %54, label %55, label %18 %56 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12 %57 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 12, i32 1 %58 = load %struct.hlist_node**, %struct.hlist_node*** %57, align 8 %59 = icmp eq %struct.hlist_node** %58, null br i1 %59, label %68, label %60 %69 = load i32, i32* @css_set_count, align 4 %70 = add i32 %69, -1 store i32 %70, i32* @css_set_count, align 4 %71 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 13 %72 = bitcast %struct.list_head* %71 to i8** %73 = load i8*, i8** %72, align 8 %74 = bitcast i8* %73 to %struct.list_head* %75 = icmp eq %struct.list_head* %71, %74 br i1 %75, label %130, label %76 %77 = phi i8* [ %80, %127 ], [ %73, %68 ] %78 = getelementptr i8, i8* %77, i64 -32 %79 = bitcast i8* %77 to i8** %80 = load i8*, i8** %79, align 8 %81 = getelementptr i8, i8* %77, i64 -16 %82 = getelementptr i8, i8* %77, i64 -8 %83 = bitcast i8* %82 to %struct.list_head** %84 = load %struct.list_head*, %struct.list_head** %83, align 8 %85 = bitcast i8* %81 to %struct.list_head** %86 = load %struct.list_head*, %struct.list_head** %85, align 8 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 1 store %struct.list_head* %84, %struct.list_head** %87, align 8 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %84, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %88, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %85, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 %89 = getelementptr inbounds i8, i8* %77, i64 8 %90 = bitcast i8* %89 to %struct.list_head** %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = bitcast i8* %77 to %struct.list_head** %93 = load %struct.list_head*, %struct.list_head** %92, align 8 %94 = getelementptr inbounds %struct.list_head, %struct.list_head* %93, i64 0, i32 1 store %struct.list_head* %91, %struct.list_head** %94, align 8 %95 = getelementptr inbounds %struct.list_head, %struct.list_head* %91, i64 0, i32 0 store volatile %struct.list_head* %93, %struct.list_head** %95, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %92, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %90, align 8 %96 = bitcast i8* %78 to %struct.cgroup** %97 = load %struct.cgroup*, %struct.cgroup** %96, align 8 %98 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 12 %99 = bitcast %struct.cgroup_subsys_state** %98 to %struct.cgroup** %100 = load %struct.cgroup*, %struct.cgroup** %99, align 8 %101 = icmp eq %struct.cgroup* %100, null br i1 %101, label %127, label %102 %103 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 7 %104 = load i32, i32* %103, align 4 %105 = and i32 %104, 1 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %127 %108 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %109 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %108, i64 0, i32 0 %110 = load volatile i64, i64* %109, align 8 %111 = and i64 %110, 3 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %115, !prof !5, !misexpect !6 %116 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %97, i64 0, i32 0, i32 2, i32 1 %117 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %118 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %117, i64 0, i32 0, i32 0 %119 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %118, i64 1, i64* %118) #6, !srcloc !11 %120 = and i8 %119, 1 %121 = icmp eq i8 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %116, align 8 %124 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %123, i64 0, i32 1 %125 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %124, align 8 tail call void %125(%struct.percpu_ref* %108) #78 br label %126 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %127 tail call void @kfree(i8* %78) #78 %128 = bitcast i8* %80 to %struct.list_head* %129 = icmp eq %struct.list_head* %71, %128 br i1 %129, label %130, label %76 %131 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 2 %132 = load %struct.css_set*, %struct.css_set** %131, align 8 %133 = icmp eq %struct.css_set* %132, %0 br i1 %133, label %142, label %134 %135 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 1 %136 = load %struct.list_head*, %struct.list_head** %135, align 8 %137 = getelementptr inbounds %struct.css_set, %struct.css_set* %0, i64 0, i32 11, i32 0 %138 = load %struct.list_head*, %struct.list_head** %137, align 8 %139 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 1 store %struct.list_head* %136, %struct.list_head** %139, align 8 %140 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 0 store volatile %struct.list_head* %138, %struct.list_head** %140, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %137, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %135, align 8 %141 = load %struct.css_set*, %struct.css_set** %131, align 8 tail call void @put_css_set_locked(%struct.css_set* %141) #79 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_end 1 cgroup_procs_release ------------- Path:  Function:cgroup_procs_release %2 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %3 = bitcast i8** %2 to %struct.cgroup_file_ctx** %4 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %3, align 8 %5 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 0 %6 = load i8, i8* %5, align 8, !range !4 %7 = icmp eq i8 %6, 0 br i1 %7, label %10, label %8 %9 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 1 tail call void @css_task_iter_end(%struct.css_task_iter* %9) #78 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 %14 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %15 = load %struct.css_set*, %struct.css_set** %14, align 8 %16 = icmp eq %struct.css_set* %15, null br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.css_set, %struct.css_set* %15, i64 0, i32 1 %19 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %18) #78 br i1 %19, label %22, label %20 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 tail call void @put_css_set_locked(%struct.css_set* nonnull %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_end 1 cgroup_procs_release ------------- Path:  Function:cgroup_procs_release %2 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %3 = bitcast i8** %2 to %struct.cgroup_file_ctx** %4 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %3, align 8 %5 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 0 %6 = load i8, i8* %5, align 8, !range !4 %7 = icmp eq i8 %6, 0 br i1 %7, label %10, label %8 %9 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 1 tail call void @css_task_iter_end(%struct.css_task_iter* %9) #78 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 %14 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %15 = load %struct.css_set*, %struct.css_set** %14, align 8 %16 = icmp eq %struct.css_set* %15, null br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.css_set, %struct.css_set* %15, i64 0, i32 1 %19 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %18) #78 br i1 %19, label %22, label %20 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 tail call void @put_css_set_locked(%struct.css_set* nonnull %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_end 1 __cgroup_procs_start 2 cgroup_procs_start ------------- Path:  Function:cgroup_procs_start %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.kernfs_open_file** %5 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %4, align 8 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %5, i64 0, i32 0 %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 2 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %9, i64 0, i32 8 %11 = bitcast i8** %10 to %struct.cgroup** %12 = load %struct.cgroup*, %struct.cgroup** %11, align 8 %13 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 8 %14 = bitcast i8** %13 to %struct.cftype** %15 = load %struct.cftype*, %struct.cftype** %14, align 8 %16 = getelementptr inbounds %struct.cftype, %struct.cftype* %15, i64 0, i32 5 %17 = load %struct.cgroup_subsys*, %struct.cgroup_subsys** %16, align 8 %18 = icmp eq %struct.cgroup_subsys* %17, null br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.cgroup_subsys, %struct.cgroup_subsys* %17, i64 0, i32 19 %21 = load i32, i32* %20, align 4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.cgroup, %struct.cgroup* %12, i64 0, i32 18, i64 %22 %24 = load volatile %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %23, align 8 br label %27 %28 = phi %struct.cgroup_subsys_state* [ %24, %19 ], [ %26, %25 ] %29 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %28, i64 0, i32 0 %30 = load %struct.cgroup*, %struct.cgroup** %29, align 8 %31 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %30, i64 0, i32 22 %32 = load %struct.cgroup*, %struct.cgroup** %31, align 8 %33 = icmp eq %struct.cgroup* %32, %30 br i1 %33, label %34, label %36 %35 = tail call fastcc i8* @__cgroup_procs_start(%struct.seq_file* %0, i64* %1, i32 3) #78 Function:__cgroup_procs_start %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 0 %8 = load %struct.kernfs_node*, %struct.kernfs_node** %7, align 8 %9 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %8, i64 0, i32 2 %10 = load %struct.kernfs_node*, %struct.kernfs_node** %9, align 8 %11 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %10, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.cgroup** %13 = load %struct.cgroup*, %struct.cgroup** %12, align 8 %14 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %8, i64 0, i32 8 %15 = bitcast i8** %14 to %struct.cftype** %16 = load %struct.cftype*, %struct.cftype** %15, align 8 %17 = getelementptr inbounds %struct.cftype, %struct.cftype* %16, i64 0, i32 5 %18 = load %struct.cgroup_subsys*, %struct.cgroup_subsys** %17, align 8 %19 = icmp eq %struct.cgroup_subsys* %18, null br i1 %19, label %26, label %20 %21 = getelementptr inbounds %struct.cgroup_subsys, %struct.cgroup_subsys* %18, i64 0, i32 19 %22 = load i32, i32* %21, align 4 %23 = sext i32 %22 to i64 %24 = getelementptr %struct.cgroup, %struct.cgroup* %13, i64 0, i32 18, i64 %23 %25 = load volatile %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %24, align 8 br label %28 %29 = phi %struct.cgroup_subsys_state* [ %25, %20 ], [ %27, %26 ] %30 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %29, i64 0, i32 0 %31 = load %struct.cgroup*, %struct.cgroup** %30, align 8 %32 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %33 = bitcast i8** %32 to %struct.cgroup_file_ctx** %34 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %33, align 8 %35 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %34, i64 0, i32 2, i32 1 %36 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %34, i64 0, i32 2, i32 0 %37 = load i8, i8* %36, align 8, !range !4 %38 = icmp eq i8 %37, 0 %39 = load i64, i64* %1, align 8 %40 = icmp eq i64 %39, 0 br i1 %38, label %41, label %67 br i1 %40, label %68, label %92 tail call void @css_task_iter_end(%struct.css_task_iter* %35) #79 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 %14 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %15 = load %struct.css_set*, %struct.css_set** %14, align 8 %16 = icmp eq %struct.css_set* %15, null br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.css_set, %struct.css_set* %15, i64 0, i32 1 %19 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %18) #78 br i1 %19, label %22, label %20 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 tail call void @put_css_set_locked(%struct.css_set* nonnull %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_end 1 __cgroup_procs_start 2 cgroup_threads_start ------------- Path:  Function:cgroup_threads_start %3 = tail call fastcc i8* @__cgroup_procs_start(%struct.seq_file* %0, i64* %1, i32 0) #78 Function:__cgroup_procs_start %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 0 %8 = load %struct.kernfs_node*, %struct.kernfs_node** %7, align 8 %9 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %8, i64 0, i32 2 %10 = load %struct.kernfs_node*, %struct.kernfs_node** %9, align 8 %11 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %10, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.cgroup** %13 = load %struct.cgroup*, %struct.cgroup** %12, align 8 %14 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %8, i64 0, i32 8 %15 = bitcast i8** %14 to %struct.cftype** %16 = load %struct.cftype*, %struct.cftype** %15, align 8 %17 = getelementptr inbounds %struct.cftype, %struct.cftype* %16, i64 0, i32 5 %18 = load %struct.cgroup_subsys*, %struct.cgroup_subsys** %17, align 8 %19 = icmp eq %struct.cgroup_subsys* %18, null br i1 %19, label %26, label %20 %21 = getelementptr inbounds %struct.cgroup_subsys, %struct.cgroup_subsys* %18, i64 0, i32 19 %22 = load i32, i32* %21, align 4 %23 = sext i32 %22 to i64 %24 = getelementptr %struct.cgroup, %struct.cgroup* %13, i64 0, i32 18, i64 %23 %25 = load volatile %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %24, align 8 br label %28 %29 = phi %struct.cgroup_subsys_state* [ %25, %20 ], [ %27, %26 ] %30 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %29, i64 0, i32 0 %31 = load %struct.cgroup*, %struct.cgroup** %30, align 8 %32 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %33 = bitcast i8** %32 to %struct.cgroup_file_ctx** %34 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %33, align 8 %35 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %34, i64 0, i32 2, i32 1 %36 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %34, i64 0, i32 2, i32 0 %37 = load i8, i8* %36, align 8, !range !4 %38 = icmp eq i8 %37, 0 %39 = load i64, i64* %1, align 8 %40 = icmp eq i64 %39, 0 br i1 %38, label %41, label %67 br i1 %40, label %68, label %92 tail call void @css_task_iter_end(%struct.css_task_iter* %35) #79 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 %14 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 9 %15 = load %struct.css_set*, %struct.css_set** %14, align 8 %16 = icmp eq %struct.css_set* %15, null br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.css_set, %struct.css_set* %15, i64 0, i32 1 %19 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %18) #78 br i1 %19, label %22, label %20 %21 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 tail call void @put_css_set_locked(%struct.css_set* nonnull %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_end 1 cgroup_procs_release ------------- Path:  Function:cgroup_procs_release %2 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %3 = bitcast i8** %2 to %struct.cgroup_file_ctx** %4 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %3, align 8 %5 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 0 %6 = load i8, i8* %5, align 8, !range !4 %7 = icmp eq i8 %6, 0 br i1 %7, label %10, label %8 %9 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 1 tail call void @css_task_iter_end(%struct.css_task_iter* %9) #78 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 1 %7 = load %struct.list_head*, %struct.list_head** %6, align 8 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 0 %9 = load %struct.list_head*, %struct.list_head** %8, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %9, %struct.list_head** %11, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %8, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %6, align 8 %12 = load %struct.css_set*, %struct.css_set** %2, align 8 tail call void @put_css_set_locked(%struct.css_set* %12) #79 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_end 1 cgroup_procs_release ------------- Path:  Function:cgroup_procs_release %2 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %3 = bitcast i8** %2 to %struct.cgroup_file_ctx** %4 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %3, align 8 %5 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 0 %6 = load i8, i8* %5, align 8, !range !4 %7 = icmp eq i8 %6, 0 br i1 %7, label %10, label %8 %9 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %4, i64 0, i32 2, i32 1 tail call void @css_task_iter_end(%struct.css_task_iter* %9) #78 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 1 %7 = load %struct.list_head*, %struct.list_head** %6, align 8 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 0 %9 = load %struct.list_head*, %struct.list_head** %8, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %9, %struct.list_head** %11, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %8, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %6, align 8 %12 = load %struct.css_set*, %struct.css_set** %2, align 8 tail call void @put_css_set_locked(%struct.css_set* %12) #79 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_end 1 __cgroup_procs_start 2 cgroup_procs_start ------------- Path:  Function:cgroup_procs_start %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.kernfs_open_file** %5 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %4, align 8 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %5, i64 0, i32 0 %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 2 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %9, i64 0, i32 8 %11 = bitcast i8** %10 to %struct.cgroup** %12 = load %struct.cgroup*, %struct.cgroup** %11, align 8 %13 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 8 %14 = bitcast i8** %13 to %struct.cftype** %15 = load %struct.cftype*, %struct.cftype** %14, align 8 %16 = getelementptr inbounds %struct.cftype, %struct.cftype* %15, i64 0, i32 5 %17 = load %struct.cgroup_subsys*, %struct.cgroup_subsys** %16, align 8 %18 = icmp eq %struct.cgroup_subsys* %17, null br i1 %18, label %25, label %19 %20 = getelementptr inbounds %struct.cgroup_subsys, %struct.cgroup_subsys* %17, i64 0, i32 19 %21 = load i32, i32* %20, align 4 %22 = sext i32 %21 to i64 %23 = getelementptr %struct.cgroup, %struct.cgroup* %12, i64 0, i32 18, i64 %22 %24 = load volatile %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %23, align 8 br label %27 %28 = phi %struct.cgroup_subsys_state* [ %24, %19 ], [ %26, %25 ] %29 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %28, i64 0, i32 0 %30 = load %struct.cgroup*, %struct.cgroup** %29, align 8 %31 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %30, i64 0, i32 22 %32 = load %struct.cgroup*, %struct.cgroup** %31, align 8 %33 = icmp eq %struct.cgroup* %32, %30 br i1 %33, label %34, label %36 %35 = tail call fastcc i8* @__cgroup_procs_start(%struct.seq_file* %0, i64* %1, i32 3) #78 Function:__cgroup_procs_start %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 0 %8 = load %struct.kernfs_node*, %struct.kernfs_node** %7, align 8 %9 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %8, i64 0, i32 2 %10 = load %struct.kernfs_node*, %struct.kernfs_node** %9, align 8 %11 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %10, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.cgroup** %13 = load %struct.cgroup*, %struct.cgroup** %12, align 8 %14 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %8, i64 0, i32 8 %15 = bitcast i8** %14 to %struct.cftype** %16 = load %struct.cftype*, %struct.cftype** %15, align 8 %17 = getelementptr inbounds %struct.cftype, %struct.cftype* %16, i64 0, i32 5 %18 = load %struct.cgroup_subsys*, %struct.cgroup_subsys** %17, align 8 %19 = icmp eq %struct.cgroup_subsys* %18, null br i1 %19, label %26, label %20 %21 = getelementptr inbounds %struct.cgroup_subsys, %struct.cgroup_subsys* %18, i64 0, i32 19 %22 = load i32, i32* %21, align 4 %23 = sext i32 %22 to i64 %24 = getelementptr %struct.cgroup, %struct.cgroup* %13, i64 0, i32 18, i64 %23 %25 = load volatile %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %24, align 8 br label %28 %29 = phi %struct.cgroup_subsys_state* [ %25, %20 ], [ %27, %26 ] %30 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %29, i64 0, i32 0 %31 = load %struct.cgroup*, %struct.cgroup** %30, align 8 %32 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %33 = bitcast i8** %32 to %struct.cgroup_file_ctx** %34 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %33, align 8 %35 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %34, i64 0, i32 2, i32 1 %36 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %34, i64 0, i32 2, i32 0 %37 = load i8, i8* %36, align 8, !range !4 %38 = icmp eq i8 %37, 0 %39 = load i64, i64* %1, align 8 %40 = icmp eq i64 %39, 0 br i1 %38, label %41, label %67 br i1 %40, label %68, label %92 tail call void @css_task_iter_end(%struct.css_task_iter* %35) #79 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 1 %7 = load %struct.list_head*, %struct.list_head** %6, align 8 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 0 %9 = load %struct.list_head*, %struct.list_head** %8, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %9, %struct.list_head** %11, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %8, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %6, align 8 %12 = load %struct.css_set*, %struct.css_set** %2, align 8 tail call void @put_css_set_locked(%struct.css_set* %12) #79 ------------- Use: =BAD PATH= Call Stack: 0 css_task_iter_end 1 __cgroup_procs_start 2 cgroup_threads_start ------------- Path:  Function:cgroup_threads_start %3 = tail call fastcc i8* @__cgroup_procs_start(%struct.seq_file* %0, i64* %1, i32 0) #78 Function:__cgroup_procs_start %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.kernfs_open_file** %6 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %5, align 8 %7 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 0 %8 = load %struct.kernfs_node*, %struct.kernfs_node** %7, align 8 %9 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %8, i64 0, i32 2 %10 = load %struct.kernfs_node*, %struct.kernfs_node** %9, align 8 %11 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %10, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.cgroup** %13 = load %struct.cgroup*, %struct.cgroup** %12, align 8 %14 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %8, i64 0, i32 8 %15 = bitcast i8** %14 to %struct.cftype** %16 = load %struct.cftype*, %struct.cftype** %15, align 8 %17 = getelementptr inbounds %struct.cftype, %struct.cftype* %16, i64 0, i32 5 %18 = load %struct.cgroup_subsys*, %struct.cgroup_subsys** %17, align 8 %19 = icmp eq %struct.cgroup_subsys* %18, null br i1 %19, label %26, label %20 %21 = getelementptr inbounds %struct.cgroup_subsys, %struct.cgroup_subsys* %18, i64 0, i32 19 %22 = load i32, i32* %21, align 4 %23 = sext i32 %22 to i64 %24 = getelementptr %struct.cgroup, %struct.cgroup* %13, i64 0, i32 18, i64 %23 %25 = load volatile %struct.cgroup_subsys_state*, %struct.cgroup_subsys_state** %24, align 8 br label %28 %29 = phi %struct.cgroup_subsys_state* [ %25, %20 ], [ %27, %26 ] %30 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %29, i64 0, i32 0 %31 = load %struct.cgroup*, %struct.cgroup** %30, align 8 %32 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %6, i64 0, i32 3 %33 = bitcast i8** %32 to %struct.cgroup_file_ctx** %34 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %33, align 8 %35 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %34, i64 0, i32 2, i32 1 %36 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %34, i64 0, i32 2, i32 0 %37 = load i8, i8* %36, align 8, !range !4 %38 = icmp eq i8 %37, 0 %39 = load i64, i64* %1, align 8 %40 = icmp eq i64 %39, 0 br i1 %38, label %41, label %67 br i1 %40, label %68, label %92 tail call void @css_task_iter_end(%struct.css_task_iter* %35) #79 Function:css_task_iter_end %2 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 8 %3 = load %struct.css_set*, %struct.css_set** %2, align 8 %4 = icmp eq %struct.css_set* %3, null br i1 %4, label %13, label %5 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #78 %6 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 1 %7 = load %struct.list_head*, %struct.list_head** %6, align 8 %8 = getelementptr inbounds %struct.css_task_iter, %struct.css_task_iter* %0, i64 0, i32 11, i32 0 %9 = load %struct.list_head*, %struct.list_head** %8, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %9, %struct.list_head** %11, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %8, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %6, align 8 %12 = load %struct.css_set*, %struct.css_set** %2, align 8 tail call void @put_css_set_locked(%struct.css_set* %12) #79 ------------- Good: 197 Bad: 18 Ignored: 41 Check Use of Function:lookup_user_key Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_keyring_ID 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %22 = tail call i64 @keyctl_get_keyring_ID(i32 %17, i32 %18) #78 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 4) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %27 = inttoptr i64 %9 to i8* %28 = tail call i64 @keyctl_update_key(i32 %17, i8* %27, i64 %12) #78 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #78 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #78 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #78 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #78 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #78 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_revoke_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %30 = tail call i64 @keyctl_revoke_key(i32 %17) #78 Function:keyctl_revoke_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %73 = tail call i64 @keyctl_invalidate_key(i32 %17) #78 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %246 = trunc i64 %1 to i32 %247 = tail call i64 @keyctl_invalidate_key(i32 %246) #78 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %246 = trunc i64 %1 to i32 %247 = tail call i64 @keyctl_invalidate_key(i32 %246) #78 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %35 = tail call i64 @keyctl_keyring_clear(i32 %17) #78 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #78 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #78 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_link 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %37 = tail call i64 @keyctl_keyring_link(i32 %17, i32 %18) #78 Function:keyctl_keyring_link %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %39 = tail call i64 @keyctl_keyring_unlink(i32 %17, i32 %18) #78 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #78 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #78 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %97 = tail call i64 @keyctl_keyring_move(i32 %17, i32 %18, i32 %19, i32 %20) #78 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %273 = trunc i64 %1 to i32 %274 = trunc i64 %2 to i32 %275 = trunc i64 %3 to i32 %276 = trunc i64 %4 to i32 %277 = tail call i64 @keyctl_keyring_move(i32 %273, i32 %274, i32 %275, i32 %276) #78 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %273 = trunc i64 %1 to i32 %274 = trunc i64 %2 to i32 %275 = trunc i64 %3 to i32 %276 = trunc i64 %4 to i32 %277 = tail call i64 @keyctl_keyring_move(i32 %273, i32 %274, i32 %275, i32 %276) #78 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %32 = inttoptr i64 %9 to i8* %33 = tail call i64 @keyctl_describe_key(i32 %17, i8* %32, i64 %12) #78 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #78 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #78 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %45 = inttoptr i64 %9 to i8* %46 = tail call i64 @keyctl_read_key(i32 %17, i8* %45, i64 %12) #78 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 10) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #78 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 10) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #78 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 10) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %48 = tail call i64 @keyctl_chown_key(i32 %17, i32 %18, i32 %19) #78 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #78 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #78 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_setperm_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %50 = tail call i64 @keyctl_setperm_key(i32 %17, i32 %18) #78 Function:keyctl_setperm_key %3 = and i32 %1, -1061109568 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %28 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key_common 1 keyctl_instantiate_key 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %52 = inttoptr i64 %9 to i8* %53 = tail call i64 @keyctl_instantiate_key(i32 %17, i8* %52, i64 %12, i32 %20) #78 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %22 = tail call fastcc i64 @keyctl_instantiate_key_common(i32 %0, %struct.iov_iter* null, i32 %3) #79 Function:keyctl_instantiate_key_common %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269667**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.269667* %6 = getelementptr inbounds %struct.task_struct.269667, %struct.task_struct.269667* %5, i64 0, i32 85 %7 = load %struct.cred.269368*, %struct.cred.269368** %6, align 64 %8 = icmp eq %struct.iov_iter* %1, null br i1 %8, label %15, label %9 %16 = phi %struct.iov_iter* [ %1, %13 ], [ null, %9 ], [ null, %3 ] %17 = phi i64 [ %11, %13 ], [ 0, %9 ], [ 0, %3 ] %18 = getelementptr inbounds %struct.cred.269368, %struct.cred.269368* %7, i64 0, i32 19 %19 = load %struct.key.269343*, %struct.key.269343** %18, align 8 %20 = icmp eq %struct.key.269343* %19, null br i1 %20, label %88, label %21 %22 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %19, i64 0, i32 16, i32 0, i32 0, i64 0 %23 = bitcast i8** %22 to %struct.request_key_auth.269670** %24 = load %struct.request_key_auth.269670*, %struct.request_key_auth.269670** %23, align 8 %25 = getelementptr inbounds %struct.request_key_auth.269670, %struct.request_key_auth.269670* %24, i64 0, i32 1 %26 = load %struct.key.269343*, %struct.key.269343** %25, align 8 %27 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %0 br i1 %29, label %30, label %88 %31 = icmp eq %struct.iov_iter* %16, null br i1 %31, label %39, label %32 %33 = tail call i8* @kvmalloc_node(i64 %17, i32 3264, i32 -1) #78 %34 = icmp eq i8* %33, null br i1 %34, label %88, label %35 %36 = tail call i64 @_copy_from_iter(i8* nonnull %33, i64 %17, %struct.iov_iter* nonnull %16) #78 %37 = icmp eq i64 %36, %17 br i1 %37, label %39, label %38, !prof !5, !misexpect !6 %40 = phi i8* [ null, %30 ], [ %33, %35 ] %41 = icmp eq i32 %2, 0 br i1 %41, label %72, label %42 %43 = icmp sgt i32 %2, 0 br i1 %43, label %44, label %51 %45 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %2, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %68 = tail call i64 @keyctl_reject_key(i32 %17, i32 %18, i32 %19, i32 %20) #78 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269667**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.269667* %7 = getelementptr inbounds %struct.task_struct.269667, %struct.task_struct.269667* %6, i64 0, i32 85 %8 = load %struct.cred.269368*, %struct.cred.269368** %7, align 64 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.269368, %struct.cred.269368* %8, i64 0, i32 19 %16 = load %struct.key.269343*, %struct.key.269343** %15, align 8 %17 = icmp eq %struct.key.269343* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.269670** %21 = load %struct.request_key_auth.269670*, %struct.request_key_auth.269670** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.269670, %struct.request_key_auth.269670* %21, i64 0, i32 1 %23 = load %struct.key.269343*, %struct.key.269343** %22, align 8 %24 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %32 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #78 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269667**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.269667* %7 = getelementptr inbounds %struct.task_struct.269667, %struct.task_struct.269667* %6, i64 0, i32 85 %8 = load %struct.cred.269368*, %struct.cred.269368** %7, align 64 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.269368, %struct.cred.269368* %8, i64 0, i32 19 %16 = load %struct.key.269343*, %struct.key.269343** %15, align 8 %17 = icmp eq %struct.key.269343* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.269670** %21 = load %struct.request_key_auth.269670*, %struct.request_key_auth.269670** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.269670, %struct.request_key_auth.269670* %21, i64 0, i32 1 %23 = load %struct.key.269343*, %struct.key.269343** %22, align 8 %24 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %32 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %221 = trunc i64 %1 to i32 %222 = trunc i64 %2 to i32 %223 = trunc i64 %3 to i32 %224 = trunc i64 %4 to i32 %225 = tail call i64 @keyctl_reject_key(i32 %221, i32 %222, i32 %223, i32 %224) #78 Function:keyctl_reject_key %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269667**)) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct.269667* %7 = getelementptr inbounds %struct.task_struct.269667, %struct.task_struct.269667* %6, i64 0, i32 85 %8 = load %struct.cred.269368*, %struct.cred.269368** %7, align 64 %9 = add i32 %2, -1 %10 = icmp ugt i32 %9, 4093 br i1 %10, label %77, label %11 %12 = add i32 %2, -512 %13 = icmp ult i32 %12, 5 br i1 %13, label %72, label %14 %73 = trunc i32 %12 to i8 %74 = lshr i8 23, %73 %75 = and i8 %74, 1 %76 = icmp eq i8 %75, 0 br i1 %76, label %14, label %77 %15 = getelementptr inbounds %struct.cred.269368, %struct.cred.269368* %8, i64 0, i32 19 %16 = load %struct.key.269343*, %struct.key.269343** %15, align 8 %17 = icmp eq %struct.key.269343* %16, null br i1 %17, label %77, label %18 %19 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %16, i64 0, i32 16, i32 0, i32 0, i64 0 %20 = bitcast i8** %19 to %struct.request_key_auth.269670** %21 = load %struct.request_key_auth.269670*, %struct.request_key_auth.269670** %20, align 8 %22 = getelementptr inbounds %struct.request_key_auth.269670, %struct.request_key_auth.269670* %21, i64 0, i32 1 %23 = load %struct.key.269343*, %struct.key.269343** %22, align 8 %24 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %23, i64 0, i32 1 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, %0 br i1 %26, label %27, label %77 %28 = icmp eq i32 %3, 0 br i1 %28, label %59, label %29 %30 = icmp sgt i32 %3, 0 br i1 %30, label %31, label %38 %32 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %59 = tail call i64 @keyctl_set_timeout(i32 %17, i32 %18) #78 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %208 = trunc i64 %1 to i32 %209 = trunc i64 %2 to i32 %210 = tail call i64 @keyctl_set_timeout(i32 %208, i32 %209) #78 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %208 = trunc i64 %1 to i32 %209 = trunc i64 %2 to i32 %210 = tail call i64 @keyctl_set_timeout(i32 %208, i32 %209) #78 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %63 = inttoptr i64 %9 to i8* %64 = tail call i64 @keyctl_get_security(i32 %17, i8* %63, i64 %12) #78 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* store i8* null, i8** %4, align 8 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %215 = trunc i64 %1 to i32 %216 = inttoptr i64 %2 to i8* %217 = tail call i64 @keyctl_get_security(i32 %215, i8* %216, i64 %3) #78 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* store i8* null, i8** %4, align 8 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %215 = trunc i64 %1 to i32 %216 = inttoptr i64 %2 to i8* %217 = tail call i64 @keyctl_get_security(i32 %215, i8* %216, i64 %3) #78 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* store i8* null, i8** %4, align 8 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %66 = tail call i64 @keyctl_session_to_parent() #78 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %219 = tail call i64 @keyctl_session_to_parent() #78 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %219 = tail call i64 @keyctl_session_to_parent() #78 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %75 = inttoptr i64 %9 to i8* %76 = inttoptr i64 %12 to i8* %77 = tail call i64 @keyctl_restrict_keyring(i32 %17, i8* %75, i8* %76) #78 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %249 = trunc i64 %1 to i32 %250 = inttoptr i64 %2 to i8* %251 = inttoptr i64 %3 to i8* %252 = tail call i64 @keyctl_restrict_keyring(i32 %249, i8* %250, i8* %251) #78 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %249 = trunc i64 %1 to i32 %250 = inttoptr i64 %2 to i8* %251 = inttoptr i64 %3 to i8* %252 = tail call i64 @keyctl_restrict_keyring(i32 %249, i8* %250, i8* %251) #78 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %293 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %293 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 6) #78 ------------- Good: 20 Bad: 55 Ignored: 0 Check Use of Function:cpumask_weight.6780 Check Use of Function:copy_thread Check Use of Function:__SCT__tp_func_task_newtask Check Use of Function:sched_cgroup_fork Check Use of Function:clear_posix_cputimers_work Check Use of Function:proc_fork_connector Check Use of Function:get_task_io_context Use: =BAD PATH= Call Stack: 0 set_task_ioprio 1 __se_sys_ioprio_set 2 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #78 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #78 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #78 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #78 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295739* (%struct.task_struct.295774*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_task_ioprio 1 __se_sys_ioprio_set 2 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #78 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #78 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #78 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #78 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295739* (%struct.task_struct.295774*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #78 ------------- Good: 3 Bad: 2 Ignored: 1 Check Use of Function:cgroup_post_fork Check Use of Function:perf_event_fork Check Use of Function:exit_thread Check Use of Function:exit_io_context Check Use of Function:inet_addr_type_table Use: =BAD PATH= Call Stack: 0 ping_bind ------------- Path:  Function:ping_bind %4 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %5 = load i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %7 = load %struct.net*, %struct.net** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 3 %9 = load i16, i16* %8, align 8 switch i16 %9, label %207 [ i16 2, label %10 i16 10, label %44 ] %11 = icmp ult i32 %2, 16 br i1 %11, label %207, label %12 %13 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %14 = load i16, i16* %13, align 4 switch i16 %14, label %207 [ i16 2, label %20 i16 0, label %15 ] %21 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 2 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = tail call i32 bitcast (i32 (%struct.net.767947*, i32, i32)* @inet_addr_type_table to i32 (%struct.net*, i32, i32)*)(%struct.net* %7, i32 %23, i32 255) #78 ------------- Good: 4 Bad: 1 Ignored: 9 Check Use of Function:fib_table_delete Check Use of Function:fib_new_table Check Use of Function:fib_table_insert Check Use of Function:fat_trim_fs Check Use of Function:exit_sem Check Use of Function:exit_shm Check Use of Function:switch_task_namespaces Check Use of Function:create_new_namespaces Check Use of Function:security_vm_enough_memory_mm Use: =BAD PATH= Call Stack: 0 __shmem_file_setup 1 shmem_zero_setup 2 mmap_zero ------------- Path:  Function:mmap_zero %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 @shmem_zero_setup(%struct.vm_area_struct* %1) #78 Function:shmem_zero_setup %2 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = sub i64 %3, %5 %7 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = load %struct.vfsmount*, %struct.vfsmount** @shm_mnt, align 8 %10 = tail call fastcc %struct.file* @__shmem_file_setup(%struct.vfsmount* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.13.13370, i64 0, i64 0), i64 %6, i64 %8, i32 512) #78 Function:__shmem_file_setup %6 = icmp ugt %struct.vfsmount* %0, inttoptr (i64 -4096 to %struct.vfsmount*) br i1 %6, label %7, label %9 %10 = icmp slt i64 %2, 0 br i1 %10, label %42, label %11 %12 = and i64 %3, 2097152 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 38 %18 = load %struct.mm_struct*, %struct.mm_struct** %17, align 64 %19 = add nuw i64 %2, 4095 %20 = ashr i64 %19, 12 %21 = tail call i32 @security_vm_enough_memory_mm(%struct.mm_struct* %18, i64 %20) #78 ------------- Good: 23 Bad: 1 Ignored: 9 Check Use of Function:disable_swap_slots_cache_lock Check Use of Function:reenable_swap_slots_cache_unlock Check Use of Function:percpu_ref_kill_and_confirm Use: =BAD PATH= Call Stack: 0 kill_ioctx 1 __se_sys_io_destroy 2 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #78 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #78 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !10, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17691, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !11 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %46 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 13 store %struct.ctx_rq_wait* %2, %struct.ctx_rq_wait** %46, align 32 %47 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 0 tail call void @percpu_ref_kill_and_confirm(%struct.percpu_ref* %47, void (%struct.percpu_ref*)* null) #78 ------------- Use: =BAD PATH= Call Stack: 0 kill_ioctx 1 __se_sys_io_destroy 2 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #78 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #78 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !10, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17691, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !11 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %46 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 13 store %struct.ctx_rq_wait* %2, %struct.ctx_rq_wait** %46, align 32 %47 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 0 tail call void @percpu_ref_kill_and_confirm(%struct.percpu_ref* %47, void (%struct.percpu_ref*)* null) #78 ------------- Good: 28 Bad: 2 Ignored: 7 Check Use of Function:pc_nvram_initialize Check Use of Function:security_context_to_sid_force Check Use of Function:vfs_clean_context Check Use of Function:dissolve_on_fput Check Use of Function:dec_usb_memory_use_count Check Use of Function:dev_valid_name Check Use of Function:ipip6_tunnel_update Check Use of Function:ipip6_tunnel_create Check Use of Function:put_ipc_ns Use: =BAD PATH= Call Stack: 0 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 mqueue_create_attr 1 mqueue_create ------------- Path:  Function:mqueue_create %6 = tail call i32 @mqueue_create_attr(%struct.dentry* %2, i16 zeroext %3, i8* null) #78 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #78 %9 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace** %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 16 %14 = icmp eq %struct.ipc_namespace* %13, null br i1 %14, label %65, label %15 %66 = phi i32 [ %44, %42 ], [ -28, %32 ], [ -13, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 br i1 %14, label %68, label %67 tail call void @put_ipc_ns(%struct.ipc_namespace* nonnull %13) #78 ------------- Good: 11 Bad: 2 Ignored: 4 Check Use of Function:inet6_addr_del Check Use of Function:kthread_stop Check Use of Function:kthread_bind_mask Check Use of Function:clockevents_config_and_register Check Use of Function:pci_connect_tech_setup Check Use of Function:pci_xr17c154_setup Check Use of Function:pci_xr17v35x_setup Check Use of Function:serial8250_register_8250_port Check Use of Function:ata_host_register Check Use of Function:ata_port_desc Check Use of Function:ioremap_cache Use: =BAD PATH= Call Stack: 0 memremap 1 setup_data_data_read ------------- Path:  Function:setup_data_data_read %7 = alloca i32, align 4 %8 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %9 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 0, i32 0 %10 = load i8*, i8** %9, align 8 %11 = call i32 @kstrtoint(i8* %10, i32 10, i32* nonnull %7) #78 %12 = icmp eq i32 %11, 0 br i1 %12, label %15, label %13 %16 = load i32, i32* %7, align 4 %17 = load i64, i64* getelementptr inbounds (%struct.boot_params, %struct.boot_params* @boot_params, i64 0, i32 27, i32 34), align 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %88, label %19 %20 = phi i64 [ %28, %26 ], [ %17, %15 ] %21 = phi i32 [ %29, %26 ], [ 0, %15 ] %22 = icmp eq i32 %21, %16 %23 = call i8* @memremap(i64 %20, i64 16, i64 1) #78 Function:memremap %4 = alloca i64, align 8 store i64 %0, i64* %4, align 8 %5 = tail call i32 @region_intersects(i64 %0, i64 %1, i64 16777728, i64 0) #78 %6 = icmp eq i64 %2, 0 br i1 %6, label %44, label %7 %8 = icmp eq i32 %5, 2 br i1 %8, label %9, label %12 %13 = and i64 %2, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %22, label %15 %16 = icmp eq i32 %5, 0 br i1 %16, label %17, label %20 %21 = tail call i8* @ioremap_cache(i64 %0, i64 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 memremap 1 type_show ------------- Path:  Function:type_show %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %6 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 0, i32 0 %7 = load i8*, i8** %6, align 8 %8 = call i32 @kstrtoint(i8* %7, i32 10, i32* nonnull %4) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %13 = load i32, i32* %4, align 4 %14 = load i64, i64* getelementptr inbounds (%struct.boot_params, %struct.boot_params* @boot_params, i64 0, i32 27, i32 34), align 1 %15 = icmp eq i64 %14, 0 br i1 %15, label %51, label %16 %17 = phi i64 [ %25, %23 ], [ %14, %12 ] %18 = phi i32 [ %26, %23 ], [ 0, %12 ] %19 = icmp eq i32 %18, %13 %20 = call i8* @memremap(i64 %17, i64 16, i64 1) #78 Function:memremap %4 = alloca i64, align 8 store i64 %0, i64* %4, align 8 %5 = tail call i32 @region_intersects(i64 %0, i64 %1, i64 16777728, i64 0) #78 %6 = icmp eq i64 %2, 0 br i1 %6, label %44, label %7 %8 = icmp eq i32 %5, 2 br i1 %8, label %9, label %12 %13 = and i64 %2, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %22, label %15 %16 = icmp eq i32 %5, 0 br i1 %16, label %17, label %20 %21 = tail call i8* @ioremap_cache(i64 %0, i64 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 memremap 1 setup_data_read ------------- Path:  Function:setup_data_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.arch_uprobe_task** %7 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %6, align 8 %8 = load i64, i64* %3, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %37, label %10 %11 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %12 = load i32, i32* %11, align 4 %13 = zext i32 %12 to i64 %14 = icmp slt i64 %8, %13 br i1 %14, label %15, label %37 %16 = sub nsw i64 %13, %8 %17 = icmp ult i64 %16, %2 %18 = select i1 %17, i64 %16, i64 %2 %19 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = add i64 %20, %8 %22 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %23 = load i32, i32* %22, align 8 %24 = icmp ult i32 %23, -2147483647 %25 = add i64 %21, 16 %26 = select i1 %24, i64 %25, i64 %21 %27 = tail call i8* @memremap(i64 %26, i64 %18, i64 1) #78 Function:memremap %4 = alloca i64, align 8 store i64 %0, i64* %4, align 8 %5 = tail call i32 @region_intersects(i64 %0, i64 %1, i64 16777728, i64 0) #78 %6 = icmp eq i64 %2, 0 br i1 %6, label %44, label %7 %8 = icmp eq i32 %5, 2 br i1 %8, label %9, label %12 %13 = and i64 %2, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %22, label %15 %16 = icmp eq i32 %5, 0 br i1 %16, label %17, label %20 %21 = tail call i8* @ioremap_cache(i64 %0, i64 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 memremap 1 xlate_dev_mem_ptr 2 write_mem ------------- Path:  Function:write_mem %5 = load i64, i64* %3, align 8 %6 = tail call i32 @valid_phys_addr_range(i64 %5, i64 %2) #78 %7 = icmp eq i32 %6, 0 br i1 %7, label %64, label %8 %9 = icmp eq i64 %2, 0 br i1 %9, label %60, label %10 %11 = phi i64 [ %37, %59 ], [ 0, %8 ] %12 = phi i64 [ %35, %59 ], [ %5, %8 ] %13 = phi i64 [ %36, %59 ], [ %2, %8 ] %14 = phi i8* [ %34, %59 ], [ %1, %8 ] %15 = and i64 %12, 4095 %16 = sub nuw nsw i64 4096, %15 %17 = icmp ult i64 %16, %13 %18 = select i1 %17, i64 %16, i64 %13 %19 = lshr i64 %12, 12 %20 = tail call i32 @devmem_is_allowed(i64 %19) #78 switch i32 %20, label %33 [ i32 0, label %64 i32 1, label %21 ] %22 = tail call i8* @xlate_dev_mem_ptr(i64 %12) #78 Function:xlate_dev_mem_ptr %2 = and i64 %0, -4096 %3 = tail call i8* @memremap(i64 %2, i64 4096, i64 1) #78 Function:memremap %4 = alloca i64, align 8 store i64 %0, i64* %4, align 8 %5 = tail call i32 @region_intersects(i64 %0, i64 %1, i64 16777728, i64 0) #78 %6 = icmp eq i64 %2, 0 br i1 %6, label %44, label %7 %8 = icmp eq i32 %5, 2 br i1 %8, label %9, label %12 %13 = and i64 %2, 1 %14 = icmp eq i64 %13, 0 br i1 %14, label %22, label %15 %16 = icmp eq i32 %5, 0 br i1 %16, label %17, label %20 %21 = tail call i8* @ioremap_cache(i64 %0, i64 %1) #78 ------------- Good: 55 Bad: 4 Ignored: 22 Check Use of Function:devm_free_irq Check Use of Function:devres_free Check Use of Function:devres_add Check Use of Function:blk_rq_map_user Check Use of Function:device_set_wakeup_capable Check Use of Function:pcie_walk_rcec Check Use of Function:pcie_capability_clear_and_set_word Check Use of Function:acpi_ns_get_attached_object Check Use of Function:acpi_os_release_lock Check Use of Function:acpi_ns_walk_namespace Check Use of Function:acpi_scan_init Check Use of Function:acpi_debugfs_init Check Use of Function:kernfs_fop_write_iter Check Use of Function:acpi_sleep_proc_init Check Use of Function:read_iter_null Check Use of Function:acpi_ec_dsdt_probe Check Use of Function:acpi_run_osc Check Use of Function:acpi_get_handle Check Use of Function:acpi_sysfs_init Check Use of Function:blkdev_write_iter Check Use of Function:bus_register Check Use of Function:__request_region Check Use of Function:acpi_dev_clear_dependencies Check Use of Function:irq_domain_remove Check Use of Function:dmar_fault Check Use of Function:pci_unlock_rescan_remove Check Use of Function:dmar_walk_dsm_resource Check Use of Function:sel_make_dir Check Use of Function:register_syscore_ops Check Use of Function:iommu_device_register Check Use of Function:serport_ldisc_open Check Use of Function:intel_irq_postinstall Check Use of Function:dev_pm_attach_wake_irq Check Use of Function:tg3_read32_mbox_5906 Check Use of Function:tg3_read_indirect_mbox Check Use of Function:tg3_read32 Check Use of Function:tg3_request_irq Check Use of Function:synchronize_irq Use: =BAD PATH= Call Stack: 0 intel_synchronize_irq 1 intel_guc_log_relay_close 2 guc_log_relay_release ------------- Path:  Function:guc_log_relay_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.intel_guc_log.516006** %5 = load %struct.intel_guc_log.516006*, %struct.intel_guc_log.516006** %4, align 8 tail call void bitcast (void (%struct.intel_guc_log.445598*)* @intel_guc_log_relay_close to void (%struct.intel_guc_log.516006*)*)(%struct.intel_guc_log.516006* %5) #78 Function:intel_guc_log_relay_close %2 = getelementptr %struct.intel_guc_log.445598, %struct.intel_guc_log.445598* %0, i64 -1, i32 2, i32 4 %3 = getelementptr inbounds %struct.intel_guc_log.445598, %struct.intel_guc_log.445598* %0, i64 0, i32 2, i32 1 %4 = load i8, i8* %3, align 8, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %19, label %6 %7 = getelementptr %struct.mutex, %struct.mutex* %2, i64 -1 %8 = bitcast %struct.mutex* %2 to %struct.intel_guc.445611* %9 = bitcast %struct.mutex* %7 to %struct.drm_i915_private.445592** %10 = load %struct.drm_i915_private.445592*, %struct.drm_i915_private.445592** %9, align 8 %11 = getelementptr inbounds %struct.mutex, %struct.mutex* %2, i64 16 %12 = bitcast %struct.mutex* %11 to %struct.raw_spinlock* tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #78 %13 = getelementptr inbounds %struct.intel_guc.445611, %struct.intel_guc.445611* %8, i64 0, i32 7 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, -11 store i32 %15, i32* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %16 = bitcast %struct.mutex* %11 to i8* store volatile i8 0, i8* %16, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.drm_i915_private.418528*)* @intel_synchronize_irq to void (%struct.drm_i915_private.445592*)*)(%struct.drm_i915_private.445592* %10) #78 Function:intel_synchronize_irq %2 = getelementptr inbounds %struct.drm_i915_private.418528, %struct.drm_i915_private.418528* %0, i64 0, i32 0, i32 2 %3 = bitcast %struct.device** %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr i8, i8* %4, i64 732 %6 = bitcast i8* %5 to i32* %7 = load i32, i32* %6, align 4 tail call void @synchronize_irq(i32 %7) #78 ------------- Good: 83 Bad: 1 Ignored: 88 Check Use of Function:drm_dev_exit Use: =BAD PATH= Call Stack: 0 i915_gem_mmap ------------- Path:  Function:i915_gem_mmap %3 = alloca i32, align 4 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.drm_file** %6 = load %struct.drm_file*, %struct.drm_file** %5, align 8 %7 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %6, i64 0, i32 13 %8 = load %struct.drm_minor*, %struct.drm_minor** %7, align 8 %9 = getelementptr inbounds %struct.drm_minor, %struct.drm_minor* %8, i64 0, i32 3 %10 = load %struct.drm_device.382396*, %struct.drm_device.382396** %9, align 8 %11 = bitcast i32* %3 to i8* store i32 0, i32* %3, align 4 %12 = call zeroext i1 @drm_dev_enter(%struct.drm_device.382396* %10, i32* nonnull %3) #78 br i1 %12, label %14, label %13 %15 = load i32, i32* %3, align 4 call void @drm_dev_exit(i32 %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl_kernel 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %35 %16 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %17 = bitcast %struct.drm_i915_getparam* %5 to i8* %18 = inttoptr i64 %2 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %16, i8* %18, i64 8) #78 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %33 %22 = bitcast i64* %4 to %struct.util_est* %23 = bitcast i64* %4 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 0 store i32 %24, i32* %25, align 8 %26 = getelementptr inbounds %struct.util_est, %struct.util_est* %22, i64 0, i32 1 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 1 %31 = bitcast i32** %30 to i8** store i8* %29, i8** %31, align 8 %32 = call i64 bitcast (i64 (%struct.file*, i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)*, i8*, i32)* @drm_ioctl_kernel to i64 (%struct.file.435818*, i32 (%struct.drm_device.435917*, i8*, %struct.drm_file.435822*)*, i8*, i32)*)(%struct.file.435818* %0, i32 (%struct.drm_device.435917*, i8*, %struct.drm_file.435822*)* nonnull bitcast (i32 (%struct.drm_device.382396*, i8*, %struct.drm_file*)* @i915_getparam_ioctl to i32 (%struct.drm_device.435917*, i8*, %struct.drm_file.435822*)*), i8* nonnull %17, i32 32) #78 Function:drm_ioctl_kernel %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %10 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %9, align 8 %11 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %10, i64 0, i32 3 %12 = load %struct.drm_device.392954*, %struct.drm_device.392954** %11, align 8 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %12, i32* nonnull %5) #78 br i1 %14, label %16, label %15 %17 = load i32, i32* %5, align 4 call void @drm_dev_exit(i32 %17) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %12 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %12, i64 0, i32 3 %14 = load %struct.drm_device.392954*, %struct.drm_device.392954** %13, align 8 %15 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %14, i32* nonnull %4) #78 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %35 %36 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.435818*, i32, i64)*)(%struct.file.435818* %0, i32 %1, i64 %2) #78 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %12 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %12, i64 0, i32 3 %14 = load %struct.drm_device.392954*, %struct.drm_device.392954** %13, align 8 %15 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %14, i32* nonnull %4) #78 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #78 ------------- Good: 2 Bad: 4 Ignored: 24 Check Use of Function:tg3_poll_fw Check Use of Function:tg3_free_rings Check Use of Function:n_null_open Check Use of Function:mddev_unlock Check Use of Function:tg3_halt Check Use of Function:tg3_read_indirect_reg32 Check Use of Function:audit_seccomp_actions_logged Check Use of Function:iowrite8 Check Use of Function:e1000_clean_rx_ring Check Use of Function:kmalloc_array.52114 Check Use of Function:e1000_phy_reset Check Use of Function:e1000_open Check Use of Function:e1000_read_phy_reg Check Use of Function:kmalloc_array.52534 Check Use of Function:usleep_range_state Check Use of Function:e1000e_reset Check Use of Function:e1000_free_desc_rings.52538 Check Use of Function:e1000_update_phy_info_task Check Use of Function:e1000_configure_k1_ich8lan Check Use of Function:hugetlbfs_read_iter Check Use of Function:dma_sync_single_for_device Check Use of Function:dma_sync_single_for_cpu Check Use of Function:e1000e_open Check Use of Function:e1000e_up Check Use of Function:e1000_request_irq Check Use of Function:single_open Use: =BAD PATH= Call Stack: 0 rpc_proc_open ------------- Path:  Function:rpc_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #78 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_proc_show, i8* %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 rpc_dummy_info_open ------------- Path:  Function:rpc_dummy_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_dummy_info_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 rpc_info_open ------------- Path:  Function:rpc_info_open %3 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rpc_show_info, i8* null) #78 ------------- Use: =BAD PATH= Call Stack: 0 pmc_dev_state_open ------------- Path:  Function:pmc_dev_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_dev_state_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 pmc_pss_state_open ------------- Path:  Function:pmc_pss_state_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_pss_state_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 pmc_sleep_tmr_open ------------- Path:  Function:pmc_sleep_tmr_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pmc_sleep_tmr_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 hid_debug_rdesc_open ------------- Path:  Function:hid_debug_rdesc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @hid_debug_rdesc_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 xhci_port_open ------------- Path:  Function:xhci_port_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_portsc_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 xhci_context_open ------------- Path:  Function:xhci_context_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.116.55639, i64 0, i64 0), i8* %19) #79 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(13) getelementptr inbounds ([13 x i8], [13 x i8]* @.str.117.55640, i64 0, i64 0), i8* %19) #79 %24 = icmp eq i32 %23, 0 %25 = select i1 %24, i64 1, i64 2 br label %26 %27 = phi i64 [ 0, %17 ], [ %25, %22 ] %28 = getelementptr [3 x %struct.xhci_file_map], [3 x %struct.xhci_file_map]* @context_files, i64 0, i64 %27, i32 1 %29 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %28, align 8 %30 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %31 = load i8*, i8** %30, align 8 %32 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %29, i8* %31) #78 ------------- Use: =BAD PATH= Call Stack: 0 xhci_stream_id_open ------------- Path:  Function:xhci_stream_id_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_id_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 xhci_stream_context_array_open ------------- Path:  Function:xhci_stream_context_array_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @xhci_stream_context_array_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 xhci_ring_open ------------- Path:  Function:xhci_ring_open %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 1, i32 1 %4 = load %struct.dentry*, %struct.dentry** %3, align 8 %5 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry* [ %16, %9 ], [ %4, %2 ] %19 = getelementptr inbounds %struct.dentry, %struct.dentry* %18, i64 0, i32 6, i64 0 %20 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.16.55527, i64 0, i64 0), i8* %19) #79 %21 = icmp eq i32 %20, 0 br i1 %21, label %25, label %22 %23 = tail call i32 @strcmp(i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.55528, i64 0, i64 0), i8* %19) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %32 %33 = tail call i32 @strcmp(i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.18.55529, i64 0, i64 0), i8* %19) #79 %34 = icmp eq i32 %33, 0 %35 = select i1 %34, i64 2, i64 3 br label %25 %26 = phi i64 [ 0, %17 ], [ 1, %22 ], [ %35, %32 ] %27 = getelementptr [4 x %struct.xhci_file_map], [4 x %struct.xhci_file_map]* @ring_files, i64 0, i64 %26, i32 1 %28 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %30 = load i8*, i8** %29, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %28, i8* %30) #78 ------------- Use: =BAD PATH= Call Stack: 0 sg_proc_single_open_dressz ------------- Path:  Function:sg_proc_single_open_dressz %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.295345*, i32 (%struct.seq_file.295137*, i8*)*, i8*)*)(%struct.file.295345* %1, i32 (%struct.seq_file.295137*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_big_buff to i8*)) #78 ------------- Use: =BAD PATH= Call Stack: 0 sg_proc_single_open_adio ------------- Path:  Function:sg_proc_single_open_adio %3 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.295345*, i32 (%struct.seq_file.295137*, i8*)*, i8*)*)(%struct.file.295345* %1, i32 (%struct.seq_file.295137*, i8*)* nonnull @sg_proc_seq_show_int, i8* bitcast (i32* @sg_allow_dio to i8*)) #78 ------------- Use: =BAD PATH= Call Stack: 0 dma_buf_debug_open ------------- Path:  Function:dma_buf_debug_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dma_buf_debug_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 regmap_access_open ------------- Path:  Function:regmap_access_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @regmap_access_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 rbtree_open ------------- Path:  Function:rbtree_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rbtree_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 deferred_devs_open ------------- Path:  Function:deferred_devs_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @deferred_devs_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 component_devices_open ------------- Path:  Function:component_devices_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @component_devices_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 huc_info_open ------------- Path:  Function:huc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @huc_info_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 guc_log_dump_open ------------- Path:  Function:guc_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_log_dump_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 guc_load_err_log_dump_open ------------- Path:  Function:guc_load_err_log_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_load_err_log_dump_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 guc_info_open ------------- Path:  Function:guc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_info_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 guc_registered_contexts_open ------------- Path:  Function:guc_registered_contexts_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_registered_contexts_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 guc_slpc_info_open ------------- Path:  Function:guc_slpc_info_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @guc_slpc_info_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 uc_usage_open ------------- Path:  Function:uc_usage_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @uc_usage_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 sseu_status_open ------------- Path:  Function:sseu_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @sseu_status_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 rcs_topology_open ------------- Path:  Function:rcs_topology_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rcs_topology_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 drpc_open ------------- Path:  Function:drpc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @drpc_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 frequency_open ------------- Path:  Function:frequency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @frequency_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 fw_domains_open ------------- Path:  Function:fw_domains_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @fw_domains_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 llc_open ------------- Path:  Function:llc_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @llc_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 rps_boost_open ------------- Path:  Function:rps_boost_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @rps_boost_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 engines_open ------------- Path:  Function:engines_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @engines_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_panel_open ------------- Path:  Function:i915_panel_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_panel_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_psr_sink_status_open ------------- Path:  Function:i915_psr_sink_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_sink_status_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_psr_status_open ------------- Path:  Function:i915_psr_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_psr_status_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_hdcp_sink_capability_open ------------- Path:  Function:i915_hdcp_sink_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hdcp_sink_capability_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_fec_support_open ------------- Path:  Function:i915_dsc_fec_support_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_fec_support_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_bpp_open ------------- Path:  Function:i915_dsc_bpp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_dsc_bpp_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_lpsp_capability_open ------------- Path:  Function:i915_lpsp_capability_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_lpsp_capability_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 pri_wm_latency_open ------------- Path:  Function:pri_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1731 %6 = load i8, i8* %5, align 1 %7 = icmp ult i8 %6, 5 br i1 %7, label %8, label %14 %9 = getelementptr i8, i8* %4, i64 1828 %10 = bitcast i8* %9 to i32* %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 98304 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @pri_wm_latency_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 spr_wm_latency_open ------------- Path:  Function:spr_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @spr_wm_latency_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cur_wm_latency_open ------------- Path:  Function:cur_wm_latency_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 512 %9 = icmp eq i24 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @cur_wm_latency_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_displayport_test_data_open ------------- Path:  Function:i915_displayport_test_data_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_data_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_displayport_test_type_open ------------- Path:  Function:i915_displayport_test_type_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_type_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_displayport_test_active_open ------------- Path:  Function:i915_displayport_test_active_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_displayport_test_active_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_open ------------- Path:  Function:i915_hpd_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_storm_ctl_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_open ------------- Path:  Function:i915_hpd_short_storm_ctl_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_hpd_short_storm_ctl_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_ipc_status_open ------------- Path:  Function:i915_ipc_status_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 1732 %6 = bitcast i8* %5 to i24* %7 = load i24, i24* %6, align 1 %8 = and i24 %7, 8192 %9 = icmp eq i24 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_ipc_status_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_charp_open ------------- Path:  Function:i915_param_charp_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_charp_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_int_open ------------- Path:  Function:i915_param_int_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_int_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_param_uint_open ------------- Path:  Function:i915_param_uint_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @i915_param_uint_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 ttm_pool_debugfs_globals_open ------------- Path:  Function:ttm_pool_debugfs_globals_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_globals_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 ttm_pool_debugfs_shrink_open ------------- Path:  Function:ttm_pool_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_pool_debugfs_shrink_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 ttm_tt_debugfs_shrink_open ------------- Path:  Function:ttm_tt_debugfs_shrink_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @ttm_tt_debugfs_shrink_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_open ------------- Path:  Function:crc_control_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @crc_control_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_debugfs_open ------------- Path:  Function:drm_debugfs_open %3 = getelementptr inbounds %struct.inode.410706, %struct.inode.410706* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 8 %6 = bitcast i8* %5 to %struct.drm_info_list.410754** %7 = load %struct.drm_info_list.410754*, %struct.drm_info_list.410754** %6, align 8 %8 = getelementptr inbounds %struct.drm_info_list.410754, %struct.drm_info_list.410754* %7, i64 0, i32 1 %9 = load i32 (%struct.seq_file.410658*, i8*)*, i32 (%struct.seq_file.410658*, i8*)** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.410657*, i32 (%struct.seq_file.410658*, i8*)*, i8*)*)(%struct.file.410657* %1, i32 (%struct.seq_file.410658*, i8*)* %9, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 vrr_range_open ------------- Path:  Function:vrr_range_open %3 = getelementptr inbounds %struct.inode.410706, %struct.inode.410706* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.410657*, i32 (%struct.seq_file.410658*, i8*)*, i8*)*)(%struct.file.410657* %1, i32 (%struct.seq_file.410658*, i8*)* nonnull @vrr_range_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 edid_open ------------- Path:  Function:edid_open %3 = getelementptr inbounds %struct.inode.410706, %struct.inode.410706* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.410657*, i32 (%struct.seq_file.410658*, i8*)*, i8*)*)(%struct.file.410657* %1, i32 (%struct.seq_file.410658*, i8*)* nonnull @edid_show.38469, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 connector_open ------------- Path:  Function:connector_open %3 = getelementptr inbounds %struct.inode.410706, %struct.inode.410706* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.410657*, i32 (%struct.seq_file.410658*, i8*)*, i8*)*)(%struct.file.410657* %1, i32 (%struct.seq_file.410658*, i8*)* nonnull @connector_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 dmaengine_summary_open ------------- Path:  Function:dmaengine_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @dmaengine_summary_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 clk_summary_open ------------- Path:  Function:clk_summary_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_summary_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 clk_dump_open ------------- Path:  Function:clk_dump_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_dump_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 clk_min_rate_open ------------- Path:  Function:clk_min_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_min_rate_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 clk_max_rate_open ------------- Path:  Function:clk_max_rate_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_max_rate_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 clk_flags_open ------------- Path:  Function:clk_flags_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_flags_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 clk_duty_cycle_open ------------- Path:  Function:clk_duty_cycle_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @clk_duty_cycle_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 current_parent_open ------------- Path:  Function:current_parent_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @current_parent_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 possible_parents_open ------------- Path:  Function:possible_parents_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @possible_parents_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 blk_mq_debugfs_open ------------- Path:  Function:blk_mq_debugfs_open %3 = getelementptr inbounds %struct.inode.295856, %struct.inode.295856* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.blk_mq_debugfs_attr.295717** %5 = load %struct.blk_mq_debugfs_attr.295717*, %struct.blk_mq_debugfs_attr.295717** %4, align 8 %6 = getelementptr inbounds %struct.file.295864, %struct.file.295864* %1, i64 0, i32 1, i32 1 %7 = load %struct.dentry.295860*, %struct.dentry.295860** %6, align 8 %8 = getelementptr inbounds %struct.dentry.295860, %struct.dentry.295860* %7, i64 0, i32 3 %9 = load %struct.dentry.295860*, %struct.dentry.295860** %8, align 8 %10 = getelementptr inbounds %struct.dentry.295860, %struct.dentry.295860* %9, i64 0, i32 5 %11 = load %struct.inode.295856*, %struct.inode.295856** %10, align 8 %12 = getelementptr inbounds %struct.inode.295856, %struct.inode.295856* %11, i64 0, i32 47 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.blk_mq_debugfs_attr.295717, %struct.blk_mq_debugfs_attr.295717* %5, i64 0, i32 4 %16 = load %struct.seq_operations.295456*, %struct.seq_operations.295456** %15, align 8 %17 = icmp eq %struct.seq_operations.295456* %16, null %18 = bitcast %struct.blk_mq_debugfs_attr.295717* %5 to i8* br i1 %17, label %28, label %19 %29 = getelementptr inbounds %struct.blk_mq_debugfs_attr.295717, %struct.blk_mq_debugfs_attr.295717* %5, i64 0, i32 2 %30 = load i32 (i8*, %struct.seq_file.295865*)*, i32 (i8*, %struct.seq_file.295865*)** %29, align 8 %31 = icmp eq i32 (i8*, %struct.seq_file.295865*)* %30, null br i1 %31, label %32, label %33, !prof !4, !misexpect !5 %34 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.295864*, i32 (%struct.seq_file.295865*, i8*)*, i8*)*)(%struct.file.295864* %1, i32 (%struct.seq_file.295865*, i8*)* nonnull @blk_mq_debugfs_show, i8* %18) #78 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_devm_entry_open ------------- Path:  Function:debugfs_devm_entry_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.debugfs_devm_entry** %5 = load %struct.debugfs_devm_entry*, %struct.debugfs_devm_entry** %4, align 8 %6 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 0 %7 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %6, align 8 %8 = getelementptr inbounds %struct.debugfs_devm_entry, %struct.debugfs_devm_entry* %5, i64 0, i32 1 %9 = bitcast %struct.device** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %7, i8* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_open_regset32 ------------- Path:  Function:debugfs_open_regset32 %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @debugfs_show_regset32, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 single_open_net ------------- Path:  Function:single_open_net %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 17 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 8 %9 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.net** %11 = load %struct.net*, %struct.net** %10, align 8 %12 = getelementptr inbounds %struct.net, %struct.net* %11, i64 0, i32 14, i32 3 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %12, i64 0, i32 0, i32 0 %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %2 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 %18, i32* %13, i32 %17) #6, !srcloc !4 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !5, !misexpect !6 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %2 ], [ 0, %23 ], [ %17, %16 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !7, !misexpect !6 %33 = icmp eq i32 %27, 0 %34 = icmp eq %struct.net* %11, null %35 = or i1 %34, %33 br i1 %35, label %52, label %36 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %38 = bitcast %union.anon.79.176811* %37 to i32 (%struct.seq_file*, i8*)** %39 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %38, align 8 %40 = bitcast %struct.net* %11 to i8* %41 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %39, i8* nonnull %40) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_single_open.18431 ------------- Path:  Function:proc_single_open.18431 %3 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 1, i32 1 %5 = bitcast %struct.list_head** %4 to %struct.proc_dir_entry** %6 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %5, align 8 %7 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 8 %8 = bitcast %union.anon.79.176811* %7 to i32 (%struct.seq_file*, i8*)** %9 = load i32 (%struct.seq_file*, i8*)*, i32 (%struct.seq_file*, i8*)** %8, align 8 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %6, i64 0, i32 10 %11 = load i8*, i8** %10, align 8 %12 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* %9, i8* %11) #78 ------------- Use: =BAD PATH= Call Stack: 0 timerslack_ns_open ------------- Path:  Function:timerslack_ns_open %3 = bitcast %struct.inode.177454* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.177271*, i32 (%struct.seq_file.177238*, i8*)*, i8*)*)(%struct.file.177271* %1, i32 (%struct.seq_file.177238*, i8*)* nonnull @timerslack_ns_show, i8* %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 comm_open ------------- Path:  Function:comm_open %3 = bitcast %struct.inode.177454* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.177271*, i32 (%struct.seq_file.177238*, i8*)*, i8*)*)(%struct.file.177271* %1, i32 (%struct.seq_file.177238*, i8*)* nonnull @comm_show, i8* %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 timens_offsets_open ------------- Path:  Function:timens_offsets_open %3 = bitcast %struct.inode.177454* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.177271*, i32 (%struct.seq_file.177238*, i8*)*, i8*)*)(%struct.file.177271* %1, i32 (%struct.seq_file.177238*, i8*)* nonnull @timens_offsets_show, i8* %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_single_open ------------- Path:  Function:proc_single_open %3 = bitcast %struct.inode.177454* %0 to i8* %4 = tail call i32 bitcast (i32 (%struct.file*, i32 (%struct.seq_file*, i8*)*, i8*)* @single_open to i32 (%struct.file.177271*, i32 (%struct.seq_file.177238*, i8*)*, i8*)*)(%struct.file.177271* %1, i32 (%struct.seq_file.177238*, i8*)* nonnull @proc_single_show, i8* %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 suspend_stats_open ------------- Path:  Function:suspend_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @suspend_stats_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 irq_affinity_list_proc_open ------------- Path:  Function:irq_affinity_list_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #78 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_list_proc_show, i8* %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 irq_affinity_proc_open ------------- Path:  Function:irq_affinity_proc_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #78 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @irq_affinity_proc_show, i8* %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 default_affinity_open ------------- Path:  Function:default_affinity_open %3 = tail call i8* @PDE_DATA(%struct.inode* %0) #78 %4 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @default_affinity_show, i8* %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 tk_debug_sleep_time_open ------------- Path:  Function:tk_debug_sleep_time_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tk_debug_sleep_time_show, i8* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_time_stamp_mode_open ------------- Path:  Function:tracing_time_stamp_mode_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #78 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #78 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_time_stamp_mode_show, i8* %30) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_clock_open ------------- Path:  Function:tracing_clock_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #78 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #78 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_clock_show, i8* %30) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_trace_options_open ------------- Path:  Function:tracing_trace_options_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %43 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %43 %11 = icmp eq %struct.trace_array* %5, null br i1 %11, label %29, label %12 tail call void @mutex_lock(%struct.mutex* nonnull @trace_types_lock) #78 %13 = load %struct.trace_array*, %struct.trace_array** bitcast (%struct.list_head* @ftrace_trace_arrays to %struct.trace_array**), align 8 %14 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %13, i64 0, i32 0 %15 = icmp eq %struct.list_head* %14, @ftrace_trace_arrays br i1 %15, label %24, label %16 %17 = phi %struct.trace_array* [ %21, %19 ], [ %13, %12 ] %18 = icmp eq %struct.trace_array* %17, %5 br i1 %18, label %25, label %19 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %5, i64 0, i32 28 %27 = load i32, i32* %26, align 8 %28 = add i32 %27, 1 store i32 %28, i32* %26, align 8 tail call void @mutex_unlock(%struct.mutex* nonnull @trace_types_lock) #78 br label %29 %30 = load i8*, i8** %3, align 8 %31 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @tracing_trace_options_show, i8* %30) #78 ------------- Use: =BAD PATH= Call Stack: 0 bdi_debug_stats_open ------------- Path:  Function:bdi_debug_stats_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @single_open(%struct.file* %1, i32 (%struct.seq_file*, i8*)* nonnull @bdi_debug_stats_show, i8* %4) #78 ------------- Good: 5 Bad: 89 Ignored: 133 Check Use of Function:proc_mkdir Check Use of Function:pci_enable_msi Check Use of Function:cpu_latency_qos_remove_request Use: =BAD PATH= Call Stack: 0 cpu_latency_qos_release ------------- Path:  Function:cpu_latency_qos_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.pm_qos_request* store i8* null, i8** %3, align 8 tail call void @cpu_latency_qos_remove_request(%struct.pm_qos_request* %5) #78 ------------- Good: 12 Bad: 1 Ignored: 1 Check Use of Function:pci_read_config_word Use: =BAD PATH= Call Stack: 0 pci_set_vga_state 1 __vga_tryget 2 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %223 = phi i32 [ 0, %208 ], [ 3, %219 ], [ 3, %213 ] %224 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 %225 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %224, align 8 %226 = icmp eq %struct.pci_dev.318968* %225, null br i1 %226, label %408, label %227 %228 = load i1, i1* @vga_arbiter_used, align 1 br i1 %228, label %251, label %229 %252 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vga_lock.46625, i64 0, i32 0, i32 0)) #78 %253 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %254 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %253, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, @vga_list br i1 %255, label %272, label %256 %257 = phi %struct.vga_device* [ %263, %261 ], [ %253, %251 ] %258 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %257, i64 0, i32 1 %259 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %258, align 8 %260 = icmp eq %struct.pci_dev.318968* %259, %225 br i1 %260, label %266, label %261 %267 = icmp eq %struct.vga_device* %257, null br i1 %267, label %272, label %268 %269 = call fastcc %struct.vga_device* @__vga_tryget(%struct.vga_device* nonnull %257, i32 %223) #78 Function:__vga_tryget %3 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 1 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %11, label %6 %7 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 1 %10 = or i32 %9, %1 br label %11 %12 = phi i32 [ %1, %2 ], [ %10, %6 ] %13 = and i32 %12, 8 %14 = icmp eq i32 %13, 0 br i1 %14, label %20, label %15 %16 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2 %19 = or i32 %18, %12 br label %20 %21 = phi i32 [ %12, %11 ], [ %19, %15 ] %22 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 3 %23 = load i32, i32* %22, align 4 %24 = xor i32 %23, -1 %25 = and i32 %21, %24 %26 = icmp eq i32 %25, 0 br i1 %26, label %116, label %27 %28 = and i32 %25, 3 %29 = icmp eq i32 %28, 0 br i1 %29, label %94, label %30 %31 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %32 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %31, i64 0, i32 0 %33 = icmp eq %struct.list_head* %32, @vga_list br i1 %33, label %94, label %34 %35 = phi %struct.vga_device* [ %91, %89 ], [ %31, %30 ] %36 = icmp eq %struct.vga_device* %35, %0 br i1 %36, label %89, label %37 %90 = bitcast %struct.vga_device* %35 to %struct.vga_device** %91 = load %struct.vga_device*, %struct.vga_device** %90, align 8 %92 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, @vga_list br i1 %93, label %94, label %34 %95 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 9 %96 = load i8, i8* %95, align 4, !range !4 %97 = icmp eq i8 %96, 0 br i1 %97, label %98, label %106 %99 = and i32 %25, 10 %100 = icmp eq i32 %99, 0 %101 = select i1 %100, i32 0, i32 2 %102 = and i32 %25, 5 %103 = icmp ne i32 %102, 0 %104 = zext i1 %103 to i32 %105 = or i32 %101, %104 br label %106 %107 = phi i32 [ 0, %94 ], [ %105, %98 ] %108 = phi i32 [ 0, %94 ], [ 2, %98 ] %109 = xor i1 %29, true %110 = zext i1 %109 to i32 %111 = or i32 %108, %110 %112 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %3, align 8 %113 = tail call i32 @pci_set_vga_state(%struct.pci_dev.318968* %112, i1 zeroext true, i32 %107, i32 %111) #78 Function:pci_set_vga_state %5 = alloca i16, align 2 %6 = bitcast i16* %5 to i8* store i16 0, i16* %5, align 2 %7 = and i32 %3, 2 %8 = icmp eq i32 %7, 0 %9 = icmp ugt i32 %2, 3 %10 = xor i1 %8, true %11 = and i1 %9, %10 br i1 %11, label %12, label %13, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8.29459, i64 0, i64 0), i32 6272, i32 2305, i64 12) #6, !srcloc !6 br label %13 %14 = load i32 (%struct.pci_dev.318968*, i1, i32, i32)*, i32 (%struct.pci_dev.318968*, i1, i32, i32)** @arch_set_vga_state, align 8 %15 = icmp eq i32 (%struct.pci_dev.318968*, i1, i32, i32)* %14, null br i1 %15, label %19, label %16 br i1 %8, label %29, label %20 %30 = and i32 %3, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %53, label %32 %33 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 1 %34 = load %struct.pci_bus.318970*, %struct.pci_bus.318970** %33, align 8 %35 = icmp eq %struct.pci_bus.318970* %34, null br i1 %35, label %53, label %36 %37 = select i1 %1, i16 8, i16 0 br label %38 %39 = phi %struct.pci_bus.318970* [ %34, %36 ], [ %51, %49 ] %40 = getelementptr inbounds %struct.pci_bus.318970, %struct.pci_bus.318970* %39, i64 0, i32 4 %41 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %40, align 8 %42 = icmp eq %struct.pci_dev.318968* %41, null br i1 %42, label %49, label %43 %44 = call i32 @pci_read_config_word(%struct.pci_dev.318968* nonnull %41, i32 62, i16* nonnull %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_set_vga_state 1 __vga_tryget 2 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %223 = phi i32 [ 0, %208 ], [ 3, %219 ], [ 3, %213 ] %224 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 %225 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %224, align 8 %226 = icmp eq %struct.pci_dev.318968* %225, null br i1 %226, label %408, label %227 %228 = load i1, i1* @vga_arbiter_used, align 1 br i1 %228, label %251, label %229 %252 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vga_lock.46625, i64 0, i32 0, i32 0)) #78 %253 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %254 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %253, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, @vga_list br i1 %255, label %272, label %256 %257 = phi %struct.vga_device* [ %263, %261 ], [ %253, %251 ] %258 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %257, i64 0, i32 1 %259 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %258, align 8 %260 = icmp eq %struct.pci_dev.318968* %259, %225 br i1 %260, label %266, label %261 %267 = icmp eq %struct.vga_device* %257, null br i1 %267, label %272, label %268 %269 = call fastcc %struct.vga_device* @__vga_tryget(%struct.vga_device* nonnull %257, i32 %223) #78 Function:__vga_tryget %3 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 1 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %11, label %6 %7 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 1 %10 = or i32 %9, %1 br label %11 %12 = phi i32 [ %1, %2 ], [ %10, %6 ] %13 = and i32 %12, 8 %14 = icmp eq i32 %13, 0 br i1 %14, label %20, label %15 %16 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2 %19 = or i32 %18, %12 br label %20 %21 = phi i32 [ %12, %11 ], [ %19, %15 ] %22 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 3 %23 = load i32, i32* %22, align 4 %24 = xor i32 %23, -1 %25 = and i32 %21, %24 %26 = icmp eq i32 %25, 0 br i1 %26, label %116, label %27 %28 = and i32 %25, 3 %29 = icmp eq i32 %28, 0 br i1 %29, label %94, label %30 %31 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %32 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %31, i64 0, i32 0 %33 = icmp eq %struct.list_head* %32, @vga_list br i1 %33, label %94, label %34 %35 = phi %struct.vga_device* [ %91, %89 ], [ %31, %30 ] %36 = icmp eq %struct.vga_device* %35, %0 br i1 %36, label %89, label %37 %90 = bitcast %struct.vga_device* %35 to %struct.vga_device** %91 = load %struct.vga_device*, %struct.vga_device** %90, align 8 %92 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, @vga_list br i1 %93, label %94, label %34 %95 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 9 %96 = load i8, i8* %95, align 4, !range !4 %97 = icmp eq i8 %96, 0 br i1 %97, label %98, label %106 %99 = and i32 %25, 10 %100 = icmp eq i32 %99, 0 %101 = select i1 %100, i32 0, i32 2 %102 = and i32 %25, 5 %103 = icmp ne i32 %102, 0 %104 = zext i1 %103 to i32 %105 = or i32 %101, %104 br label %106 %107 = phi i32 [ 0, %94 ], [ %105, %98 ] %108 = phi i32 [ 0, %94 ], [ 2, %98 ] %109 = xor i1 %29, true %110 = zext i1 %109 to i32 %111 = or i32 %108, %110 %112 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %3, align 8 %113 = tail call i32 @pci_set_vga_state(%struct.pci_dev.318968* %112, i1 zeroext true, i32 %107, i32 %111) #78 Function:pci_set_vga_state %5 = alloca i16, align 2 %6 = bitcast i16* %5 to i8* store i16 0, i16* %5, align 2 %7 = and i32 %3, 2 %8 = icmp eq i32 %7, 0 %9 = icmp ugt i32 %2, 3 %10 = xor i1 %8, true %11 = and i1 %9, %10 br i1 %11, label %12, label %13, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8.29459, i64 0, i64 0), i32 6272, i32 2305, i64 12) #6, !srcloc !6 br label %13 %14 = load i32 (%struct.pci_dev.318968*, i1, i32, i32)*, i32 (%struct.pci_dev.318968*, i1, i32, i32)** @arch_set_vga_state, align 8 %15 = icmp eq i32 (%struct.pci_dev.318968*, i1, i32, i32)* %14, null br i1 %15, label %19, label %16 br i1 %8, label %29, label %20 %21 = call i32 @pci_read_config_word(%struct.pci_dev.318968* %0, i32 4, i16* nonnull %5) #78 ------------- Good: 949 Bad: 2 Ignored: 1669 Check Use of Function:pci_write_config_word Use: =BAD PATH= Call Stack: 0 pci_set_vga_state 1 __vga_tryget 2 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %223 = phi i32 [ 0, %208 ], [ 3, %219 ], [ 3, %213 ] %224 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 %225 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %224, align 8 %226 = icmp eq %struct.pci_dev.318968* %225, null br i1 %226, label %408, label %227 %228 = load i1, i1* @vga_arbiter_used, align 1 br i1 %228, label %251, label %229 %252 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vga_lock.46625, i64 0, i32 0, i32 0)) #78 %253 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %254 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %253, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, @vga_list br i1 %255, label %272, label %256 %257 = phi %struct.vga_device* [ %263, %261 ], [ %253, %251 ] %258 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %257, i64 0, i32 1 %259 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %258, align 8 %260 = icmp eq %struct.pci_dev.318968* %259, %225 br i1 %260, label %266, label %261 %267 = icmp eq %struct.vga_device* %257, null br i1 %267, label %272, label %268 %269 = call fastcc %struct.vga_device* @__vga_tryget(%struct.vga_device* nonnull %257, i32 %223) #78 Function:__vga_tryget %3 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 1 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %11, label %6 %7 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 1 %10 = or i32 %9, %1 br label %11 %12 = phi i32 [ %1, %2 ], [ %10, %6 ] %13 = and i32 %12, 8 %14 = icmp eq i32 %13, 0 br i1 %14, label %20, label %15 %16 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2 %19 = or i32 %18, %12 br label %20 %21 = phi i32 [ %12, %11 ], [ %19, %15 ] %22 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 3 %23 = load i32, i32* %22, align 4 %24 = xor i32 %23, -1 %25 = and i32 %21, %24 %26 = icmp eq i32 %25, 0 br i1 %26, label %116, label %27 %28 = and i32 %25, 3 %29 = icmp eq i32 %28, 0 br i1 %29, label %94, label %30 %31 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %32 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %31, i64 0, i32 0 %33 = icmp eq %struct.list_head* %32, @vga_list br i1 %33, label %94, label %34 %35 = phi %struct.vga_device* [ %91, %89 ], [ %31, %30 ] %36 = icmp eq %struct.vga_device* %35, %0 br i1 %36, label %89, label %37 %90 = bitcast %struct.vga_device* %35 to %struct.vga_device** %91 = load %struct.vga_device*, %struct.vga_device** %90, align 8 %92 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, @vga_list br i1 %93, label %94, label %34 %95 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 9 %96 = load i8, i8* %95, align 4, !range !4 %97 = icmp eq i8 %96, 0 br i1 %97, label %98, label %106 %99 = and i32 %25, 10 %100 = icmp eq i32 %99, 0 %101 = select i1 %100, i32 0, i32 2 %102 = and i32 %25, 5 %103 = icmp ne i32 %102, 0 %104 = zext i1 %103 to i32 %105 = or i32 %101, %104 br label %106 %107 = phi i32 [ 0, %94 ], [ %105, %98 ] %108 = phi i32 [ 0, %94 ], [ 2, %98 ] %109 = xor i1 %29, true %110 = zext i1 %109 to i32 %111 = or i32 %108, %110 %112 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %3, align 8 %113 = tail call i32 @pci_set_vga_state(%struct.pci_dev.318968* %112, i1 zeroext true, i32 %107, i32 %111) #78 Function:pci_set_vga_state %5 = alloca i16, align 2 %6 = bitcast i16* %5 to i8* store i16 0, i16* %5, align 2 %7 = and i32 %3, 2 %8 = icmp eq i32 %7, 0 %9 = icmp ugt i32 %2, 3 %10 = xor i1 %8, true %11 = and i1 %9, %10 br i1 %11, label %12, label %13, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8.29459, i64 0, i64 0), i32 6272, i32 2305, i64 12) #6, !srcloc !6 br label %13 %14 = load i32 (%struct.pci_dev.318968*, i1, i32, i32)*, i32 (%struct.pci_dev.318968*, i1, i32, i32)** @arch_set_vga_state, align 8 %15 = icmp eq i32 (%struct.pci_dev.318968*, i1, i32, i32)* %14, null br i1 %15, label %19, label %16 br i1 %8, label %29, label %20 %30 = and i32 %3, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %53, label %32 %33 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 1 %34 = load %struct.pci_bus.318970*, %struct.pci_bus.318970** %33, align 8 %35 = icmp eq %struct.pci_bus.318970* %34, null br i1 %35, label %53, label %36 %37 = select i1 %1, i16 8, i16 0 br label %38 %39 = phi %struct.pci_bus.318970* [ %34, %36 ], [ %51, %49 ] %40 = getelementptr inbounds %struct.pci_bus.318970, %struct.pci_bus.318970* %39, i64 0, i32 4 %41 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %40, align 8 %42 = icmp eq %struct.pci_dev.318968* %41, null br i1 %42, label %49, label %43 %44 = call i32 @pci_read_config_word(%struct.pci_dev.318968* nonnull %41, i32 62, i16* nonnull %5) #78 %45 = load i16, i16* %5, align 2 %46 = and i16 %45, -9 %47 = or i16 %46, %37 store i16 %47, i16* %5, align 2 %48 = call i32 @pci_write_config_word(%struct.pci_dev.318968* nonnull %41, i32 62, i16 zeroext %47) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_set_vga_state 1 __vga_tryget 2 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %223 = phi i32 [ 0, %208 ], [ 3, %219 ], [ 3, %213 ] %224 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 %225 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %224, align 8 %226 = icmp eq %struct.pci_dev.318968* %225, null br i1 %226, label %408, label %227 %228 = load i1, i1* @vga_arbiter_used, align 1 br i1 %228, label %251, label %229 %252 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @vga_lock.46625, i64 0, i32 0, i32 0)) #78 %253 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %254 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %253, i64 0, i32 0 %255 = icmp eq %struct.list_head* %254, @vga_list br i1 %255, label %272, label %256 %257 = phi %struct.vga_device* [ %263, %261 ], [ %253, %251 ] %258 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %257, i64 0, i32 1 %259 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %258, align 8 %260 = icmp eq %struct.pci_dev.318968* %259, %225 br i1 %260, label %266, label %261 %267 = icmp eq %struct.vga_device* %257, null br i1 %267, label %272, label %268 %269 = call fastcc %struct.vga_device* @__vga_tryget(%struct.vga_device* nonnull %257, i32 %223) #78 Function:__vga_tryget %3 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 1 %4 = and i32 %1, 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %11, label %6 %7 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 1 %10 = or i32 %9, %1 br label %11 %12 = phi i32 [ %1, %2 ], [ %10, %6 ] %13 = and i32 %12, 8 %14 = icmp eq i32 %13, 0 br i1 %14, label %20, label %15 %16 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 2 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2 %19 = or i32 %18, %12 br label %20 %21 = phi i32 [ %12, %11 ], [ %19, %15 ] %22 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 3 %23 = load i32, i32* %22, align 4 %24 = xor i32 %23, -1 %25 = and i32 %21, %24 %26 = icmp eq i32 %25, 0 br i1 %26, label %116, label %27 %28 = and i32 %25, 3 %29 = icmp eq i32 %28, 0 br i1 %29, label %94, label %30 %31 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %32 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %31, i64 0, i32 0 %33 = icmp eq %struct.list_head* %32, @vga_list br i1 %33, label %94, label %34 %35 = phi %struct.vga_device* [ %91, %89 ], [ %31, %30 ] %36 = icmp eq %struct.vga_device* %35, %0 br i1 %36, label %89, label %37 %90 = bitcast %struct.vga_device* %35 to %struct.vga_device** %91 = load %struct.vga_device*, %struct.vga_device** %90, align 8 %92 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, @vga_list br i1 %93, label %94, label %34 %95 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %0, i64 0, i32 9 %96 = load i8, i8* %95, align 4, !range !4 %97 = icmp eq i8 %96, 0 br i1 %97, label %98, label %106 %99 = and i32 %25, 10 %100 = icmp eq i32 %99, 0 %101 = select i1 %100, i32 0, i32 2 %102 = and i32 %25, 5 %103 = icmp ne i32 %102, 0 %104 = zext i1 %103 to i32 %105 = or i32 %101, %104 br label %106 %107 = phi i32 [ 0, %94 ], [ %105, %98 ] %108 = phi i32 [ 0, %94 ], [ 2, %98 ] %109 = xor i1 %29, true %110 = zext i1 %109 to i32 %111 = or i32 %108, %110 %112 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %3, align 8 %113 = tail call i32 @pci_set_vga_state(%struct.pci_dev.318968* %112, i1 zeroext true, i32 %107, i32 %111) #78 Function:pci_set_vga_state %5 = alloca i16, align 2 %6 = bitcast i16* %5 to i8* store i16 0, i16* %5, align 2 %7 = and i32 %3, 2 %8 = icmp eq i32 %7, 0 %9 = icmp ugt i32 %2, 3 %10 = xor i1 %8, true %11 = and i1 %9, %10 br i1 %11, label %12, label %13, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8.29459, i64 0, i64 0), i32 6272, i32 2305, i64 12) #6, !srcloc !6 br label %13 %14 = load i32 (%struct.pci_dev.318968*, i1, i32, i32)*, i32 (%struct.pci_dev.318968*, i1, i32, i32)** @arch_set_vga_state, align 8 %15 = icmp eq i32 (%struct.pci_dev.318968*, i1, i32, i32)* %14, null br i1 %15, label %19, label %16 br i1 %8, label %29, label %20 %21 = call i32 @pci_read_config_word(%struct.pci_dev.318968* %0, i32 4, i16* nonnull %5) #78 %22 = load i16, i16* %5, align 2 %23 = trunc i32 %2 to i16 %24 = xor i16 %23, -1 %25 = and i16 %22, %24 %26 = or i16 %22, %23 %27 = select i1 %1, i16 %26, i16 %25 store i16 %27, i16* %5, align 2 %28 = call i32 @pci_write_config_word(%struct.pci_dev.318968* %0, i32 4, i16 zeroext %27) #78 ------------- Good: 847 Bad: 2 Ignored: 1274 Check Use of Function:e1000_irq_disable Check Use of Function:unregister_netdev Check Use of Function:sky2_set_multicast Check Use of Function:nv_set_multicast Check Use of Function:nv_update_linkspeed Check Use of Function:urandom_read_iter Check Use of Function:nv_set_loopback Check Use of Function:nv_free_irq Check Use of Function:nv_request_irq Check Use of Function:nv_drain_rxtx Check Use of Function:dma_alloc_attrs Check Use of Function:__put_cred Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_get_keyring_ID 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %22 = tail call i64 @keyctl_get_keyring_ID(i32 %17, i32 %18) #78 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 4) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_update_key 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #78 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #78 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_update_key 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #78 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #78 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %17, i64 0, i32 16 %126 = load %struct.key.269734*, %struct.key.269734** %125, align 8 %127 = icmp eq %struct.key.269734* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269734, %struct.key.269734* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #79 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269844*, %struct.cred.269844** %13, align 8 %366 = icmp eq %struct.cred.269844* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %365) #78 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %17, i64 0, i32 16 %126 = load %struct.key.269734*, %struct.key.269734** %125, align 8 %127 = icmp eq %struct.key.269734* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269734, %struct.key.269734* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #79 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269844*, %struct.cred.269844** %13, align 8 %366 = icmp eq %struct.cred.269844* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %365) #78 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_get_keyring_ID 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %22 = tail call i64 @keyctl_get_keyring_ID(i32 %17, i32 %18) #78 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 4) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %17, i64 0, i32 16 %126 = load %struct.key.269734*, %struct.key.269734** %125, align 8 %127 = icmp eq %struct.key.269734* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269734, %struct.key.269734* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #79 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269844*, %struct.cred.269844** %13, align 8 %366 = icmp eq %struct.cred.269844* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %365) #78 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_update_key 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #78 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #78 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %17, i64 0, i32 16 %126 = load %struct.key.269734*, %struct.key.269734** %125, align 8 %127 = icmp eq %struct.key.269734* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269734, %struct.key.269734* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #79 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269844*, %struct.cred.269844** %13, align 8 %366 = icmp eq %struct.cred.269844* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %365) #78 ------------- Use: =BAD PATH= Call Stack: 0 lookup_user_key 1 keyctl_update_key 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #78 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #78 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %125 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %17, i64 0, i32 16 %126 = load %struct.key.269734*, %struct.key.269734** %125, align 8 %127 = icmp eq %struct.key.269734* %126, null br i1 %127, label %128, label %151 %152 = getelementptr inbounds %struct.key.269734, %struct.key.269734* %126, i64 0, i32 14 %153 = load volatile i64, i64* %152, align 8 %154 = and i64 %153, 512 %155 = icmp eq i64 %154, 0 %156 = or i1 %15, %155 br i1 %156, label %161, label %157 %158 = call i64 @join_session_keyring(i8* null) #79 %159 = trunc i64 %158 to i32 %160 = icmp slt i32 %159, 0 br i1 %160, label %343, label %364 %365 = load %struct.cred.269844*, %struct.cred.269844** %13, align 8 %366 = icmp eq %struct.cred.269844* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %365) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation_on_close 2 nfs4_put_open_state 3 __nfs4_close 4 nfs4_close_sync 5 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %3, align 8 %5 = icmp eq %struct.nfs4_state.236428* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238111*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236428*, i32)*)(%struct.nfs4_state.236428* nonnull %4, i32 %13) #78 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238111* %0, i32 %1, i32 1) #78 Function:__nfs4_close %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 6 %7 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %6, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32* %7) #6, !srcloc !4 %8 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %9 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %8, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %10 = and i32 %1, 3 switch i32 %10, label %23 [ i32 1, label %11 i32 2, label %15 i32 3, label %19 ] %20 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, -1 store i32 %22, i32* %20, align 4 br label %23 %24 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %62 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 10 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %40 %32 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = load volatile i64, i64* %32, align 8 %36 = and i64 %35, 32 %37 = or i64 %36, %34 %38 = icmp ne i64 %37, 0 %39 = zext i1 %38 to i32 br label %40 %41 = phi i32 [ %39, %31 ], [ 0, %27 ] %42 = phi i32 [ 2, %31 ], [ 3, %27 ] %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 11 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %62 %63 = phi i32 [ %58, %60 ], [ %58, %46 ], [ 0, %23 ], [ %41, %40 ] %64 = phi i32 [ 0, %60 ], [ 1, %46 ], [ 3, %23 ], [ %42, %40 ] %65 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 13 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %64 br i1 %67, label %94, label %68 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %95 = bitcast %struct.spinlock* %8 to i8* store volatile i8 0, i8* %95, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %96 = icmp eq i32 %63, 0 br i1 %96, label %97, label %116 tail call void @nfs4_put_open_state(%struct.nfs4_state.238111* %0) #79 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 br i1 %8, label %9, label %49 %10 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 18 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 1, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 1, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %12, align 8 %18 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 0, i32 1 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 0, i32 0 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 1 store %struct.list_head* %19, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 store volatile %struct.list_head* %21, %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %20, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %25, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @nfs4_inode_return_delegation_on_close(%struct.inode* %3) #78 Function:nfs4_inode_return_delegation_on_close %2 = icmp eq %struct.inode* %0, null br i1 %2, label %63, label %3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 88 %6 = bitcast %struct.seqcount_spinlock* %5 to %struct.nfs_delegation.236475** %7 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %6, align 8 %8 = icmp eq %struct.nfs_delegation.236475* %7, null br i1 %8, label %60, label %9 %61 = phi %struct.nfs_delegation.236475* [ %56, %59 ], [ null, %55 ], [ null, %22 ], [ null, %14 ], [ null, %9 ], [ null, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %62 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* nonnull %0, %struct.nfs_delegation.236475* %61, i32 0) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #78 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236429** %24 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236429* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236429* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236429* %31, %struct.nfs4_label* null) #79 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236401** %15 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236429* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236428* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 2 %27 = bitcast %struct.nfs_fh** %24 to %struct.seqcount_spinlock** %28 = bitcast %struct.nfs_setattrargs* %8 to i8* store %struct.seqcount_spinlock* %26, %struct.seqcount_spinlock** %27, align 8 %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %30 = bitcast %struct.nfs4_stateid_struct* %29 to i8* %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %32, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %34 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %34, i32** %33, align 8 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %35, align 8 %36 = bitcast %struct.nfs_setattrres* %9 to i8* %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 %38 = bitcast %struct.nfs_setattrres* %9 to i8* store %struct.nfs_fattr* %2, %struct.nfs_fattr** %37, align 8 %39 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %39, align 8 %40 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %40, align 8 %41 = bitcast %struct.nfs4_exception* %10 to i8* %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236428* %22, %struct.nfs4_state.236428** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %29, %struct.nfs4_stateid_struct** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = and i32 %49, 6145 %51 = icmp eq i32 %50, 0 %52 = select i1 %51, i64 256, i64 131328 %53 = and i32 %49, 6 %54 = icmp eq i32 %53, 0 %55 = or i64 %52, 4096 %56 = select i1 %54, i64 %52, i64 %55 %57 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 35, i64 0 %58 = bitcast i32* %57 to i8* %59 = icmp eq %struct.inode* %0, null %60 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 38 %61 = bitcast %struct.seqcount_spinlock* %60 to i64* %62 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 0 %64 = icmp eq %struct.nfs4_state.236428* %22, null %65 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %22, i64 0, i32 13 br label %66 br i1 %59, label %92, label %67 %93 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236429* %4) #79 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236401** %14 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.236417** %6 = load %struct.nfs_renameargs.236417*, %struct.nfs_renameargs.236417** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.236418** %9 = load %struct.nfs_renameres.236418*, %struct.nfs_renameres.236418** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.236413** %6 = load %struct.nfs_removeargs.236413*, %struct.nfs_removeargs.236413** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.236415** %9 = load %struct.nfs_removeres.236415*, %struct.nfs_removeres.236415** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.236401** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #78 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_complete_unlink 1 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, -4096 %6 = icmp eq i16 %5, 16384 br i1 %6, label %7, label %8 tail call void bitcast (void (%struct.inode.216899*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %1, i64 2) #78 br label %8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4096 %12 = icmp eq i32 %11, 0 br i1 %12, label %26, label %13 tail call void bitcast (void (%struct.dentry.222508*, %struct.inode.222506*)* @nfs_complete_unlink to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %0, %struct.inode* %1) #78 Function:nfs_complete_unlink %3 = alloca %struct.rpc_message.222549, align 8 %4 = alloca %struct.rpc_task_setup.222587, align 8 %5 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %0, i64 0, i32 7, i32 0 %6 = bitcast %struct.anon.1* %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %0, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, -4097 store i32 %9, i32* %7, align 8 %10 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %0, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.nfs_unlinkdata.222570** %12 = load %struct.nfs_unlinkdata.222570*, %struct.nfs_unlinkdata.222570** %11, align 8 store i8* null, i8** %10, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = bitcast %struct.anon.1* %5 to i8* store volatile i8 0, i8* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %14 = getelementptr %struct.inode.222506, %struct.inode.222506* %1, i64 -1, i32 24, i32 2 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 36 %16 = bitcast %struct.seqcount_spinlock* %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %130 %21 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %0, i64 0, i32 3 %22 = load %struct.dentry.222508*, %struct.dentry.222508** %21, align 8 %23 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %22, i64 0, i32 5 %24 = load %struct.inode.222506*, %struct.inode.222506** %23, align 8 %25 = getelementptr %struct.inode.222506, %struct.inode.222506* %24, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 62 %27 = bitcast %struct.seqcount_spinlock* %26 to %struct.rw_semaphore* tail call void @down_read(%struct.rw_semaphore* %27) #78 %28 = load %struct.dentry.222508*, %struct.dentry.222508** %21, align 8 %29 = getelementptr inbounds %struct.nfs_unlinkdata.222570, %struct.nfs_unlinkdata.222570* %12, i64 0, i32 0, i32 2 %30 = getelementptr inbounds %struct.nfs_unlinkdata.222570, %struct.nfs_unlinkdata.222570* %12, i64 0, i32 3 %31 = tail call %struct.dentry.222508* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.222508* (%struct.dentry.222508*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.222508* %28, %struct.qstr* %29, %struct.wait_queue_head* %30) #78 %32 = icmp ugt %struct.dentry.222508* %31, inttoptr (i64 -4096 to %struct.dentry.222508*) br i1 %32, label %33, label %34 %35 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %31, i64 0, i32 0 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 268435456 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %55 %40 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %31, i64 0, i32 7, i32 0 %41 = bitcast %struct.anon.1* %40 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %41) #78 %42 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %31, i64 0, i32 5 %43 = load %struct.inode.222506*, %struct.inode.222506** %42, align 8 %44 = icmp eq %struct.inode.222506* %43, null br i1 %44, label %126, label %45 %46 = load i32, i32* %35, align 8 %47 = and i32 %46, 4096 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %128 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %129 = bitcast %struct.anon.1* %40 to i8* store volatile i8 0, i8* %129, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.dentry.150061*)* @dput to void (%struct.dentry.222508*)*)(%struct.dentry.222508* %31) #78 tail call void @up_read(%struct.rw_semaphore* %27) #78 tail call void @kfree(i8* null) #78 br label %130 %131 = getelementptr inbounds %struct.nfs_unlinkdata.222570, %struct.nfs_unlinkdata.222570* %12, i64 0, i32 4 %132 = load %struct.cred*, %struct.cred** %131, align 8 %133 = icmp eq %struct.cred* %132, null br i1 %133, label %140, label %134 %135 = getelementptr inbounds %struct.cred, %struct.cred* %132, i64 0, i32 0, i32 0 %136 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %135, i32* %135) #6, !srcloc !6 %137 = and i8 %136, 1 %138 = icmp eq i8 %137, 0 br i1 %138, label %140, label %139 tail call void @__put_cred(%struct.cred* nonnull %132) #78 ------------- Use: =BAD PATH= Call Stack: 0 __put_nfs_open_context 1 nfs_file_clear_open_context 2 nfs_file_release ------------- Path:  Function:nfs_file_release %3 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %0, i64 0, i32 8 %4 = load %struct.super_block.215246*, %struct.super_block.215246** %3, align 8 %5 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.215399** %7 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 17 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 tail call void bitcast (void (%struct.file.216574*)* @nfs_file_clear_open_context to void (%struct.file.215264*)*)(%struct.file.215264* %1) #78 Function:nfs_file_clear_open_context %2 = getelementptr inbounds %struct.file.216574, %struct.file.216574* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.nfs_open_context.216977** %4 = load %struct.nfs_open_context.216977*, %struct.nfs_open_context.216977** %3, align 8 %5 = icmp eq %struct.nfs_open_context.216977* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %4, i64 0, i32 2 %8 = load %struct.dentry.216888*, %struct.dentry.216888** %7, align 8 %9 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %8, i64 0, i32 5 %10 = load %struct.inode.216899*, %struct.inode.216899** %9, align 8 %11 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %4, i64 0, i32 7 %12 = bitcast i64* %11 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %12, i32 -17, i8* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %4, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, 0 br i1 %15, label %16, label %20 %17 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %10, i64 0, i32 9 %18 = load %struct.address_space.216900*, %struct.address_space.216900** %17, align 8 %19 = tail call i32 bitcast (i32 (%struct.address_space.122387*)* @invalidate_inode_pages2 to i32 (%struct.address_space.216900*)*)(%struct.address_space.216900* %18) #78 br label %20 store i8* null, i8** %2, align 8 tail call fastcc void @__put_nfs_open_context(%struct.nfs_open_context.216977* nonnull %4, i32 1) #78 Function:__put_nfs_open_context %3 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 2 %4 = load %struct.dentry.216888*, %struct.dentry.216888** %3, align 8 %5 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %4, i64 0, i32 5 %6 = load %struct.inode.216899*, %struct.inode.216899** %5, align 8 %7 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %4, i64 0, i32 9 %8 = load %struct.super_block.216885*, %struct.super_block.216885** %7, align 8 %9 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 9 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %32, label %23 %33 = icmp eq %struct.inode.216899* %6, null br i1 %33, label %46, label %34 %47 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 3 %48 = load %struct.cred*, %struct.cred** %47, align 8 %49 = icmp eq %struct.cred* %48, null br i1 %49, label %56, label %50 %51 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 0, i32 0 %52 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !10 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 tail call void @__put_cred(%struct.cred* nonnull %48) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_access_zap_cache 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_fs_context 1 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.158414*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #78 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 5 %3 = load %struct.dentry.158354*, %struct.dentry.158354** %2, align 8 %4 = icmp eq %struct.dentry.158354* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.157989*, %struct.fs_context_operations.157989** %15, align 8 %17 = icmp eq %struct.fs_context_operations.157989* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.157989, %struct.fs_context_operations.157989* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.158414*)*, void (%struct.fs_context.158414*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.158414*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #78 %25 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 %32 = add i32 %29, -1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !5, !misexpect !6 %38 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 8 %39 = load %struct.cred*, %struct.cred** %38, align 8 %40 = icmp eq %struct.cred* %39, null br i1 %40, label %47, label %41 %42 = getelementptr inbounds %struct.cred, %struct.cred* %39, i64 0, i32 0, i32 0 %43 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32* %42) #6, !srcloc !8 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %47, label %46 tail call void @__put_cred(%struct.cred* nonnull %39) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_compat_sys_waitid 5 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 ------------- Good: 199 Bad: 68 Ignored: 205 Check Use of Function:phy_set_max_speed Check Use of Function:rtl_fw_release_firmware Check Use of Function:rtl8169_up Check Use of Function:disable_dmar_iommu Check Use of Function:rtl8169_do_counters Check Use of Function:dma_unmap_page_attrs Check Use of Function:pci_write_config_byte Check Use of Function:pci_read_config_dword Use: =BAD PATH= Call Stack: 0 pci_map_rom 1 pci_read_rom ------------- Path:  Function:pci_read_rom %7 = alloca i64, align 8 %8 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %9 = bitcast %struct.qspinlock* %8 to %struct.pci_dev.318968* %10 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 432, i32 0, i32 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %30, label %14 %15 = call i8* bitcast (i8* (%struct.pci_dev.322263*, i64*)* @pci_map_rom to i8* (%struct.pci_dev.318968*, i64*)*)(%struct.pci_dev.318968* %9, i64* nonnull %7) #78 Function:pci_map_rom %3 = alloca i32, align 4 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca i32, align 4 %6 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6, i32 5 %7 = load %struct.resource*, %struct.resource** %6, align 8 %8 = icmp eq %struct.resource* %7, null br i1 %8, label %9, label %12 %10 = tail call i32 bitcast (i32 (%struct.pci_dev.318968*, i32)* @pci_assign_resource to i32 (%struct.pci_dev.322263*, i32)*)(%struct.pci_dev.322263* %0, i32 6) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %129 %13 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6, i32 0 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 %18 = sub i64 1, %14 %19 = add i64 %18, %16 %20 = select i1 %17, i64 0, i64 %19 store i64 %20, i64* %1, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %129, label %22 %23 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6 %24 = bitcast %struct.cpu_itimer* %4 to i8* %25 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %26 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6, i32 3 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %50, label %29 %30 = and i64 %27, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %51 %33 = getelementptr inbounds %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 1 %34 = load %struct.pci_bus.322252*, %struct.pci_bus.322252** %33, align 8 call void bitcast (void (%struct.pci_bus.318970*, %struct.cpu_itimer*, %struct.resource*)* @pcibios_resource_to_bus to void (%struct.pci_bus.322252*, %struct.cpu_itimer*, %struct.resource*)*)(%struct.pci_bus.322252* %34, %struct.cpu_itimer* nonnull %4, %struct.resource* %23) #78 %35 = getelementptr inbounds %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 22 %36 = load i8, i8* %35, align 8 %37 = zext i8 %36 to i32 %38 = call i32 bitcast (i32 (%struct.pci_dev.318968*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev.322263*, i32, i32*)*)(%struct.pci_dev.322263* %0, i32 %37, i32* nonnull %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 amd_get_subcaches 1 subcaches_show ------------- Path:  Function:subcaches_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 32 %7 = bitcast i8* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = icmp eq i64 %8, 0 br i1 %9, label %13, label %10 %14 = phi i32 [ %12, %10 ], [ 64, %3 ] %15 = tail call i32 @amd_get_subcaches(i32 %14) #78 Function:amd_get_subcaches %2 = alloca i32, align 4 %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.cpuinfo_x86* @cpu_info to i64) %7 = inttoptr i64 %6 to %struct.cpuinfo_x86* %8 = getelementptr inbounds %struct.cpuinfo_x86, %struct.cpuinfo_x86* %7, i64 0, i32 30 %9 = load i16, i16* %8, align 8 %10 = load i16, i16* @amd_northbridges.0, align 8 %11 = icmp ugt i16 %10, %9 %12 = load %struct.amd_northbridge*, %struct.amd_northbridge** @amd_northbridges.2, align 8 %13 = zext i16 %9 to i64 %14 = getelementptr %struct.amd_northbridge, %struct.amd_northbridge* %12, i64 %13 %15 = select i1 %11, %struct.amd_northbridge* %14, %struct.amd_northbridge* null %16 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %15, i64 0, i32 2 %17 = load %struct.pci_dev*, %struct.pci_dev** %16, align 8 %18 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %19 = load i64, i64* @amd_northbridges.1, align 8 %20 = and i64 %19, 4 %21 = icmp eq i64 %20, 0 br i1 %21, label %34, label %22 %23 = call i32 bitcast (i32 (%struct.pci_dev.318968*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %17, i32 468, i32* nonnull %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 cache_disable_1_show ------------- Path:  Function:cache_disable_1_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.318968*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 448, i32* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cache_disable_0_show ------------- Path:  Function:cache_disable_0_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.318968*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 444, i32* nonnull %4) #78 ------------- Good: 1477 Bad: 4 Ignored: 1953 Check Use of Function:pci_write_config_dword Use: =BAD PATH= Call Stack: 0 pci_map_rom 1 pci_read_rom ------------- Path:  Function:pci_read_rom %7 = alloca i64, align 8 %8 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %9 = bitcast %struct.qspinlock* %8 to %struct.pci_dev.318968* %10 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %11 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %8, i64 432, i32 0, i32 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %30, label %14 %15 = call i8* bitcast (i8* (%struct.pci_dev.322263*, i64*)* @pci_map_rom to i8* (%struct.pci_dev.318968*, i64*)*)(%struct.pci_dev.318968* %9, i64* nonnull %7) #78 Function:pci_map_rom %3 = alloca i32, align 4 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca i32, align 4 %6 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6, i32 5 %7 = load %struct.resource*, %struct.resource** %6, align 8 %8 = icmp eq %struct.resource* %7, null br i1 %8, label %9, label %12 %10 = tail call i32 bitcast (i32 (%struct.pci_dev.318968*, i32)* @pci_assign_resource to i32 (%struct.pci_dev.322263*, i32)*)(%struct.pci_dev.322263* %0, i32 6) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %129 %13 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6, i32 0 %14 = load i64, i64* %13, align 8 %15 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 %18 = sub i64 1, %14 %19 = add i64 %18, %16 %20 = select i1 %17, i64 0, i64 %19 store i64 %20, i64* %1, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %129, label %22 %23 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6 %24 = bitcast %struct.cpu_itimer* %4 to i8* %25 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %26 = getelementptr %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 49, i64 6, i32 3 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %50, label %29 %30 = and i64 %27, 2 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %51 %33 = getelementptr inbounds %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 1 %34 = load %struct.pci_bus.322252*, %struct.pci_bus.322252** %33, align 8 call void bitcast (void (%struct.pci_bus.318970*, %struct.cpu_itimer*, %struct.resource*)* @pcibios_resource_to_bus to void (%struct.pci_bus.322252*, %struct.cpu_itimer*, %struct.resource*)*)(%struct.pci_bus.322252* %34, %struct.cpu_itimer* nonnull %4, %struct.resource* %23) #78 %35 = getelementptr inbounds %struct.pci_dev.322263, %struct.pci_dev.322263* %0, i64 0, i32 22 %36 = load i8, i8* %35, align 8 %37 = zext i8 %36 to i32 %38 = call i32 bitcast (i32 (%struct.pci_dev.318968*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev.322263*, i32, i32*)*)(%struct.pci_dev.322263* %0, i32 %37, i32* nonnull %5) #78 %39 = load i32, i32* %5, align 4 %40 = and i32 %39, 2046 %41 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %42 = load i64, i64* %41, align 8 %43 = trunc i64 %42 to i32 %44 = or i32 %40, %43 %45 = or i32 %44, 1 store i32 %45, i32* %5, align 4 %46 = load i8, i8* %35, align 8 %47 = zext i8 %46 to i32 %48 = call i32 bitcast (i32 (%struct.pci_dev.318968*, i32, i32)* @pci_write_config_dword to i32 (%struct.pci_dev.322263*, i32, i32)*)(%struct.pci_dev.322263* %0, i32 %47, i32 %45) #78 ------------- Good: 1029 Bad: 1 Ignored: 834 Check Use of Function:pci_irq_vector Check Use of Function:xhci_dbg_trace Check Use of Function:xhci_run Check Use of Function:wait_for_completion_timeout Check Use of Function:iommu_enable_translation Check Use of Function:i8042_flush Check Use of Function:__i8042_command Check Use of Function:free_irq Use: =BAD PATH= Call Stack: 0 hpet_release ------------- Path:  Function:hpet_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds i8, i8* %4, i64 16 %6 = bitcast i8* %5 to i64** %7 = load i64*, i64** %6, align 8 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @hpet_lock, i64 0, i32 0, i32 0)) #78 %8 = tail call i64 asm sideeffect "movq $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7) #6, !srcloc !4 %9 = and i64 %8, -5 tail call void asm sideeffect "movq $0,$1", "r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64 %9, i64* %7) #6, !srcloc !5 %10 = getelementptr inbounds i8, i8* %4, i64 76 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 store i32 0, i32* %11, align 4 %13 = getelementptr inbounds i8, i8* %4, i64 24 %14 = bitcast i8* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds i8, i8* %4, i64 72 %16 = bitcast i8* %15 to i32* %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = tail call i64 asm sideeffect "movq $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7) #6, !srcloc !4 %22 = and i64 %21, 8 %23 = icmp eq i64 %22, 0 br i1 %23, label %27, label %24 %28 = load i32, i32* %16, align 8 %29 = and i32 %28, -8 store i32 %29, i32* %16, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @hpet_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = icmp eq i32 %12, 0 br i1 %30, label %33, label %31 %32 = tail call i8* @free_irq(i32 %12, i8* %4) #78 ------------- Good: 92 Bad: 1 Ignored: 54 Check Use of Function:irq_chip_pm_put Check Use of Function:cgroup_lock_and_drain_offline Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup1_procs_write 2 cgroup1_procs_write ------------- Path:  Function:cgroup1_procs_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file* %0, i8* %1, i64 %2, i1 zeroext true) #78 Function:__cgroup1_procs_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %7, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup1_procs_write 2 cgroup1_tasks_write ------------- Path:  Function:cgroup1_tasks_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file* %0, i8* %1, i64 %2, i1 zeroext false) #78 Function:__cgroup1_procs_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %7, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_mkdir 2 kernfs_iop_mkdir ------------- Path:  Function:kernfs_iop_mkdir %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 47 %6 = bitcast i8** %5 to %struct.kernfs_node** %7 = load %struct.kernfs_node*, %struct.kernfs_node** %6, align 8 %8 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 2 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = icmp eq %struct.kernfs_node* %9, null %11 = select i1 %10, %struct.kernfs_node* %7, %struct.kernfs_node* %9 %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 7, i32 0, i32 2 %13 = load %struct.kernfs_root*, %struct.kernfs_root** %12, align 8 %14 = getelementptr inbounds %struct.kernfs_root, %struct.kernfs_root* %13, i64 0, i32 5 %15 = load %struct.kernfs_syscall_ops*, %struct.kernfs_syscall_ops** %14, align 8 %16 = icmp eq %struct.kernfs_syscall_ops* %15, null br i1 %16, label %51, label %17 %18 = getelementptr inbounds %struct.kernfs_syscall_ops, %struct.kernfs_syscall_ops* %15, i64 0, i32 1 %19 = load i32 (%struct.kernfs_node*, i8*, i16)*, i32 (%struct.kernfs_node*, i8*, i16)** %18, align 8 %20 = icmp eq i32 (%struct.kernfs_node*, i8*, i16)* %19, null br i1 %20, label %51, label %21 %22 = icmp eq %struct.kernfs_node* %7, null br i1 %22, label %51, label %23, !prof !4, !misexpect !5 %24 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %7, i64 0, i32 1, i32 0 %25 = load volatile i32, i32* %24, align 4 %26 = icmp sgt i32 %25, -1 br i1 %26, label %27, label %51, !prof !6, !misexpect !5 %28 = phi i32 [ %35, %34 ], [ %25, %23 ] %29 = add nuw i32 %28, 1 %30 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %24, i32 %29, i32* %24, i32 %28) #6, !srcloc !7 %31 = extractvalue { i8, i32 } %30, 0 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %34, label %37, !prof !4, !misexpect !5 %38 = load i32 (%struct.kernfs_node*, i8*, i16)*, i32 (%struct.kernfs_node*, i8*, i16)** %18, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4, i32 1 %40 = load i8*, i8** %39, align 8 %41 = tail call i32 %38(%struct.kernfs_node* nonnull %7, i8* %40, i16 zeroext %3) #78 Function:cgroup_mkdir %4 = alloca %struct.iattr, align 8 %5 = tail call i8* @strchr(i8* %1, i32 10) #78 %6 = icmp eq i8* %5, null br i1 %6, label %7, label %317 %8 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %0, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_type_write ------------- Path:  Function:cgroup_type_write %5 = tail call i8* @strim(i8* %1) #78 %6 = tail call i32 @strcmp(i8* %5, i8* dereferenceable(9) getelementptr inbounds ([9 x i8], [9 x i8]* @.str.65.10430, i64 0, i64 0)) #79 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %242 %9 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %10 = load %struct.kernfs_node*, %struct.kernfs_node** %9, align 8 %11 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %10, i1 zeroext true) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup_procs_write 2 cgroup_procs_write ------------- Path:  Function:cgroup_procs_write %5 = tail call fastcc i64 @__cgroup_procs_write(%struct.kernfs_open_file* %0, i8* %1, i1 zeroext true) #78 Function:__cgroup_procs_write %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %6 = bitcast i8** %5 to %struct.cgroup_file_ctx** %7 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %6, align 8 store i8 0, i8* %4, align 1 %8 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %9, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup_procs_write 2 cgroup_threads_write ------------- Path:  Function:cgroup_threads_write %5 = tail call fastcc i64 @__cgroup_procs_write(%struct.kernfs_open_file* %0, i8* %1, i1 zeroext false) #78 Function:__cgroup_procs_write %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 3 %6 = bitcast i8** %5 to %struct.cgroup_file_ctx** %7 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %6, align 8 store i8 0, i8* %4, align 1 %8 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %9 = load %struct.kernfs_node*, %struct.kernfs_node** %8, align 8 %10 = tail call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %9, i1 zeroext false) #78 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_subtree_control_write ------------- Path:  Function:cgroup_subtree_control_write %5 = alloca i8*, align 8 %6 = tail call i8* @strim(i8* %1) #78 store i8* %6, i8** %5, align 8 br label %7 %8 = phi i16 [ %75, %73 ], [ 0, %4 ] %9 = phi i16 [ %76, %73 ], [ 0, %4 ] br label %10 %11 = call i8* @strsep(i8** nonnull %5, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.67.10424, i64 0, i64 0)) #78 %12 = icmp eq i8* %11, null br i1 %12, label %78, label %13 %79 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %80 = load %struct.kernfs_node*, %struct.kernfs_node** %79, align 8 %81 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %80, i1 zeroext true) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_max_descendants_write ------------- Path:  Function:cgroup_max_descendants_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 %8 = tail call i32 @strcmp(i8* %7, i8* dereferenceable(4) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.10420, i64 0, i64 0)) #79 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11 store i32 2147483647, i32* %5, align 4 br label %19 %20 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %21 = load %struct.kernfs_node*, %struct.kernfs_node** %20, align 8 %22 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %21, i1 zeroext false) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_max_depth_write ------------- Path:  Function:cgroup_max_depth_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 %8 = tail call i32 @strcmp(i8* %7, i8* dereferenceable(4) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.71.10420, i64 0, i64 0)) #79 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %11 store i32 2147483647, i32* %5, align 4 br label %19 %20 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %21 = load %struct.kernfs_node*, %struct.kernfs_node** %20, align 8 %22 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %21, i1 zeroext false) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_freeze_write ------------- Path:  Function:cgroup_freeze_write %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = tail call i8* @strim(i8* %1) #78 %8 = call i32 @kstrtoint(i8* %7, i32 0, i32* nonnull %5) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %12, label %10 %13 = load i32, i32* %5, align 4 %14 = icmp ugt i32 %13, 1 br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %17 = load %struct.kernfs_node*, %struct.kernfs_node** %16, align 8 %18 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %17, i1 zeroext false) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 cgroup_kill_write ------------- Path:  Function:cgroup_kill_write %5 = alloca %struct.css_task_iter, align 8 %6 = alloca i32, align 4 %7 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %8 = tail call i8* @strim(i8* %1) #78 %9 = call i32 @kstrtoint(i8* %8, i32 0, i32* nonnull %6) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i32, i32* %6, align 4 %15 = icmp eq i32 %14, 1 br i1 %15, label %16, label %135 %17 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %0, i64 0, i32 0 %18 = load %struct.kernfs_node*, %struct.kernfs_node** %17, align 8 %19 = call %struct.cgroup* @cgroup_kn_lock_live(%struct.kernfs_node* %18, i1 zeroext false) #79 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node, %struct.kernfs_node* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup** %14 = load %struct.cgroup*, %struct.cgroup** %13, align 8 %15 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %20 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = and i64 %21, 3 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.cgroup, %struct.cgroup* %14, i64 0, i32 0, i32 2, i32 1 %28 = load %struct.percpu_ref_data*, %struct.percpu_ref_data** %27, align 8 %29 = getelementptr inbounds %struct.percpu_ref_data, %struct.percpu_ref_data* %28, i64 0, i32 0, i32 0 %30 = load volatile i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !9, !misexpect !6 %33 = phi i64 [ %40, %39 ], [ %30, %26 ] %34 = add i64 %33, 1 %35 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %29, i64 %34, i64* %29, i64 %33) #6, !srcloc !10 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %42, !prof !9, !misexpect !6 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !9, !misexpect !6 %43 = phi i64 [ 0, %26 ], [ %33, %32 ], [ 0, %39 ] %44 = icmp eq i64 %43, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br i1 %44, label %53, label %45 tail call void @kernfs_break_active_protection(%struct.kernfs_node* %0) #78 br i1 %1, label %46, label %47 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup* %14) #79 ------------- Good: 3 Bad: 11 Ignored: 11 Check Use of Function:check_cgroupfs_options Check Use of Function:logfc Check Use of Function:cgroup_free_root Check Use of Function:init_cgroup_root Check Use of Function:cgroup_do_get_tree Check Use of Function:cgroup_setup_root Check Use of Function:security_msg_queue_associate Use: =BAD PATH= Call Stack: 0 ksys_msgget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #78 Function:compat_ksys_ipc %7 = alloca i64, align 8 %8 = bitcast i64* %7 to %struct.util_est* %9 = alloca i64, align 8 %10 = lshr i32 %0, 16 %11 = trunc i32 %0 to i16 switch i16 %11, label %115 [ i16 1, label %12 i16 4, label %17 i16 2, label %24 i16 3, label %27 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %101 i16 23, label %106 i16 24, label %110 ] %72 = tail call i64 @ksys_msgget(i32 %1, i32 %2) #78 Function:ksys_msgget %3 = alloca %struct.ipc_params, align 8 %4 = bitcast %struct.ipc_params* %3 to i8* %5 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 2, i32 0 store i64 0, i64* %5, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 94 %9 = load %struct.nsproxy*, %struct.nsproxy** %8, align 8 %10 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %9, i64 0, i32 2 %11 = load %struct.ipc_namespace*, %struct.ipc_namespace** %10, align 8 %12 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 store i32 %0, i32* %12, align 8 %13 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 store i32 %1, i32* %13, align 4 %14 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 0, i64 1 %15 = call i32 bitcast (i32 (%struct.ipc_namespace.264868*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265757*, %struct.ipc_params*)*)(%struct.ipc_namespace* %11, %struct.ipc_ids* %14, %struct.ipc_ops.265757* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_msgget ------------- Path:  Function:__x64_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 0, i64* %10, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 94 %14 = load %struct.nsproxy*, %struct.nsproxy** %13, align 8 %15 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace*, %struct.ipc_namespace** %15, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %18, align 4 %19 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %16, i64 0, i32 0, i64 1 %20 = call i32 bitcast (i32 (%struct.ipc_namespace.264868*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265757*, %struct.ipc_params*)*)(%struct.ipc_namespace* %16, %struct.ipc_ids* %19, %struct.ipc_ops.265757* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_msgget ------------- Path:  Function:__ia32_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 0, i64* %10, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 94 %14 = load %struct.nsproxy*, %struct.nsproxy** %13, align 8 %15 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace*, %struct.ipc_namespace** %15, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %18, align 4 %19 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %16, i64 0, i32 0, i64 1 %20 = call i32 bitcast (i32 (%struct.ipc_namespace.264868*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265757*, %struct.ipc_params*)*)(%struct.ipc_namespace* %16, %struct.ipc_ids* %19, %struct.ipc_ops.265757* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #78 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:tcp_send_window_probe Check Use of Function:copy_page_from_iter Check Use of Function:copy_page_to_iter Check Use of Function:disable_irq Check Use of Function:unpin_user_pages_dirty_lock Check Use of Function:tcp_set_congestion_control Check Use of Function:__create_xol_area Check Use of Function:arch_uprobe_ignore Check Use of Function:arch_uretprobe_hijack_return_addr Check Use of Function:arch_uretprobe_is_alive Check Use of Function:xol_free_insn_slot Check Use of Function:free_ret_instance Check Use of Function:pci_mmcfg_late_init Check Use of Function:unapply_uprobe Check Use of Function:arch_uprobe_copy_ixol Check Use of Function:__uprobe_unregister Check Use of Function:down_write_killable Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #78 Function:compat_ksys_ipc %7 = alloca i64, align 8 %8 = bitcast i64* %7 to %struct.util_est* %9 = alloca i64, align 8 %10 = lshr i32 %0, 16 %11 = trunc i32 %0 to i16 switch i16 %11, label %115 [ i16 1, label %12 i16 4, label %17 i16 2, label %24 i16 3, label %27 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %101 i16 23, label %106 i16 24, label %110 ] %102 = zext i32 %4 to i64 %103 = inttoptr i64 %102 to i8* %104 = tail call i64 @ksys_shmdt(i8* %103) #78 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #78 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __ia32_sys_shmdt ------------- Path:  Function:__ia32_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call i64 @ksys_shmdt(i8* %5) #78 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #78 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __x64_sys_shmdt ------------- Path:  Function:__x64_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call i64 @ksys_shmdt(i8* %4) #78 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #78 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %5, i64 0, i32 0, i32 17 %13 = tail call i32 @down_write_killable(%struct.rw_semaphore* %12) #78 ------------- Use: =BAD PATH= Call Stack: 0 clear_refs_write ------------- Path:  Function:clear_refs_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = alloca %struct.mmu_notifier_range, align 8 %8 = alloca %struct.kuid_t, align 4 %9 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %10 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %11 = icmp ult i64 %2, 12 %12 = select i1 %11, i64 %2, i64 12 %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %1, i64 %12) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %123 %16 = call i8* @strim(i8* nonnull %9) #78 %17 = call i32 @kstrtoint(i8* %16, i32 10, i32* nonnull %6) #78 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %21 %22 = load i32, i32* %6, align 4 %23 = add i32 %22, -1 %24 = icmp ugt i32 %23, 4 br i1 %24, label %123, label %25 %26 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %27 = load %struct.inode*, %struct.inode** %26, align 8 %28 = getelementptr %struct.inode, %struct.inode* %27, i64 -1, i32 41, i32 13 %29 = bitcast %struct.list_head* %28 to %struct.pid** %30 = load %struct.pid*, %struct.pid** %29, align 8 %31 = call %struct.task_struct* @get_pid_task(%struct.pid* %30, i32 0) #78 %32 = icmp eq %struct.task_struct* %31, null br i1 %32, label %123, label %33 %34 = call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %31) #78 %35 = icmp eq %struct.mm_struct* %34, null br i1 %35, label %111, label %36 %37 = bitcast %struct.mmu_notifier_range* %7 to i8* %38 = bitcast %struct.kuid_t* %8 to i8* %39 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %8, i64 0, i32 0 store i32 %22, i32* %39, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@clear_refs_write, %40)) #6 to label %41 [label %40], !srcloc !4 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %34, i1 zeroext true) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %34, i64 0, i32 0, i32 17 %43 = call i32 @down_write_killable(%struct.rw_semaphore* %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #78 br label %32 %33 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %34 = tail call i32 @down_write_killable(%struct.rw_semaphore* %33) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #78 br label %32 %33 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 %34 = tail call i32 @down_write_killable(%struct.rw_semaphore* %33) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __ia32_sys_mremap ------------- Path:  Function:__ia32_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_mremap(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__do_sys_mremap %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.list_head, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.133045** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.133045**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.133045* %13 = getelementptr inbounds %struct.task_struct.133045, %struct.task_struct.133045* %12, i64 0, i32 38 %14 = load %struct.mm_struct.132944*, %struct.mm_struct.132944** %13, align 64 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 store i8 0, i8* %8, align 1 %16 = bitcast %struct.list_head* %9 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %18, align 8 %19 = bitcast %struct.list_head* %10 to i8* %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 store %struct.list_head* %10, %struct.list_head** %20, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 1 store %struct.list_head* %10, %struct.list_head** %21, align 8 %22 = icmp ult i64 %3, 8 br i1 %22, label %23, label %286 %24 = and i64 %3, 2 %25 = and i64 %3, 1 %26 = icmp eq i64 %25, 0 %27 = and i64 %3, 3 %28 = icmp eq i64 %27, 2 br i1 %28, label %286, label %29 %30 = and i64 %3, 4 %31 = icmp eq i64 %30, 0 br i1 %31, label %36, label %32 %33 = icmp ne i64 %25, 0 %34 = icmp eq i64 %1, %2 %35 = and i1 %34, %33 br i1 %35, label %36, label %286 %37 = and i64 %0, 4095 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %286 %40 = add i64 %1, 4095 %41 = and i64 %40, -4096 %42 = add i64 %2, 4095 %43 = and i64 %42, -4096 %44 = icmp eq i64 %43, 0 br i1 %44, label %286, label %45 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %46)) #6 to label %47 [label %46], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132944*, i1)*)(%struct.mm_struct.132944* %14, i1 zeroext true) #78 br label %47 %48 = getelementptr inbounds %struct.mm_struct.132944, %struct.mm_struct.132944* %14, i64 0, i32 0, i32 17 %49 = call i32 @down_write_killable(%struct.rw_semaphore* %48) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __x64_sys_mremap ------------- Path:  Function:__x64_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_mremap(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_mremap %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.list_head, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.133045** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.133045**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.133045* %13 = getelementptr inbounds %struct.task_struct.133045, %struct.task_struct.133045* %12, i64 0, i32 38 %14 = load %struct.mm_struct.132944*, %struct.mm_struct.132944** %13, align 64 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 store i8 0, i8* %8, align 1 %16 = bitcast %struct.list_head* %9 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %18, align 8 %19 = bitcast %struct.list_head* %10 to i8* %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 store %struct.list_head* %10, %struct.list_head** %20, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 1 store %struct.list_head* %10, %struct.list_head** %21, align 8 %22 = icmp ult i64 %3, 8 br i1 %22, label %23, label %286 %24 = and i64 %3, 2 %25 = and i64 %3, 1 %26 = icmp eq i64 %25, 0 %27 = and i64 %3, 3 %28 = icmp eq i64 %27, 2 br i1 %28, label %286, label %29 %30 = and i64 %3, 4 %31 = icmp eq i64 %30, 0 br i1 %31, label %36, label %32 %33 = icmp ne i64 %25, 0 %34 = icmp eq i64 %1, %2 %35 = and i1 %34, %33 br i1 %35, label %36, label %286 %37 = and i64 %0, 4095 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %286 %40 = add i64 %1, 4095 %41 = and i64 %40, -4096 %42 = add i64 %2, 4095 %43 = and i64 %42, -4096 %44 = icmp eq i64 %43, 0 br i1 %44, label %286, label %45 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %46)) #6 to label %47 [label %46], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132944*, i1)*)(%struct.mm_struct.132944* %14, i1 zeroext true) #78 br label %47 %48 = getelementptr inbounds %struct.mm_struct.132944, %struct.mm_struct.132944* %14, i64 0, i32 0, i32 17 %49 = call i32 @down_write_killable(%struct.rw_semaphore* %48) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_pkey_mprotect ------------- Path:  Function:__ia32_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 %13) #78 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.132530*, align 8 %6 = bitcast %struct.vm_area_struct.132530** %5 to i8* store %struct.vm_area_struct.132530* null, %struct.vm_area_struct.132530** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %33 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %33, i1 zeroext true) #78 br label %35 %36 = getelementptr inbounds %struct.mm_struct.132543, %struct.mm_struct.132543* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_pkey_mprotect ------------- Path:  Function:__x64_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 %10) #78 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.132530*, align 8 %6 = bitcast %struct.vm_area_struct.132530** %5 to i8* store %struct.vm_area_struct.132530* null, %struct.vm_area_struct.132530** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %33 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %33, i1 zeroext true) #78 br label %35 %36 = getelementptr inbounds %struct.mm_struct.132543, %struct.mm_struct.132543* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_mprotect ------------- Path:  Function:__ia32_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 -1) #78 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.132530*, align 8 %6 = bitcast %struct.vm_area_struct.132530** %5 to i8* store %struct.vm_area_struct.132530* null, %struct.vm_area_struct.132530** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %33 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %33, i1 zeroext true) #78 br label %35 %36 = getelementptr inbounds %struct.mm_struct.132543, %struct.mm_struct.132543* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_mprotect ------------- Path:  Function:__x64_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 -1) #78 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.132530*, align 8 %6 = bitcast %struct.vm_area_struct.132530** %5 to i8* store %struct.vm_area_struct.132530* null, %struct.vm_area_struct.132530** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %33 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %33, i1 zeroext true) #78 br label %35 %36 = getelementptr inbounds %struct.mm_struct.132543, %struct.mm_struct.132543* %33, i64 0, i32 0, i32 17 %37 = tail call i32 @down_write_killable(%struct.rw_semaphore* %36) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __ia32_sys_remap_file_pages ------------- Path:  Function:__ia32_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 64 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #79 br label %31 %32 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %10, i64 0, i32 0, i32 17 %33 = tail call i32 @down_write_killable(%struct.rw_semaphore* %32) #79 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __x64_sys_remap_file_pages ------------- Path:  Function:__x64_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 64 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #79 br label %31 %32 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %10, i64 0, i32 0, i32 17 %33 = tail call i32 @down_write_killable(%struct.rw_semaphore* %32) #79 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __ia32_sys_brk ------------- Path:  Function:__ia32_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__do_sys_brk(i64 %4) #78 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 38 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 64 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #78 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 17 %13 = call i32 @down_write_killable(%struct.rw_semaphore* %12) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __x64_sys_brk ------------- Path:  Function:__x64_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__do_sys_brk(i64 %3) #78 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 38 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 64 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #78 br label %11 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %6, i64 0, i32 0, i32 17 %13 = call i32 @down_write_killable(%struct.rw_semaphore* %12) #78 ------------- Use: =BAD PATH= Call Stack: 0 vm_munmap 1 kill_ioctx 2 __se_sys_io_destroy 3 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #78 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #78 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !10, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17691, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !11 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #78 Function:vm_munmap %3 = alloca %struct.list_head, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 38 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 64 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_munmap, %11)) #6 to label %12 [label %11], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext true) #78 br label %12 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %7, i64 0, i32 0, i32 17 %14 = call i32 @down_write_killable(%struct.rw_semaphore* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 vm_munmap 1 kill_ioctx 2 __se_sys_io_destroy 3 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #78 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #78 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !10, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17691, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !11 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #78 Function:vm_munmap %3 = alloca %struct.list_head, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 38 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 64 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_munmap, %11)) #6 to label %12 [label %11], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext true) #78 br label %12 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %7, i64 0, i32 0, i32 17 %14 = call i32 @down_write_killable(%struct.rw_semaphore* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __ia32_sys_mlockall ------------- Path:  Function:__ia32_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #78 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.131117* %10 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %9, i64 0, i32 95 %11 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %10, align 32 %12 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %11, i64 0, i32 49, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #78 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %10, align 32 br label %19 %20 = phi %struct.signal_struct.131066* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %20, i64 0, i32 49, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %9, i64 0, i32 38 %25 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %24, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %25, i1 zeroext true) #78 br label %27 %28 = getelementptr inbounds %struct.mm_struct.131018, %struct.mm_struct.131018* %25, i64 0, i32 0, i32 17 %29 = tail call i32 @down_write_killable(%struct.rw_semaphore* %28) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __x64_sys_mlockall ------------- Path:  Function:__x64_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #78 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.131117* %10 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %9, i64 0, i32 95 %11 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %10, align 32 %12 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %11, i64 0, i32 49, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #78 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %10, align 32 br label %19 %20 = phi %struct.signal_struct.131066* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %20, i64 0, i32 49, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %9, i64 0, i32 38 %25 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %24, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %25, i1 zeroext true) #78 br label %27 %28 = getelementptr inbounds %struct.mm_struct.131018, %struct.mm_struct.131018* %25, i64 0, i32 0, i32 17 %29 = tail call i32 @down_write_killable(%struct.rw_semaphore* %28) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __ia32_sys_munlock ------------- Path:  Function:__ia32_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_munlock(i64 %4, i64 %7) #78 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.131117* %5 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %4, i64 0, i32 38 %6 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %6, i1 zeroext true) #78 br label %8 %9 = getelementptr inbounds %struct.mm_struct.131018, %struct.mm_struct.131018* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __x64_sys_munlock ------------- Path:  Function:__x64_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_munlock(i64 %3, i64 %5) #78 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.131117* %5 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %4, i64 0, i32 38 %6 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %6, i1 zeroext true) #78 br label %8 %9 = getelementptr inbounds %struct.mm_struct.131018, %struct.mm_struct.131018* %6, i64 0, i32 0, i32 17 %10 = tail call i32 @down_write_killable(%struct.rw_semaphore* %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock2 ------------- Path:  Function:__ia32_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %17 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i64 8192, i64 532480 %15 = tail call fastcc i32 @do_mlock(i64 %12, i64 %9, i64 %14) #78 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.131117* %6 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 95 %7 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 %8 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #78 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 br label %15 %16 = phi %struct.signal_struct.131066* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 38 %26 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %26, i1 zeroext true) #78 br label %28 %29 = getelementptr inbounds %struct.mm_struct.131018, %struct.mm_struct.131018* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock2 ------------- Path:  Function:__x64_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %15 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = icmp eq i32 %4, 0 %12 = select i1 %11, i64 8192, i64 532480 %13 = tail call fastcc i32 @do_mlock(i64 %10, i64 %8, i64 %12) #78 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.131117* %6 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 95 %7 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 %8 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #78 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 br label %15 %16 = phi %struct.signal_struct.131066* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 38 %26 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %26, i1 zeroext true) #78 br label %28 %29 = getelementptr inbounds %struct.mm_struct.131018, %struct.mm_struct.131018* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock ------------- Path:  Function:__ia32_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i32 @do_mlock(i64 %4, i64 %7, i64 8192) #78 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.131117* %6 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 95 %7 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 %8 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #78 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 br label %15 %16 = phi %struct.signal_struct.131066* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 38 %26 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %26, i1 zeroext true) #78 br label %28 %29 = getelementptr inbounds %struct.mm_struct.131018, %struct.mm_struct.131018* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock ------------- Path:  Function:__x64_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i32 @do_mlock(i64 %3, i64 %5, i64 8192) #78 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.131117* %6 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 95 %7 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 %8 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #78 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 br label %15 %16 = phi %struct.signal_struct.131066* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 38 %26 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %26, i1 zeroext true) #78 br label %28 %29 = getelementptr inbounds %struct.mm_struct.131018, %struct.mm_struct.131018* %26, i64 0, i32 0, i32 17 %30 = tail call i32 @down_write_killable(%struct.rw_semaphore* %29) #78 ------------- Use: =BAD PATH= Call Stack: 0 vm_mmap_pgoff 1 vm_mmap 2 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %166 %10 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.449467* %11 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 15 %12 = bitcast %struct.mutex* %11 to i8* %13 = load i8, i8* %12, align 8 %14 = zext i8 %13 to i32 %15 = shl nuw nsw i32 %14, 8 %16 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %10, i64 0, i32 3, i32 1 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i32 %19 = or i32 %15, %18 %20 = icmp ugt i32 %19, 3072 br i1 %20, label %166, label %21 %22 = getelementptr inbounds i8, i8* %1, i64 32 %23 = bitcast i8* %22 to i64* %24 = load i64, i64* %23, align 8 %25 = icmp ult i64 %24, 2 br i1 %25, label %26, label %166 %27 = icmp eq i64 %24, 0 br i1 %27, label %32, label %28 %29 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %30 = and i64 %29, 65536 %31 = icmp eq i64 %30, 0 br i1 %31, label %166, label %32 %33 = bitcast i8* %1 to i32* %34 = load i32, i32* %33, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %36 = zext i32 %34 to i64 %37 = tail call i8* @idr_find(%struct.idr* %35, i64 %36) #78 %38 = bitcast i8* %37 to %struct.drm_i915_gem_object.449204* %39 = icmp eq i8* %37, null br i1 %39, label %64, label %40 %41 = bitcast i8* %37 to %struct.seqcount_spinlock* %42 = bitcast i8* %37 to i32* %43 = load volatile i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %46 = phi i32 [ %53, %52 ], [ %43, %40 ] %47 = add i32 %46, 1 %48 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %42, i32 %47, i32* nonnull %42, i32 %46) #6, !srcloc !5 %49 = extractvalue { i8, i32 } %48, 0 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %55, !prof !6, !misexpect !7 %53 = extractvalue { i8, i32 } %48, 1 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %45 %56 = phi i32 [ 0, %40 ], [ %46, %45 ], [ 0, %52 ] %57 = add i32 %56, 1 %58 = or i32 %57, %56 %59 = icmp sgt i32 %58, -1 br i1 %59, label %61, label %60, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %41, i32 0) #78 br label %61 %62 = icmp eq i32 %56, 0 %63 = select i1 %62, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %38 br label %64 %65 = phi %struct.drm_i915_gem_object.449204* [ null, %32 ], [ %63, %61 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %66 = icmp eq %struct.drm_i915_gem_object.449204* %65, null br i1 %66, label %166, label %67 %68 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 3 %69 = load %struct.file*, %struct.file** %68, align 8 %70 = icmp eq %struct.file* %69, null br i1 %70, label %151, label %71 %72 = getelementptr inbounds i8, i8* %1, i64 8 %73 = bitcast i8* %72 to i64* %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds i8, i8* %1, i64 16 %76 = bitcast i8* %75 to i64* %77 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 5 %78 = load i64, i64* %77, align 8 %79 = icmp ugt i64 %78, %74 br i1 %79, label %80, label %151 %81 = load i64, i64* %76, align 8 %82 = sub i64 %78, %74 %83 = icmp ugt i64 %81, %82 br i1 %83, label %151, label %84 %85 = tail call i64 @vm_mmap(%struct.file* nonnull %69, i64 0, i64 %81, i64 3, i64 1, i64 %74) #78 Function:vm_mmap %7 = add i64 %2, 4095 %8 = and i64 %7, -4096 %9 = xor i64 %5, -1 %10 = icmp ule i64 %8, %9 %11 = and i64 %5, 4095 %12 = icmp eq i64 %11, 0 %13 = and i1 %10, %12 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %15 = lshr i64 %5, 12 %16 = tail call i64 @vm_mmap_pgoff(%struct.file* %0, i64 %1, i64 %2, i64 %3, i64 %4, i64 %15) #78 Function:vm_mmap_pgoff %7 = alloca i64, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = call i32 @security_mmap_file(%struct.file* %0, i64 %3, i64 %4) #78 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %37 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_mmap_pgoff, %21)) #6 to label %22 [label %21], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext true) #78 br label %22 %23 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %12, i64 0, i32 0, i32 17 %24 = call i32 @down_write_killable(%struct.rw_semaphore* %23) #78 ------------- Use: =BAD PATH= Call Stack: 0 write_ldt 1 __se_sys_modify_ldt 2 __ia32_sys_modify_ldt ------------- Path:  Function:__ia32_sys_modify_ldt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_modify_ldt(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_modify_ldt %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* switch i32 %4, label %50 [ i32 0, label %6 i32 1, label %39 i32 2, label %41 i32 17, label %48 ] %49 = tail call fastcc i32 @write_ldt(i8* %5, i64 %2, i32 0) #78 Function:write_ldt %4 = alloca i64, align 8 %5 = alloca %struct.spinlock*, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.user_desc, align 4 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 38 %11 = load %struct.mm_struct*, %struct.mm_struct** %10, align 64 %12 = bitcast %struct.user_desc* %7 to i8* %13 = icmp eq i64 %1, 16 br i1 %13, label %14, label %267 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %0, i64 16) #78 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %267 %18 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp ugt i32 %19, 8191 br i1 %20, label %267, label %21 %22 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 3 %23 = load i8, i8* %22, align 4 %24 = and i8 %23, 6 %25 = icmp eq i8 %24, 6 br i1 %25, label %26, label %31 %27 = icmp ne i32 %2, 0 %28 = and i8 %23, 32 %29 = icmp eq i8 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %267, label %41 %42 = phi i1 [ false, %37 ], [ false, %33 ], [ true, %31 ], [ true, %26 ] %43 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 2 %47 = load i32, i32* %46, align 4 br i1 %45, label %48, label %53 %49 = icmp eq i32 %47, 0 %50 = and i8 %23, 127 %51 = icmp eq i8 %50, 40 %52 = and i1 %51, %49 br i1 %52, label %97, label %53 %98 = phi i64 [ 0, %37 ], [ %92, %53 ], [ 0, %48 ] %99 = phi i64 [ 0, %37 ], [ %94, %53 ], [ 0, %48 ] %100 = phi i64 [ 0, %37 ], [ %96, %53 ], [ 0, %48 ] %101 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %11, i64 0, i32 0, i32 44, i32 2 %102 = call i32 @down_write_killable(%struct.rw_semaphore* %101) #78 ------------- Use: =BAD PATH= Call Stack: 0 write_ldt 1 __se_sys_modify_ldt 2 __x64_sys_modify_ldt ------------- Path:  Function:__x64_sys_modify_ldt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_modify_ldt(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_modify_ldt %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* switch i32 %4, label %50 [ i32 0, label %6 i32 1, label %39 i32 2, label %41 i32 17, label %48 ] %49 = tail call fastcc i32 @write_ldt(i8* %5, i64 %2, i32 0) #78 Function:write_ldt %4 = alloca i64, align 8 %5 = alloca %struct.spinlock*, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.user_desc, align 4 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 38 %11 = load %struct.mm_struct*, %struct.mm_struct** %10, align 64 %12 = bitcast %struct.user_desc* %7 to i8* %13 = icmp eq i64 %1, 16 br i1 %13, label %14, label %267 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %0, i64 16) #78 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %267 %18 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp ugt i32 %19, 8191 br i1 %20, label %267, label %21 %22 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 3 %23 = load i8, i8* %22, align 4 %24 = and i8 %23, 6 %25 = icmp eq i8 %24, 6 br i1 %25, label %26, label %31 %27 = icmp ne i32 %2, 0 %28 = and i8 %23, 32 %29 = icmp eq i8 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %267, label %41 %42 = phi i1 [ false, %37 ], [ false, %33 ], [ true, %31 ], [ true, %26 ] %43 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 %46 = getelementptr inbounds %struct.user_desc, %struct.user_desc* %7, i64 0, i32 2 %47 = load i32, i32* %46, align 4 br i1 %45, label %48, label %53 %49 = icmp eq i32 %47, 0 %50 = and i8 %23, 127 %51 = icmp eq i8 %50, 40 %52 = and i1 %51, %49 br i1 %52, label %97, label %53 %98 = phi i64 [ 0, %37 ], [ %92, %53 ], [ 0, %48 ] %99 = phi i64 [ 0, %37 ], [ %94, %53 ], [ 0, %48 ] %100 = phi i64 [ 0, %37 ], [ %96, %53 ], [ 0, %48 ] %101 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %11, i64 0, i32 0, i32 44, i32 2 %102 = call i32 @down_write_killable(%struct.rw_semaphore* %101) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #78 br label %188 %189 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %186, i64 0, i32 0, i32 17 %190 = tail call i32 @down_write_killable(%struct.rw_semaphore* %189) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #78 br label %188 %189 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %186, i64 0, i32 0, i32 17 %190 = tail call i32 @down_write_killable(%struct.rw_semaphore* %189) #78 ------------- Good: 46 Bad: 31 Ignored: 101 Check Use of Function:vm_get_page_prot Check Use of Function:selnl_notify_setenforce Check Use of Function:kill_ioctx Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:cpumask_weight.17702 Use: =BAD PATH= Call Stack: 0 ioctx_alloc 1 __ia32_compat_sys_io_setup ------------- Path:  Function:__ia32_compat_sys_io_setup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to i32* %10 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %8, i64 4, i64 %9) #6, !srcloc !4 %11 = extractvalue { i32*, i32, i64 } %10, 0 %12 = extractvalue { i32*, i32, i64 } %10, 2 %13 = ptrtoint i32* %11 to i64 %14 = shl i64 %13, 32 %15 = ashr exact i64 %14, 32 %16 = icmp eq i64 %14, 0 br i1 %16, label %17, label %65, !prof !5, !misexpect !6 %18 = extractvalue { i32*, i32, i64 } %10, 1 %19 = icmp ne i32 %18, 0 %20 = icmp eq i32 %7, 0 %21 = or i1 %20, %19 br i1 %21, label %65, label %22, !prof !7, !misexpect !6 %23 = tail call fastcc %struct.kioctx* @ioctx_alloc(i32 %7) #78 Function:ioctx_alloc %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = tail call fastcc i32 @cpumask_weight.17702() #78 ------------- Use: =BAD PATH= Call Stack: 0 ioctx_alloc 1 __se_sys_io_setup 2 __ia32_sys_io_setup ------------- Path:  Function:__ia32_sys_io_setup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_io_setup(i64 %4, i64 %7) #78 Function:__se_sys_io_setup %3 = trunc i64 %0 to i32 %4 = inttoptr i64 %1 to i64* %6 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 8, i64 %5) #6, !srcloc !4 %7 = extractvalue { i64*, i64, i64 } %6, 0 %8 = extractvalue { i64*, i64, i64 } %6, 2 %9 = ptrtoint i64* %7 to i64 %10 = shl i64 %9, 32 %11 = ashr exact i64 %10, 32 %12 = icmp eq i64 %10, 0 br i1 %12, label %13, label %60, !prof !5, !misexpect !6 %14 = extractvalue { i64*, i64, i64 } %6, 1 %15 = icmp ne i64 %14, 0 %16 = icmp eq i32 %3, 0 %17 = or i1 %16, %15 br i1 %17, label %60, label %18, !prof !7, !misexpect !6 %19 = tail call fastcc %struct.kioctx* @ioctx_alloc(i32 %3) #78 Function:ioctx_alloc %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = tail call fastcc i32 @cpumask_weight.17702() #78 ------------- Use: =BAD PATH= Call Stack: 0 ioctx_alloc 1 __se_sys_io_setup 2 __x64_sys_io_setup ------------- Path:  Function:__x64_sys_io_setup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_io_setup(i64 %3, i64 %5) #78 Function:__se_sys_io_setup %3 = trunc i64 %0 to i32 %4 = inttoptr i64 %1 to i64* %6 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 8, i64 %5) #6, !srcloc !4 %7 = extractvalue { i64*, i64, i64 } %6, 0 %8 = extractvalue { i64*, i64, i64 } %6, 2 %9 = ptrtoint i64* %7 to i64 %10 = shl i64 %9, 32 %11 = ashr exact i64 %10, 32 %12 = icmp eq i64 %10, 0 br i1 %12, label %13, label %60, !prof !5, !misexpect !6 %14 = extractvalue { i64*, i64, i64 } %6, 1 %15 = icmp ne i64 %14, 0 %16 = icmp eq i32 %3, 0 %17 = or i1 %16, %15 br i1 %17, label %60, label %18, !prof !7, !misexpect !6 %19 = tail call fastcc %struct.kioctx* @ioctx_alloc(i32 %3) #78 Function:ioctx_alloc %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = tail call fastcc i32 @cpumask_weight.17702() #78 ------------- Good: 1 Bad: 3 Ignored: 0 Check Use of Function:vm_munmap Use: =BAD PATH= Call Stack: 0 kill_ioctx 1 __se_sys_io_destroy 2 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #78 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #78 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !10, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17691, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !11 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #78 ------------- Use: =BAD PATH= Call Stack: 0 kill_ioctx 1 __se_sys_io_destroy 2 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #78 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #78 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !10, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17691, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !11 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #78 ------------- Good: 5 Bad: 2 Ignored: 1 Check Use of Function:truncate_setsize Check Use of Function:page_add_new_anon_rmap Check Use of Function:pagecache_get_page Use: =BAD PATH= Call Stack: 0 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 4 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %132, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %128, %121 ] %36 = phi i32 [ %19, %30 ], [ %123, %121 ] %37 = phi i64 [ 0, %30 ], [ %112, %121 ] %38 = phi i64 [ %26, %30 ], [ %130, %121 ] %39 = phi i64 [ %22, %30 ], [ %127, %121 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %132, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %39, %48 br i1 %49, label %132, label %50 %51 = icmp eq i64 %39, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %38 br i1 %56, label %132, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %38 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %39, i32 2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 shmem_getpage_gfp 1 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %40 = getelementptr inbounds %struct.address_space, %struct.address_space* %8, i64 0, i32 3 %41 = load i32, i32* %40, align 8 %42 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %1, i64 0, %struct.page** nonnull %4, i32 0, i32 %41, %struct.vm_area_struct* null, i32* null) #78 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* store %struct.page* null, %struct.page** %9, align 8 %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %467, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = bitcast %struct.list_head** %12 to i8* %43 = icmp eq i32 %3, 4 br label %44 %45 = phi i1 [ true, %15 ], [ false, %460 ] %46 = phi i32 [ 0, %15 ], [ %427, %460 ] br label %47 %48 = phi i32 [ %46, %44 ], [ %463, %461 ] br label %49 br i1 %16, label %50, label %53 %51 = load i64, i64* %18, align 8 %52 = icmp slt i64 %17, %51 br i1 %52, label %53, label %467 %54 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 shmem_getpage_gfp 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ 0, %23 ], [ %100, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ %16, %23 ], [ %103, %124 ] %32 = icmp ne i64 %31, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %31, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #78 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* store %struct.page* null, %struct.page** %9, align 8 %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %467, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = bitcast %struct.list_head** %12 to i8* %43 = icmp eq i32 %3, 4 br label %44 %45 = phi i1 [ true, %15 ], [ false, %460 ] %46 = phi i32 [ 0, %15 ], [ %427, %460 ] br label %47 %48 = phi i32 [ %46, %44 ], [ %463, %461 ] br label %49 br i1 %16, label %50, label %53 %51 = load i64, i64* %18, align 8 %52 = icmp slt i64 %17, %51 br i1 %52, label %53, label %467 %54 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #78 ------------- Good: 205 Bad: 4 Ignored: 348 Check Use of Function:page_vma_mapped_walk Check Use of Function:__lock_page Check Use of Function:refcount_dec_and_lock Use: =BAD PATH= Call Stack: 0 nfs_put_client 1 nfs4_init_client ------------- Path:  Function:nfs4_init_client %3 = alloca %struct.__kernel_sockaddr_storage, align 8 %4 = alloca %struct.__kernel_sockaddr_storage, align 8 %5 = alloca %struct.xprt_create, align 8 %6 = alloca %struct.nfs_client.247351*, align 8 %7 = bitcast %struct.nfs_client.247351** %6 to i8* store %struct.nfs_client.247351* null, %struct.nfs_client.247351** %6, align 8 %8 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 2 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %99, label %11 %12 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 31 %13 = load %struct.nfs4_minor_version_ops.247360*, %struct.nfs4_minor_version_ops.247360** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_minor_version_ops.247360, %struct.nfs4_minor_version_ops.247360* %13, i64 0, i32 2 %15 = load i32 (%struct.nfs_client.247351*)*, i32 (%struct.nfs_client.247351*)** %14, align 8 %16 = tail call i32 %15(%struct.nfs_client.247351* %0) #78 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %30 %19 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 11 %20 = load %struct.rpc_clnt*, %struct.rpc_clnt** %19, align 8 %21 = getelementptr inbounds %struct.rpc_clnt, %struct.rpc_clnt* %20, i64 0, i32 5 %22 = load volatile %struct.rpc_xprt*, %struct.rpc_xprt** %21, align 8 %23 = load %struct.nfs4_minor_version_ops.247360*, %struct.nfs4_minor_version_ops.247360** %12, align 8 %24 = getelementptr inbounds %struct.nfs4_minor_version_ops.247360, %struct.nfs4_minor_version_ops.247360* %23, i64 0, i32 0 %25 = load i32, i32* %24, align 8 %26 = tail call i32 @nfs_callback_up(i32 %25, %struct.rpc_xprt* %22) #78 %27 = icmp slt i32 %26, 0 br i1 %27, label %95, label %28 %96 = phi i32 [ %16, %30 ], [ %33, %32 ], [ %26, %18 ] call void bitcast (void (%struct.nfs_client*, i32)* @nfs_mark_client_ready to void (%struct.nfs_client.247351*, i32)*)(%struct.nfs_client.247351* %0, i32 %96) #78 call void bitcast (void (%struct.nfs_client*)* @nfs_put_client to void (%struct.nfs_client.247351*)*)(%struct.nfs_client.247351* %0) #78 Function:nfs_put_client %2 = icmp eq %struct.nfs_client* %0, null br i1 %2, label %51, label %3 %4 = getelementptr inbounds %struct.nfs_client, %struct.nfs_client* %0, i64 0, i32 43 %5 = load %struct.net*, %struct.net** %4, align 8 %6 = load i32, i32* @nfs_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.net, %struct.net* %5, i64 0, i32 38 %8 = load volatile %struct.net_generic*, %struct.net_generic** %7, align 64 %9 = bitcast %struct.net_generic* %8 to [0 x i8*]* %10 = zext i32 %6 to i64 %11 = getelementptr [0 x i8*], [0 x i8*]* %9, i64 0, i64 %10 %12 = load i8*, i8** %11, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %13 = getelementptr inbounds %struct.nfs_client, %struct.nfs_client* %0, i64 0, i32 0 %14 = getelementptr inbounds i8, i8* %12, i64 160 %15 = bitcast i8* %14 to %struct.spinlock* %16 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %13, %struct.spinlock* %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_open_state 1 __nfs4_close 2 nfs4_close_sync 3 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %3, align 8 %5 = icmp eq %struct.nfs4_state.236428* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238111*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236428*, i32)*)(%struct.nfs4_state.236428* nonnull %4, i32 %13) #78 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238111* %0, i32 %1, i32 1) #78 Function:__nfs4_close %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 6 %7 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %6, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32* %7) #6, !srcloc !4 %8 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %9 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %8, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %10 = and i32 %1, 3 switch i32 %10, label %23 [ i32 1, label %11 i32 2, label %15 i32 3, label %19 ] %20 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, -1 store i32 %22, i32* %20, align 4 br label %23 %24 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %62 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 10 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %40 %32 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = load volatile i64, i64* %32, align 8 %36 = and i64 %35, 32 %37 = or i64 %36, %34 %38 = icmp ne i64 %37, 0 %39 = zext i1 %38 to i32 br label %40 %41 = phi i32 [ %39, %31 ], [ 0, %27 ] %42 = phi i32 [ 2, %31 ], [ 3, %27 ] %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 11 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %62 %63 = phi i32 [ %58, %60 ], [ %58, %46 ], [ 0, %23 ], [ %41, %40 ] %64 = phi i32 [ 0, %60 ], [ 1, %46 ], [ 3, %23 ], [ %42, %40 ] %65 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 13 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %64 br i1 %67, label %94, label %68 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %95 = bitcast %struct.spinlock* %8 to i8* store volatile i8 0, i8* %95, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %96 = icmp eq i32 %63, 0 br i1 %96, label %97, label %116 tail call void @nfs4_put_open_state(%struct.nfs4_state.238111* %0) #79 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238113* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238112*, %struct.nfs_open_context.238112** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238112, %struct.nfs_open_context.238112* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #78 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238142** %30 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238142* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238142* %77) #78 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238142* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238113* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238112*, %struct.nfs_open_context.238112** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238112, %struct.nfs_open_context.238112* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #78 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238142** %30 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238142* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238142* %77) #78 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238142* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_put ------------- Path:  Function:ipcns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -34, i32 2 %3 = getelementptr inbounds i32, i32* %2, i64 205 %4 = bitcast i32* %3 to %struct.seqcount_spinlock* %5 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %4, %struct.spinlock* nonnull @mq_lock) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_ipc_ns 1 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #78 Function:put_ipc_ns %2 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 24, i32 3 %3 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %2, %struct.spinlock* nonnull @mq_lock) #78 ------------- Good: 196 Bad: 6 Ignored: 228 Check Use of Function:lru_cache_add_inactive_or_unevictable Check Use of Function:copy_page Check Use of Function:__anon_vma_prepare Use: =BAD PATH= Call Stack: 0 expand_downwards 1 find_extend_vma 2 __get_user_pages 3 faultin_vma_page_range 4 madvise_populate 5 do_madvise 6 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86, i32 %3) #78 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #78 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #78 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #78 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %223, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #78 Function:find_extend_vma %3 = and i64 %1, -4096 %4 = tail call %struct.vm_area_struct* bitcast (%struct.vm_area_struct.126915* (%struct.mm_struct.126930*, i64)* @vmacache_find to %struct.vm_area_struct* (%struct.mm_struct*, i64)*)(%struct.mm_struct* %0, i64 %3) #78 %5 = icmp eq %struct.vm_area_struct* %4, null br i1 %5, label %6, label %38, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 1, i32 0 %8 = load %struct.rb_node*, %struct.rb_node** %7, align 8 %9 = icmp eq %struct.rb_node* %8, null br i1 %9, label %57, label %10 %11 = phi %struct.rb_node* [ %30, %27 ], [ %8, %6 ] %12 = phi %struct.vm_area_struct* [ %28, %27 ], [ null, %6 ] %13 = getelementptr %struct.rb_node, %struct.rb_node* %11, i64 -2, i32 2 %14 = bitcast %struct.rb_node** %13 to %struct.vm_area_struct* %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %13, i64 1 %16 = bitcast %struct.rb_node** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %3 br i1 %18, label %19, label %25 %26 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %11, i64 0, i32 1 br label %27 %28 = phi %struct.vm_area_struct* [ %14, %23 ], [ %12, %25 ] %29 = phi %struct.rb_node** [ %24, %23 ], [ %26, %25 ] %30 = load %struct.rb_node*, %struct.rb_node** %29, align 8 %31 = icmp eq %struct.rb_node* %30, null br i1 %31, label %34, label %10 %35 = phi %struct.vm_area_struct* [ %33, %32 ], [ %28, %27 ] %36 = icmp eq %struct.vm_area_struct* %35, null br i1 %36, label %57, label %37 tail call void bitcast (void (i64, %struct.vm_area_struct.126915*)* @vmacache_update to void (i64, %struct.vm_area_struct*)*)(i64 %3, %struct.vm_area_struct* nonnull %35) #78 br label %38 %39 = phi %struct.vm_area_struct* [ %4, %2 ], [ %35, %37 ] %40 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp ugt i64 %41, %3 br i1 %42, label %43, label %57 %44 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 256 %47 = icmp eq i64 %46, 0 br i1 %47, label %57, label %48 %49 = tail call i32 @expand_downwards(%struct.vm_area_struct* nonnull %39, i64 %3) #78 Function:expand_downwards %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %4 = load %struct.mm_struct*, %struct.mm_struct** %3, align 8 %5 = and i64 %1, -4096 %6 = load i64, i64* @mmap_min_addr, align 8 %7 = icmp ult i64 %5, %6 br i1 %7, label %266, label %8 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 3 %10 = load %struct.vm_area_struct*, %struct.vm_area_struct** %9, align 8 %11 = icmp eq %struct.vm_area_struct* %10, null br i1 %11, label %26, label %12 %13 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %10, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 256 %16 = icmp eq i64 %15, 0 %17 = and i64 %14, 7 %18 = icmp ne i64 %17, 0 %19 = and i1 %16, %18 br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 11 %28 = load %struct.anon_vma*, %struct.anon_vma** %27, align 8 %29 = icmp eq %struct.anon_vma* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %31 = tail call i32 bitcast (i32 (%struct.vm_area_struct.135007*)* @__anon_vma_prepare to i32 (%struct.vm_area_struct*)*)(%struct.vm_area_struct* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 expand_downwards 1 find_extend_vma 2 __get_user_pages 3 faultin_vma_page_range 4 madvise_populate 5 do_madvise 6 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86, i32 %3) #78 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #78 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #78 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #78 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %223, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #78 Function:find_extend_vma %3 = and i64 %1, -4096 %4 = tail call %struct.vm_area_struct* bitcast (%struct.vm_area_struct.126915* (%struct.mm_struct.126930*, i64)* @vmacache_find to %struct.vm_area_struct* (%struct.mm_struct*, i64)*)(%struct.mm_struct* %0, i64 %3) #78 %5 = icmp eq %struct.vm_area_struct* %4, null br i1 %5, label %6, label %38, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 1, i32 0 %8 = load %struct.rb_node*, %struct.rb_node** %7, align 8 %9 = icmp eq %struct.rb_node* %8, null br i1 %9, label %57, label %10 %11 = phi %struct.rb_node* [ %30, %27 ], [ %8, %6 ] %12 = phi %struct.vm_area_struct* [ %28, %27 ], [ null, %6 ] %13 = getelementptr %struct.rb_node, %struct.rb_node* %11, i64 -2, i32 2 %14 = bitcast %struct.rb_node** %13 to %struct.vm_area_struct* %15 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %13, i64 1 %16 = bitcast %struct.rb_node** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %3 br i1 %18, label %19, label %25 %26 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %11, i64 0, i32 1 br label %27 %28 = phi %struct.vm_area_struct* [ %14, %23 ], [ %12, %25 ] %29 = phi %struct.rb_node** [ %24, %23 ], [ %26, %25 ] %30 = load %struct.rb_node*, %struct.rb_node** %29, align 8 %31 = icmp eq %struct.rb_node* %30, null br i1 %31, label %34, label %10 %35 = phi %struct.vm_area_struct* [ %33, %32 ], [ %28, %27 ] %36 = icmp eq %struct.vm_area_struct* %35, null br i1 %36, label %57, label %37 tail call void bitcast (void (i64, %struct.vm_area_struct.126915*)* @vmacache_update to void (i64, %struct.vm_area_struct*)*)(i64 %3, %struct.vm_area_struct* nonnull %35) #78 br label %38 %39 = phi %struct.vm_area_struct* [ %4, %2 ], [ %35, %37 ] %40 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 0 %41 = load i64, i64* %40, align 8 %42 = icmp ugt i64 %41, %3 br i1 %42, label %43, label %57 %44 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %39, i64 0, i32 8 %45 = load i64, i64* %44, align 8 %46 = and i64 %45, 256 %47 = icmp eq i64 %46, 0 br i1 %47, label %57, label %48 %49 = tail call i32 @expand_downwards(%struct.vm_area_struct* nonnull %39, i64 %3) #78 Function:expand_downwards %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %4 = load %struct.mm_struct*, %struct.mm_struct** %3, align 8 %5 = and i64 %1, -4096 %6 = load i64, i64* @mmap_min_addr, align 8 %7 = icmp ult i64 %5, %6 br i1 %7, label %266, label %8 %9 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 3 %10 = load %struct.vm_area_struct*, %struct.vm_area_struct** %9, align 8 %11 = icmp eq %struct.vm_area_struct* %10, null br i1 %11, label %26, label %12 %13 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %10, i64 0, i32 8 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 256 %16 = icmp eq i64 %15, 0 %17 = and i64 %14, 7 %18 = icmp ne i64 %17, 0 %19 = and i1 %16, %18 br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 11 %28 = load %struct.anon_vma*, %struct.anon_vma** %27, align 8 %29 = icmp eq %struct.anon_vma* %28, null br i1 %29, label %30, label %35, !prof !4, !misexpect !5 %31 = tail call i32 bitcast (i32 (%struct.vm_area_struct.135007*)* @__anon_vma_prepare to i32 (%struct.vm_area_struct*)*)(%struct.vm_area_struct* %0) #78 ------------- Good: 46 Bad: 2 Ignored: 95 Check Use of Function:__mmu_notifier_invalidate_range_start Check Use of Function:security_context_to_sid Check Use of Function:page_remove_rmap Check Use of Function:kstrdup_quotable Check Use of Function:access_process_vm Check Use of Function:do_trace_read_msr Use: =BAD PATH= Call Stack: 0 show_energy_efficiency ------------- Path:  Function:show_energy_efficiency %4 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 9 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 508) #6, !srcloc !4 %5 = extractvalue { i64, i64 } %4, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@show_energy_efficiency, %6)) #6 to label %10 [label %6], !srcloc !5 %7 = extractvalue { i64, i64 } %4, 1 %8 = shl i64 %7, 32 %9 = or i64 %8, %5 tail call void @do_trace_read_msr(i32 508, i64 %9, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 low_power_idle_cpu_residency_us_show ------------- Path:  Function:low_power_idle_cpu_residency_us_show %4 = load i64, i64* getelementptr inbounds (%struct.lpit_residency_info, %struct.lpit_residency_info* @residency_info_ffh, i64 0, i32 0, i32 4), align 4 %5 = trunc i64 %4 to i32 %6 = tail call { i32, i64, i64 } asm sideeffect "1: rdmsr ; xor $0,$0\0A2:\0A\09 .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A.macro extable_type_reg type:req reg:req\0A.set .Lfound, 0\0A.set .Lregnr, 0\0A.irp rs,rax,rcx,rdx,rbx,rsp,rbp,rsi,rdi,r8,r9,r10,r11,r12,r13,r14,r15\0A.ifc \\reg, %\\rs\0A.set .Lfound, .Lfound+1\0A.long \\type + (.Lregnr << 8)\0A.endif\0A.set .Lregnr, .Lregnr+1\0A.endr\0A.set .Lregnr, 0\0A.irp rs,eax,ecx,edx,ebx,esp,ebp,esi,edi,r8d,r9d,r10d,r11d,r12d,r13d,r14d,r15d\0A.ifc \\reg, %\\rs\0A.set .Lfound, .Lfound+1\0A.long \\type + (.Lregnr << 8)\0A.endif\0A.set .Lregnr, .Lregnr+1\0A.endr\0A.if (.Lfound != 1)\0A.error \22extable_type_reg: bad register argument\22\0A.endif\0A.endm\0Aextable_type_reg reg=$0, type=11 \0A.purgem extable_type_reg\0A .popsection\0A", "=r,={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 %5) #6, !srcloc !4 %7 = extractvalue { i32, i64, i64 } %6, 0 %8 = extractvalue { i32, i64, i64 } %6, 1 %9 = extractvalue { i32, i64, i64 } %6, 2 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@low_power_idle_cpu_residency_us_show, %10)) #6 to label %13 [label %10], !srcloc !5 %11 = shl i64 %9, 32 %12 = or i64 %11, %8 tail call void @do_trace_read_msr(i32 %5, i64 %12, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __rdgsbase_inactive 1 x86_gsbase_read_task 2 do_arch_prctl_64 3 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12423* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %9, i32 %7, i64 %6) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %70 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12423* %0) #79 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12423* %5 = icmp eq %struct.task_struct.12423* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %11 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !5 %12 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = call fastcc i64 @__rdgsbase_inactive() #78 Function:__rdgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__rdgsbase_inactive, %4), i8* blockaddress(@__rdgsbase_inactive, %2)) #6 to label %1 [label %4, label %2], !srcloc !4 %5 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 9 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !7 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = shl i64 %7, 32 %9 = or i64 %8, %6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__rdgsbase_inactive, %10)) #6 to label %11 [label %10], !srcloc !8 tail call void @do_trace_read_msr(i32 -1073741566, i64 %9, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __rdgsbase_inactive 1 x86_gsbase_read_task 2 do_arch_prctl_64 3 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12423* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %8, i32 %6, i64 %5) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %70 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12423* %0) #79 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12423* %5 = icmp eq %struct.task_struct.12423* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %11 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !5 %12 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = call fastcc i64 @__rdgsbase_inactive() #78 Function:__rdgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__rdgsbase_inactive, %4), i8* blockaddress(@__rdgsbase_inactive, %2)) #6 to label %1 [label %4, label %2], !srcloc !4 %5 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 9 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !7 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = shl i64 %7, 32 %9 = or i64 %8, %6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__rdgsbase_inactive, %10)) #6 to label %11 [label %10], !srcloc !8 tail call void @do_trace_read_msr(i32 -1073741566, i64 %9, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 x86_fsbase_read_task 1 do_arch_prctl_64 2 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12423* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %9, i32 %7, i64 %6) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %60 = tail call i64 @x86_fsbase_read_task(%struct.task_struct.12423* %0) #79 Function:x86_fsbase_read_task %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.12423* %4 = icmp eq %struct.task_struct.12423* %3, %0 %5 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %6 = and i64 %5, 4294967296 %7 = icmp eq i64 %6, 0 br i1 %4, label %8, label %18 br i1 %7, label %11, label %9 %12 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 9 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568) #6, !srcloc !6 %13 = extractvalue { i64, i64 } %12, 0 %14 = extractvalue { i64, i64 } %12, 1 %15 = shl i64 %14, 32 %16 = or i64 %15, %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_fsbase_read_task, %17)) #6 to label %80 [label %17], !srcloc !7 tail call void @do_trace_read_msr(i32 -1073741568, i64 %16, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 x86_fsbase_read_task 1 do_arch_prctl_64 2 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12423* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %8, i32 %6, i64 %5) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %60 = tail call i64 @x86_fsbase_read_task(%struct.task_struct.12423* %0) #79 Function:x86_fsbase_read_task %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.12423* %4 = icmp eq %struct.task_struct.12423* %3, %0 %5 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %6 = and i64 %5, 4294967296 %7 = icmp eq i64 %6, 0 br i1 %4, label %8, label %18 br i1 %7, label %11, label %9 %12 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 9 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568) #6, !srcloc !6 %13 = extractvalue { i64, i64 } %12, 0 %14 = extractvalue { i64, i64 } %12, 1 %15 = shl i64 %14, 32 %16 = or i64 %15, %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_fsbase_read_task, %17)) #6 to label %80 [label %17], !srcloc !7 tail call void @do_trace_read_msr(i32 -1073741568, i64 %16, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 x86_gsbase_read_task 1 do_arch_prctl_64 2 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12423* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %9, i32 %7, i64 %6) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %70 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12423* %0) #79 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12423* %5 = icmp eq %struct.task_struct.12423* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %18 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 9 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !8 %19 = extractvalue { i64, i64 } %18, 0 %20 = extractvalue { i64, i64 } %18, 1 %21 = shl i64 %20, 32 %22 = or i64 %21, %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_gsbase_read_task, %23)) #6 to label %86 [label %23], !srcloc !9 tail call void @do_trace_read_msr(i32 -1073741566, i64 %22, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 x86_gsbase_read_task 1 do_arch_prctl_64 2 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12423* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %8, i32 %6, i64 %5) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %70 = tail call i64 @x86_gsbase_read_task(%struct.task_struct.12423* %0) #79 Function:x86_gsbase_read_task %2 = alloca i64, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.12423* %5 = icmp eq %struct.task_struct.12423* %4, %0 %6 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %7 = and i64 %6, 4294967296 %8 = icmp eq i64 %7, 0 br i1 %5, label %9, label %24 br i1 %8, label %17, label %10 %18 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 9 \0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566) #6, !srcloc !8 %19 = extractvalue { i64, i64 } %18, 0 %20 = extractvalue { i64, i64 } %18, 1 %21 = shl i64 %20, 32 %22 = or i64 %21, %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@x86_gsbase_read_task, %23)) #6 to label %86 [label %23], !srcloc !9 tail call void @do_trace_read_msr(i32 -1073741566, i64 %22, i32 0) #78 ------------- Good: 342 Bad: 8 Ignored: 2044 Check Use of Function:do_trace_write_msr Use: =BAD PATH= Call Stack: 0 __wrgsbase_inactive 1 do_arch_prctl_64 2 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12423* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %9, i32 %7, i64 %6) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = icmp ugt i64 %7, %2 br i1 %8, label %9, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !8 %11 = inttoptr i64 %10 to %struct.task_struct.12423* %12 = icmp eq %struct.task_struct.12423* %11, %0 br i1 %12, label %13, label %34 %14 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !9 %15 = load i64, i64* %5, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @asm_load_gs_index(i32 0) #78 %16 = and i64 %15, 512 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %21 = and i64 %20, 4294967296 %22 = icmp eq i64 %21, 0 br i1 %22, label %29, label %23 %24 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !9 %25 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call fastcc void @__wrgsbase_inactive(i64 %2) #78 Function:__wrgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__wrgsbase_inactive, %4), i8* blockaddress(@__wrgsbase_inactive, %3)) #6 to label %2 [label %4, label %3], !srcloc !4 %5 = trunc i64 %0 to i32 %6 = lshr i64 %0, 32 %7 = trunc i64 %6 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566, i32 %5, i32 %7) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__wrgsbase_inactive, %8)) #6 to label %9 [label %8], !srcloc !8 tail call void @do_trace_write_msr(i32 -1073741566, i64 %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __wrgsbase_inactive 1 do_arch_prctl_64 2 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12423* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %8, i32 %6, i64 %5) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = icmp ugt i64 %7, %2 br i1 %8, label %9, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !8 %11 = inttoptr i64 %10 to %struct.task_struct.12423* %12 = icmp eq %struct.task_struct.12423* %11, %0 br i1 %12, label %13, label %34 %14 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !9 %15 = load i64, i64* %5, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @asm_load_gs_index(i32 0) #78 %16 = and i64 %15, 512 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %21 = and i64 %20, 4294967296 %22 = icmp eq i64 %21, 0 br i1 %22, label %29, label %23 %24 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4) #6, !srcloc !9 %25 = load i64, i64* %4, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call fastcc void @__wrgsbase_inactive(i64 %2) #78 Function:__wrgsbase_inactive callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 272, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 26), i8* blockaddress(@__wrgsbase_inactive, %4), i8* blockaddress(@__wrgsbase_inactive, %3)) #6 to label %2 [label %4, label %3], !srcloc !4 %5 = trunc i64 %0 to i32 %6 = lshr i64 %0, 32 %7 = trunc i64 %6 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566, i32 %5, i32 %7) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__wrgsbase_inactive, %8)) #6 to label %9 [label %8], !srcloc !8 tail call void @do_trace_write_msr(i32 -1073741566, i64 %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_arch_prctl_64 1 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12423* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %9, i32 %7, i64 %6) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = icmp ugt i64 %7, %2 br i1 %8, label %9, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !8 %11 = inttoptr i64 %10 to %struct.task_struct.12423* %12 = icmp eq %struct.task_struct.12423* %11, %0 br i1 %12, label %13, label %34 %14 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !9 %15 = load i64, i64* %5, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @asm_load_gs_index(i32 0) #78 %16 = and i64 %15, 512 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %21 = and i64 %20, 4294967296 %22 = icmp eq i64 %21, 0 br i1 %22, label %29, label %23 %30 = trunc i64 %2 to i32 %31 = lshr i64 %2, 32 %32 = trunc i64 %31 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566, i32 %30, i32 %32) #6, !srcloc !12 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_arch_prctl_64, %33)) #6 to label %36 [label %33], !srcloc !13 call void @do_trace_write_msr(i32 -1073741566, i64 %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_arch_prctl_64 1 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12423* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %8, i32 %6, i64 %5) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %7 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %8 = icmp ugt i64 %7, %2 br i1 %8, label %9, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !8 %11 = inttoptr i64 %10 to %struct.task_struct.12423* %12 = icmp eq %struct.task_struct.12423* %11, %0 br i1 %12, label %13, label %34 %14 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !9 %15 = load i64, i64* %5, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @asm_load_gs_index(i32 0) #78 %16 = and i64 %15, 512 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 %20 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %21 = and i64 %20, 4294967296 %22 = icmp eq i64 %21, 0 br i1 %22, label %29, label %23 %30 = trunc i64 %2 to i32 %31 = lshr i64 %2, 32 %32 = trunc i64 %31 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741566, i32 %30, i32 %32) #6, !srcloc !12 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_arch_prctl_64, %33)) #6 to label %36 [label %33], !srcloc !13 call void @do_trace_write_msr(i32 -1073741566, i64 %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_arch_prctl_64 1 __ia32_sys_arch_prctl ------------- Path:  Function:__ia32_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12423* %10 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %9, i32 %7, i64 %6) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %39 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %40 = icmp ugt i64 %39, %2 br i1 %40, label %41, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %42 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !8 %43 = inttoptr i64 %42 to %struct.task_struct.12423* %44 = icmp eq %struct.task_struct.12423* %43, %0 br i1 %44, label %45, label %55 tail call void asm sideeffect "\09\09\09\09\09\09\0A1:\09movw $0, %fs\09\09\09\0A2:\09\09\09\09\09\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 5 \0A .popsection\0A", "rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i16 0) #6, !srcloc !16 %46 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %47 = and i64 %46, 4294967296 %48 = icmp eq i64 %47, 0 br i1 %48, label %50, label %49 %51 = trunc i64 %2 to i32 %52 = lshr i64 %2, 32 %53 = trunc i64 %52 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568, i32 %51, i32 %53) #6, !srcloc !12 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_arch_prctl_64, %54)) #6 to label %57 [label %54], !srcloc !13 tail call void @do_trace_write_msr(i32 -1073741568, i64 %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_arch_prctl_64 1 __x64_sys_arch_prctl ------------- Path:  Function:__x64_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.12423* %9 = tail call i64 @do_arch_prctl_64(%struct.task_struct.12423* %8, i32 %6, i64 %5) #78 Function:do_arch_prctl_64 %4 = alloca i64, align 8 %5 = alloca i64, align 8 switch i32 %1, label %77 [ i32 4097, label %6 i32 4098, label %38 i32 4099, label %59 i32 4100, label %69 ] %39 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %40 = icmp ugt i64 %39, %2 br i1 %40, label %41, label %81, !prof !5, !misexpect !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %42 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !8 %43 = inttoptr i64 %42 to %struct.task_struct.12423* %44 = icmp eq %struct.task_struct.12423* %43, %0 br i1 %44, label %45, label %55 tail call void asm sideeffect "\09\09\09\09\09\09\0A1:\09movw $0, %fs\09\09\09\0A2:\09\09\09\09\09\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 5 \0A .popsection\0A", "rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i16 0) #6, !srcloc !16 %46 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 24) to i64*), align 8 %47 = and i64 %46, 4294967296 %48 = icmp eq i64 %47, 0 br i1 %48, label %50, label %49 %51 = trunc i64 %2 to i32 %52 = lshr i64 %2, 32 %53 = trunc i64 %52 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073741568, i32 %51, i32 %53) #6, !srcloc !12 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_arch_prctl_64, %54)) #6 to label %57 [label %54], !srcloc !13 tail call void @do_trace_write_msr(i32 -1073741568, i64 %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 br label %7 %8 = lshr i64 %0, 3 %9 = and i64 %8, 4 %10 = trunc i64 %9 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073676001, i32 %10, i32 0) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %11)) #6 to label %93 [label %11], !srcloc !8 call void @do_trace_write_msr(i32 -1073676001, i64 %9, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 br label %7 %8 = lshr i64 %0, 3 %9 = and i64 %8, 4 %10 = trunc i64 %9 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073676001, i32 %10, i32 0) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %11)) #6 to label %93 [label %11], !srcloc !8 call void @do_trace_write_msr(i32 -1073676001, i64 %9, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 %20 = and i64 %0, 32 %21 = icmp eq i64 %20, 0 %22 = load i64, i64* @x86_amd_ls_cfg_ssbd_mask, align 8 %23 = select i1 %21, i64 0, i64 %22 %24 = or i64 %23, %17 %25 = trunc i64 %24 to i32 %26 = lshr i64 %24, 32 %27 = trunc i64 %26 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %25, i32 %27) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %28)) #6 to label %93 [label %28], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %24, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 %20 = and i64 %0, 32 %21 = icmp eq i64 %20, 0 %22 = load i64, i64* @x86_amd_ls_cfg_ssbd_mask, align 8 %23 = select i1 %21, i64 0, i64 %22 %24 = or i64 %23, %17 %25 = trunc i64 %24 to i32 %26 = lshr i64 %24, 32 %27 = trunc i64 %26 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %25, i32 %27) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %28)) #6 to label %93 [label %28], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %24, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 br label %29 %30 = and i64 %0, 32 %31 = icmp eq i64 %30, 0 %32 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 3 br i1 %31, label %60, label %33 %34 = call i8 asm " btsq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 0) #6, !srcloc !10 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %93 %38 = load i64, i64* @x86_amd_ls_cfg_ssbd_mask, align 8 %39 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 0 %40 = load %struct.ssb_state*, %struct.ssb_state** %39, align 8 %41 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %40, i64 0, i32 1 call void @_raw_spin_lock(%struct.raw_spinlock* %41) #78 %42 = load %struct.ssb_state*, %struct.ssb_state** %39, align 8 %43 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %42, i64 0, i32 2 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %52 %47 = or i64 %38, %17 %48 = trunc i64 %47 to i32 %49 = lshr i64 %47, 32 %50 = trunc i64 %49 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %48, i32 %50) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %51)) #6 to label %52 [label %51], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %47, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 br label %29 %30 = and i64 %0, 32 %31 = icmp eq i64 %30, 0 %32 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 3 br i1 %31, label %60, label %33 %34 = call i8 asm " btsq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 0) #6, !srcloc !10 %35 = and i8 %34, 1 %36 = icmp eq i8 %35, 0 br i1 %36, label %37, label %93 %38 = load i64, i64* @x86_amd_ls_cfg_ssbd_mask, align 8 %39 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 0 %40 = load %struct.ssb_state*, %struct.ssb_state** %39, align 8 %41 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %40, i64 0, i32 1 call void @_raw_spin_lock(%struct.raw_spinlock* %41) #78 %42 = load %struct.ssb_state*, %struct.ssb_state** %39, align 8 %43 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %42, i64 0, i32 2 %44 = load i32, i32* %43, align 4 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %52 %47 = or i64 %38, %17 %48 = trunc i64 %47 to i32 %49 = lshr i64 %47, 32 %50 = trunc i64 %49 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %48, i32 %50) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %51)) #6 to label %52 [label %51], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %47, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 br label %29 %30 = and i64 %0, 32 %31 = icmp eq i64 %30, 0 %32 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 3 br i1 %31, label %60, label %33 %61 = call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 0) #6, !srcloc !13 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 0 %66 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %67 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %66, i64 0, i32 1 call void @_raw_spin_lock(%struct.raw_spinlock* %67) #78 %68 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %69 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %68, i64 0, i32 2 %70 = load i32, i32* %69, align 4 %71 = add i32 %70, -1 store i32 %71, i32* %69, align 4 %72 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %73 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %72, i64 0, i32 2 %74 = load i32, i32* %73, align 4 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %81 %77 = trunc i64 %17 to i32 %78 = lshr i64 %17, 32 %79 = trunc i64 %78 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %77, i32 %79) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %80)) #6 to label %81 [label %80], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %17, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 speculation_ctrl_update 1 speculation_ctrl_update_current 2 ssb_prctl_set 3 arch_prctl_spec_ctrl_set 4 __do_sys_prctl 5 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 br label %14 %15 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.ssb_state* nonnull @ssb_state) #6, !srcloc !9 %16 = inttoptr i64 %15 to %struct.ssb_state* %17 = load i64, i64* @x86_amd_ls_cfg_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 252, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %29), i8* blockaddress(@speculation_ctrl_update, %19)) #6 to label %18 [label %29, label %19], !srcloc !6 br label %29 %30 = and i64 %0, 32 %31 = icmp eq i64 %30, 0 %32 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 3 br i1 %31, label %60, label %33 %61 = call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 0) #6, !srcloc !13 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %16, i64 0, i32 0 %66 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %67 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %66, i64 0, i32 1 call void @_raw_spin_lock(%struct.raw_spinlock* %67) #78 %68 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %69 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %68, i64 0, i32 2 %70 = load i32, i32* %69, align 4 %71 = add i32 %70, -1 store i32 %71, i32* %69, align 4 %72 = load %struct.ssb_state*, %struct.ssb_state** %65, align 8 %73 = getelementptr inbounds %struct.ssb_state, %struct.ssb_state* %72, i64 0, i32 2 %74 = load i32, i32* %73, align 4 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %81 %77 = trunc i64 %17 to i32 %78 = lshr i64 %17, 32 %79 = trunc i64 %78 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -1073672160, i32 %77, i32 %79) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@speculation_ctrl_update, %80)) #6 to label %81 [label %80], !srcloc !8 call void @do_trace_write_msr(i32 -1073672160, i64 %17, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpuid_mode 1 do_arch_prctl_common 2 __ia32_compat_sys_arch_prctl ------------- Path:  Function:__ia32_compat_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12423* %10 = tail call i64 bitcast (i64 (%struct.task_struct*, i32, i64)* @do_arch_prctl_common to i64 (%struct.task_struct.12423*, i32, i64)*)(%struct.task_struct.12423* %9, i32 %7, i64 %6) #78 Function:do_arch_prctl_common switch i32 %1, label %15 [ i32 4113, label %4 i32 4114, label %12 ] %13 = tail call fastcc i32 @set_cpuid_mode(i64 %2) #78 Function:set_cpuid_mode %2 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 16) to i64*), align 8 %3 = and i64 %2, 8589934592 %4 = icmp eq i64 %3, 0 br i1 %4, label %34, label %5 %6 = icmp eq i64 %0, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 0, i32 0 br i1 %6, label %22, label %10 %11 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 15, i64* %9) #6, !srcloc !4 %12 = and i8 %11, 1 %13 = icmp eq i8 %12, 0 br i1 %13, label %21, label %14 %15 = tail call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @msr_misc_features_shadow) #6, !srcloc !5 %16 = and i64 %15, -2 tail call void asm sideeffect "movq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @msr_misc_features_shadow, i64 %16, i64* nonnull @msr_misc_features_shadow) #6, !srcloc !6 %17 = trunc i64 %16 to i32 %18 = lshr i64 %15, 32 %19 = trunc i64 %18 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 320, i32 %17, i32 %19) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpuid_mode, %20)) #6 to label %21 [label %20], !srcloc !8 tail call void @do_trace_write_msr(i32 320, i64 %16, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpuid_mode 1 do_arch_prctl_common 2 __ia32_compat_sys_arch_prctl ------------- Path:  Function:__ia32_compat_sys_arch_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.12423** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.12423**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.12423* %10 = tail call i64 bitcast (i64 (%struct.task_struct*, i32, i64)* @do_arch_prctl_common to i64 (%struct.task_struct.12423*, i32, i64)*)(%struct.task_struct.12423* %9, i32 %7, i64 %6) #78 Function:do_arch_prctl_common switch i32 %1, label %15 [ i32 4113, label %4 i32 4114, label %12 ] %13 = tail call fastcc i32 @set_cpuid_mode(i64 %2) #78 Function:set_cpuid_mode %2 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 16) to i64*), align 8 %3 = and i64 %2, 8589934592 %4 = icmp eq i64 %3, 0 br i1 %4, label %34, label %5 %6 = icmp eq i64 %0, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 0, i32 0 br i1 %6, label %22, label %10 %23 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 15, i64* %9) #6, !srcloc !10 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %26, label %33 %27 = tail call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @msr_misc_features_shadow) #6, !srcloc !5 %28 = or i64 %27, 1 tail call void asm sideeffect "movq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @msr_misc_features_shadow, i64 %28, i64* nonnull @msr_misc_features_shadow) #6, !srcloc !6 %29 = trunc i64 %28 to i32 %30 = lshr i64 %27, 32 %31 = trunc i64 %30 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 320, i32 %29, i32 %31) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpuid_mode, %32)) #6 to label %33 [label %32], !srcloc !8 tail call void @do_trace_write_msr(i32 320, i64 %28, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 update_spec_ctrl_cond 1 speculation_ctrl_update 2 speculation_ctrl_update_current 3 ssb_prctl_set 4 arch_prctl_spec_ctrl_set 5 __do_sys_prctl 6 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 607, i32 128, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 67), i8* blockaddress(@speculation_ctrl_update, %89), i8* blockaddress(@speculation_ctrl_update, %87)) #6 to label %86 [label %89, label %87], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 440, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %89), i8* blockaddress(@speculation_ctrl_update, %93)) #6 to label %88 [label %89, label %93], !srcloc !6 br label %89 %90 = lshr i64 %0, 3 %91 = and i64 %90, 4 %92 = or i64 %5, %91 br label %93 %94 = phi i1 [ false, %89 ], [ true, %87 ], [ true, %81 ], [ true, %60 ], [ true, %52 ], [ true, %33 ], [ true, %28 ], [ true, %19 ], [ true, %11 ], [ true, %7 ] %95 = phi i64 [ %92, %89 ], [ %5, %87 ], [ %5, %81 ], [ %5, %60 ], [ %5, %52 ], [ %5, %33 ], [ %5, %28 ], [ %5, %19 ], [ %5, %11 ], [ %5, %7 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @switch_to_cond_stibp to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@speculation_ctrl_update, %96)) #6 to label %100 [label %96], !srcloc !8 %97 = lshr i64 %0, 8 %98 = and i64 %97, 2 %99 = or i64 %95, %98 br label %101 %102 = phi i64 [ %99, %96 ], [ %95, %100 ] call void @update_spec_ctrl_cond(i64 %102) #78 Function:update_spec_ctrl_cond %2 = tail call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @x86_spec_ctrl_current) #6, !srcloc !4 %3 = icmp eq i64 %2, %0 br i1 %3, label %11, label %4 tail call void asm sideeffect "movq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @x86_spec_ctrl_current, i64 %0, i64* nonnull @x86_spec_ctrl_current) #6, !srcloc !5 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 236, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 21), i8* blockaddress(@update_spec_ctrl_cond, %11), i8* blockaddress(@update_spec_ctrl_cond, %6)) #6 to label %5 [label %11, label %6], !srcloc !6 %7 = trunc i64 %0 to i32 %8 = lshr i64 %0, 32 %9 = trunc i64 %8 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 72, i32 %7, i32 %9) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@update_spec_ctrl_cond, %10)) #6 to label %11 [label %10], !srcloc !8 tail call void @do_trace_write_msr(i32 72, i64 %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 update_spec_ctrl_cond 1 speculation_ctrl_update 2 speculation_ctrl_update_current 3 ssb_prctl_set 4 arch_prctl_spec_ctrl_set 5 __do_sys_prctl 6 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %216 = or i64 %4, %3 %217 = icmp eq i64 %216, 0 br i1 %217, label %218, label %276 %219 = tail call i32 @arch_prctl_spec_ctrl_set(%struct.task_struct* %8, i64 %1, i64 %2) #79 Function:arch_prctl_spec_ctrl_set switch i64 %1, label %16 [ i64 0, label %4 i64 1, label %6 i64 2, label %8 ] %5 = tail call fastcc i32 @ssb_prctl_set(%struct.task_struct* %0, i64 %2) #78 Function:ssb_prctl_set %3 = load i32, i32* @ssb_mode, align 4 %4 = and i32 %3, -2 %5 = icmp eq i32 %4, 2 br i1 %5, label %6, label %55 %7 = add i64 %1, -2 %8 = lshr i64 %7, 1 %9 = shl i64 %7, 63 %10 = or i64 %8, %9 switch i64 %10, label %55 [ i64 0, label %11 i64 1, label %24 i64 3, label %33 i64 7, label %42 ] %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 51 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 16 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %55 %48 = bitcast i64* %43 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 8, i8* %48) #6, !srcloc !5 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %48, i32 128, i8* %48) #6, !srcloc !5 %49 = bitcast %struct.task_struct* %0 to i8* %50 = getelementptr i8, i8* %49, i64 2 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i32 128, i8* %50) #6, !srcloc !5 %51 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %52 = inttoptr i64 %51 to %struct.task_struct* %53 = icmp eq %struct.task_struct* %52, %0 br i1 %53, label %54, label %55 tail call void @speculation_ctrl_update_current() #78 Function:speculation_ctrl_update_current tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 0, i32 0 %4 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %3, i64 23, i64* %3) #6, !srcloc !6 %5 = and i8 %4, 1 %6 = icmp eq i8 %5, 0 br i1 %6, label %22, label %7 %23 = load i64, i64* %3, align 8 tail call void @speculation_ctrl_update(i64 %23) #78 Function:speculation_ctrl_update %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %2) #6, !srcloc !4 %4 = load i64, i64* %2, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = load i64, i64* @x86_spec_ctrl_base, align 8 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 441, i32 2, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %7), i8* blockaddress(@speculation_ctrl_update, %12)) #6 to label %6 [label %7, label %12], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 248, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 23), i8* blockaddress(@speculation_ctrl_update, %14), i8* blockaddress(@speculation_ctrl_update, %85)) #6 to label %13 [label %14, label %85], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 607, i32 128, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 67), i8* blockaddress(@speculation_ctrl_update, %89), i8* blockaddress(@speculation_ctrl_update, %87)) #6 to label %86 [label %89, label %87], !srcloc !6 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 440, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 47), i8* blockaddress(@speculation_ctrl_update, %89), i8* blockaddress(@speculation_ctrl_update, %93)) #6 to label %88 [label %89, label %93], !srcloc !6 br label %89 %90 = lshr i64 %0, 3 %91 = and i64 %90, 4 %92 = or i64 %5, %91 br label %93 %94 = phi i1 [ false, %89 ], [ true, %87 ], [ true, %81 ], [ true, %60 ], [ true, %52 ], [ true, %33 ], [ true, %28 ], [ true, %19 ], [ true, %11 ], [ true, %7 ] %95 = phi i64 [ %92, %89 ], [ %5, %87 ], [ %5, %81 ], [ %5, %60 ], [ %5, %52 ], [ %5, %33 ], [ %5, %28 ], [ %5, %19 ], [ %5, %11 ], [ %5, %7 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @switch_to_cond_stibp to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@speculation_ctrl_update, %96)) #6 to label %100 [label %96], !srcloc !8 %97 = lshr i64 %0, 8 %98 = and i64 %97, 2 %99 = or i64 %95, %98 br label %101 %102 = phi i64 [ %99, %96 ], [ %95, %100 ] call void @update_spec_ctrl_cond(i64 %102) #78 Function:update_spec_ctrl_cond %2 = tail call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @x86_spec_ctrl_current) #6, !srcloc !4 %3 = icmp eq i64 %2, %0 br i1 %3, label %11, label %4 tail call void asm sideeffect "movq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @x86_spec_ctrl_current, i64 %0, i64* nonnull @x86_spec_ctrl_current) #6, !srcloc !5 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 236, i32 16, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 21), i8* blockaddress(@update_spec_ctrl_cond, %11), i8* blockaddress(@update_spec_ctrl_cond, %6)) #6 to label %5 [label %11, label %6], !srcloc !6 %7 = trunc i64 %0 to i32 %8 = lshr i64 %0, 32 %9 = trunc i64 %8 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long 8 \0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 72, i32 %7, i32 %9) #6, !srcloc !7 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@update_spec_ctrl_cond, %10)) #6 to label %11 [label %10], !srcloc !8 tail call void @do_trace_write_msr(i32 72, i64 %0, i32 0) #78 ------------- Good: 611 Bad: 18 Ignored: 3314 Check Use of Function:kernfs_vma_access Check Use of Function:ttm_bo_vm_access Check Use of Function:get_ucounts Check Use of Function:vm_access_ttm Check Use of Function:vm_access Check Use of Function:bprm_change_interp Check Use of Function:open_exec Check Use of Function:mm_trace_rss_stat Check Use of Function:__i915_gem_object_get_pages Check Use of Function:ww_mutex_unlock Check Use of Function:unpin_user_page Check Use of Function:vma_is_shmem Check Use of Function:bprm_execve Check Use of Function:is_file_shm_hugepages Check Use of Function:PageHuge Use: =BAD PATH= Call Stack: 0 release_pages 1 __pagevec_lru_add 2 lru_add_drain_cpu 3 lru_add_drain 4 madvise_willneed 5 do_madvise 6 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86) #78 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %137 %22 = bitcast %struct.xa_state* %5 to i8* %23 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %26 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 1 store %struct.xarray* %26, %struct.xarray** %25, align 8 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 4194304 %30 = icmp eq i64 %29, 0 br i1 %30, label %34, label %31, !prof !4, !misexpect !5 %35 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %36 = load i64, i64* %35, align 8 %37 = sub i64 %2, %36 %38 = lshr i64 %37, 12 %39 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %40 = load i64, i64* %39, align 8 %41 = add i64 %38, %40 br label %42 %43 = phi i64 [ %33, %31 ], [ %28, %34 ] %44 = phi i64 [ %32, %31 ], [ %41, %34 ] store i64 %44, i64* %23, align 8 %45 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %47 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %48 = bitcast i8* %45 to i32* store i32 0, i32* %48, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %47, align 8 %49 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %50 = add i64 %3, 4095 %51 = and i64 %43, 4194304 %52 = icmp eq i64 %51, 0 %53 = bitcast %struct.xa_node** %49 to i8* br i1 %52, label %56, label %54, !prof !4, !misexpect !5 %57 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %58 = load i64, i64* %57, align 8 %59 = sub i64 %50, %58 %60 = lshr i64 %59, 12 %61 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %62 = load i64, i64* %61, align 8 %63 = add i64 %60, %62 br label %64 %65 = phi i64 [ %55, %54 ], [ %63, %56 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %66 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 %65) #78 %67 = icmp eq i8* %66, null br i1 %67, label %136, label %68 %69 = phi i8* [ %134, %133 ], [ %66, %64 ] %70 = ptrtoint i8* %69 to i64 %71 = and i64 %70, 1 %72 = icmp eq i64 %71, 0 br i1 %72, label %93, label %73 call void @xas_pause(%struct.xa_state* nonnull %5) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void @rcu_read_unlock_strict() #78 %74 = lshr i64 %70, 1 %75 = call %struct.page* @read_swap_cache_async(i64 %74, i32 17829066, %struct.vm_area_struct* null, i64 0, i1 zeroext false) #78 %76 = icmp eq %struct.page* %75, null br i1 %76, label %92, label %77 %78 = getelementptr inbounds %struct.page, %struct.page* %75, i64 0, i32 1 %79 = bitcast %union.anon.20* %78 to i64* %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 1 %82 = icmp eq i64 %81, 0 %83 = add i64 %80, -1 %84 = ptrtoint %struct.page* %75 to i64 %85 = select i1 %82, i64 %84, i64 %83, !prof !4 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 3, i32 0 %88 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %87, i32* %87) #6, !srcloc !8 %89 = and i8 %88, 1 %90 = icmp eq i8 %89, 0 br i1 %90, label %92, label %91 call void @__put_page(%struct.page* %86) #78 br label %92 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %93 %94 = load %struct.xa_node*, %struct.xa_node** %47, align 8 %95 = ptrtoint %struct.xa_node* %94 to i64 %96 = and i64 %95, 3 %97 = icmp ne i64 %96, 0 %98 = icmp eq %struct.xa_node* %94, null %99 = or i1 %98, %97 br i1 %99, label %131, label %100, !prof !9 %101 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %94, i64 0, i32 0 %102 = load i8, i8* %101, align 8 %103 = icmp eq i8 %102, 0 br i1 %103, label %104, label %131, !prof !4 %105 = load i8, i8* %46, align 2 %106 = zext i8 %105 to i64 %107 = load i64, i64* %23, align 8 %108 = and i64 %107, 63 %109 = icmp eq i64 %108, %106 br i1 %109, label %110, label %131, !prof !4, !misexpect !5 %111 = icmp ugt i64 %65, %107 %112 = select i1 %111, i64 %65, i64 %107 br label %113 %114 = phi i8 [ %128, %127 ], [ %105, %110 ] %115 = phi i64 [ %129, %127 ], [ %107, %110 ] %116 = icmp eq i64 %115, %112 %117 = icmp eq i8 %114, 63 %118 = or i1 %116, %117 br i1 %118, label %131, label %119, !prof !10, !misexpect !5 %120 = zext i8 %114 to i64 %121 = add nuw nsw i64 %120, 1 %122 = getelementptr %struct.xa_node, %struct.xa_node* %94, i64 0, i32 7, i64 %121 %123 = load volatile i8*, i8** %122, align 8 %124 = ptrtoint i8* %123 to i64 %125 = and i64 %124, 3 %126 = icmp eq i64 %125, 2 br i1 %126, label %131, label %127, !prof !9, !misexpect !5 %128 = add i8 %114, 1 store i8 %128, i8* %46, align 2 %129 = add i64 %115, 1 store i64 %129, i64* %23, align 8 %130 = icmp eq i8* %123, null br i1 %130, label %113, label %133 %134 = phi i8* [ %132, %131 ], [ %123, %127 ] %135 = icmp eq i8* %134, null br i1 %135, label %136, label %68 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void @rcu_read_unlock_strict() #78 call void @lru_add_drain() #78 Function:lru_add_drain tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i8* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1, i32 0) to %struct.lock_class_key*)) #6, !srcloc !5 %2 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 tail call void @lru_add_drain_cpu(i32 %2) #78 Function:lru_add_drain_cpu %2 = alloca i64, align 8 %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.pagevec* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1) to i64) %7 = inttoptr i64 %6 to %struct.pagevec* %8 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %7, i64 0, i32 0 %9 = load i8, i8* %8, align 8 %10 = icmp eq i8 %9, 0 br i1 %10, label %13, label %11 tail call void @__pagevec_lru_add(%struct.pagevec* %7) #78 Function:__pagevec_lru_add %2 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 0 %3 = load i8, i8* %2, align 8 %4 = icmp eq i8 %3, 0 br i1 %4, label %44, label %5 %45 = phi i8 [ %36, %39 ], [ %43, %41 ], [ 0, %1 ] %46 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 2, i64 0 %47 = zext i8 %45 to i32 tail call void @release_pages(%struct.page** %46, i32 %47) #79 Function:release_pages %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = icmp sgt i32 %1, 0 br i1 %7, label %8, label %216 %9 = zext i32 %1 to i64 br label %10 %11 = phi i64 [ 0, %8 ], [ %210, %206 ] %12 = phi i32 [ 0, %8 ], [ %209, %206 ] %13 = phi %struct.lruvec* [ null, %8 ], [ %208, %206 ] %14 = phi i64 [ 0, %8 ], [ %207, %206 ] %15 = getelementptr %struct.page*, %struct.page** %0, i64 %11 %16 = load %struct.page*, %struct.page** %15, align 8 %17 = icmp eq %struct.lruvec* %13, null br i1 %17, label %23, label %18 %24 = phi %struct.lruvec* [ null, %21 ], [ %13, %18 ], [ null, %10 ] %25 = phi i32 [ 32, %21 ], [ %19, %18 ], [ %12, %10 ] %26 = getelementptr inbounds %struct.page, %struct.page* %16, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %16 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !4 %34 = inttoptr i64 %33 to %struct.page* %35 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 3, i32 0 %36 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !5 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %206, label %39 %40 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 65536 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50 %51 = icmp eq %struct.lruvec* %24, null br i1 %51, label %54, label %52 %55 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %34) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_pages 1 __pagevec_lru_add 2 lru_add_drain_cpu 3 lru_add_drain 4 madvise_willneed 5 do_madvise 6 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86) #78 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %137 %22 = bitcast %struct.xa_state* %5 to i8* %23 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %24 = bitcast i64* %23 to i8* %25 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %26 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 1 store %struct.xarray* %26, %struct.xarray** %25, align 8 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 4194304 %30 = icmp eq i64 %29, 0 br i1 %30, label %34, label %31, !prof !4, !misexpect !5 %35 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %36 = load i64, i64* %35, align 8 %37 = sub i64 %2, %36 %38 = lshr i64 %37, 12 %39 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %40 = load i64, i64* %39, align 8 %41 = add i64 %38, %40 br label %42 %43 = phi i64 [ %33, %31 ], [ %28, %34 ] %44 = phi i64 [ %32, %31 ], [ %41, %34 ] store i64 %44, i64* %23, align 8 %45 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %46 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %47 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %48 = bitcast i8* %45 to i32* store i32 0, i32* %48, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %47, align 8 %49 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %50 = add i64 %3, 4095 %51 = and i64 %43, 4194304 %52 = icmp eq i64 %51, 0 %53 = bitcast %struct.xa_node** %49 to i8* br i1 %52, label %56, label %54, !prof !4, !misexpect !5 %57 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %58 = load i64, i64* %57, align 8 %59 = sub i64 %50, %58 %60 = lshr i64 %59, 12 %61 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %62 = load i64, i64* %61, align 8 %63 = add i64 %60, %62 br label %64 %65 = phi i64 [ %55, %54 ], [ %63, %56 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %66 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 %65) #78 %67 = icmp eq i8* %66, null br i1 %67, label %136, label %68 %69 = phi i8* [ %134, %133 ], [ %66, %64 ] %70 = ptrtoint i8* %69 to i64 %71 = and i64 %70, 1 %72 = icmp eq i64 %71, 0 br i1 %72, label %93, label %73 call void @xas_pause(%struct.xa_state* nonnull %5) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void @rcu_read_unlock_strict() #78 %74 = lshr i64 %70, 1 %75 = call %struct.page* @read_swap_cache_async(i64 %74, i32 17829066, %struct.vm_area_struct* null, i64 0, i1 zeroext false) #78 %76 = icmp eq %struct.page* %75, null br i1 %76, label %92, label %77 %78 = getelementptr inbounds %struct.page, %struct.page* %75, i64 0, i32 1 %79 = bitcast %union.anon.20* %78 to i64* %80 = load volatile i64, i64* %79, align 8 %81 = and i64 %80, 1 %82 = icmp eq i64 %81, 0 %83 = add i64 %80, -1 %84 = ptrtoint %struct.page* %75 to i64 %85 = select i1 %82, i64 %84, i64 %83, !prof !4 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 3, i32 0 %88 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %87, i32* %87) #6, !srcloc !8 %89 = and i8 %88, 1 %90 = icmp eq i8 %89, 0 br i1 %90, label %92, label %91 call void @__put_page(%struct.page* %86) #78 br label %92 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %93 %94 = load %struct.xa_node*, %struct.xa_node** %47, align 8 %95 = ptrtoint %struct.xa_node* %94 to i64 %96 = and i64 %95, 3 %97 = icmp ne i64 %96, 0 %98 = icmp eq %struct.xa_node* %94, null %99 = or i1 %98, %97 br i1 %99, label %131, label %100, !prof !9 %101 = getelementptr inbounds %struct.xa_node, %struct.xa_node* %94, i64 0, i32 0 %102 = load i8, i8* %101, align 8 %103 = icmp eq i8 %102, 0 br i1 %103, label %104, label %131, !prof !4 %105 = load i8, i8* %46, align 2 %106 = zext i8 %105 to i64 %107 = load i64, i64* %23, align 8 %108 = and i64 %107, 63 %109 = icmp eq i64 %108, %106 br i1 %109, label %110, label %131, !prof !4, !misexpect !5 %111 = icmp ugt i64 %65, %107 %112 = select i1 %111, i64 %65, i64 %107 br label %113 %114 = phi i8 [ %128, %127 ], [ %105, %110 ] %115 = phi i64 [ %129, %127 ], [ %107, %110 ] %116 = icmp eq i64 %115, %112 %117 = icmp eq i8 %114, 63 %118 = or i1 %116, %117 br i1 %118, label %131, label %119, !prof !10, !misexpect !5 %120 = zext i8 %114 to i64 %121 = add nuw nsw i64 %120, 1 %122 = getelementptr %struct.xa_node, %struct.xa_node* %94, i64 0, i32 7, i64 %121 %123 = load volatile i8*, i8** %122, align 8 %124 = ptrtoint i8* %123 to i64 %125 = and i64 %124, 3 %126 = icmp eq i64 %125, 2 br i1 %126, label %131, label %127, !prof !9, !misexpect !5 %128 = add i8 %114, 1 store i8 %128, i8* %46, align 2 %129 = add i64 %115, 1 store i64 %129, i64* %23, align 8 %130 = icmp eq i8* %123, null br i1 %130, label %113, label %133 %134 = phi i8* [ %132, %131 ], [ %123, %127 ] %135 = icmp eq i8* %134, null br i1 %135, label %136, label %68 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 call void @rcu_read_unlock_strict() #78 call void @lru_add_drain() #78 Function:lru_add_drain tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %1 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i8* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1, i32 0) to %struct.lock_class_key*)) #6, !srcloc !5 %2 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 tail call void @lru_add_drain_cpu(i32 %2) #78 Function:lru_add_drain_cpu %2 = alloca i64, align 8 %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.pagevec* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1) to i64) %7 = inttoptr i64 %6 to %struct.pagevec* %8 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %7, i64 0, i32 0 %9 = load i8, i8* %8, align 8 %10 = icmp eq i8 %9, 0 br i1 %10, label %13, label %11 tail call void @__pagevec_lru_add(%struct.pagevec* %7) #78 Function:__pagevec_lru_add %2 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 0 %3 = load i8, i8* %2, align 8 %4 = icmp eq i8 %3, 0 br i1 %4, label %44, label %5 %45 = phi i8 [ %36, %39 ], [ %43, %41 ], [ 0, %1 ] %46 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 2, i64 0 %47 = zext i8 %45 to i32 tail call void @release_pages(%struct.page** %46, i32 %47) #79 Function:release_pages %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = icmp sgt i32 %1, 0 br i1 %7, label %8, label %216 %9 = zext i32 %1 to i64 br label %10 %11 = phi i64 [ 0, %8 ], [ %210, %206 ] %12 = phi i32 [ 0, %8 ], [ %209, %206 ] %13 = phi %struct.lruvec* [ null, %8 ], [ %208, %206 ] %14 = phi i64 [ 0, %8 ], [ %207, %206 ] %15 = getelementptr %struct.page*, %struct.page** %0, i64 %11 %16 = load %struct.page*, %struct.page** %15, align 8 %17 = icmp eq %struct.lruvec* %13, null br i1 %17, label %23, label %18 %24 = phi %struct.lruvec* [ null, %21 ], [ %13, %18 ], [ null, %10 ] %25 = phi i32 [ 32, %21 ], [ %19, %18 ], [ %12, %10 ] %26 = getelementptr inbounds %struct.page, %struct.page* %16, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %16 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !4 %34 = inttoptr i64 %33 to %struct.page* %35 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 3, i32 0 %36 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !5 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %206, label %39 %40 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 65536 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50 %51 = icmp eq %struct.lruvec* %24, null br i1 %51, label %54, label %52 %55 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %34) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_pages 1 pagevec_lru_move_fn 2 mark_page_accessed 3 pagecache_get_page 4 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 4 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %132, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %128, %121 ] %36 = phi i32 [ %19, %30 ], [ %123, %121 ] %37 = phi i64 [ 0, %30 ], [ %112, %121 ] %38 = phi i64 [ %26, %30 ], [ %130, %121 ] %39 = phi i64 [ %22, %30 ], [ %127, %121 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %132, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %39, %48 br i1 %49, label %132, label %50 %51 = icmp eq i64 %39, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %38 br i1 %56, label %132, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %38 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %39, i32 2, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 call void @mark_page_accessed(%struct.page* nonnull %172) #78 Function:mark_page_accessed %2 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %3 = bitcast %union.anon.20* %2 to i64* %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 %7 = add i64 %4, -1 %8 = ptrtoint %struct.page* %0 to i64 %9 = select i1 %6, i64 %8, i64 %7, !prof !4 %10 = inttoptr i64 %9 to %struct.page* %11 = getelementptr inbounds %struct.page, %struct.page* %10, i64 0, i32 1 %12 = bitcast %union.anon.20* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 1 %15 = icmp eq i64 %14, 0 %16 = add i64 %13, -1 %17 = select i1 %15, i64 %9, i64 %16, !prof !4 %18 = inttoptr i64 %17 to %struct.page* %19 = getelementptr inbounds %struct.page, %struct.page* %18, i64 0, i32 0 %20 = load volatile i64, i64* %19, align 8 %21 = and i64 %20, 2 %22 = icmp eq i64 %21, 0 %23 = load volatile i64, i64* %12, align 8 %24 = and i64 %23, 1 %25 = icmp eq i64 %24, 0 %26 = add i64 %23, -1 %27 = select i1 %25, i64 %9, i64 %26 br i1 %22, label %28, label %30 %31 = inttoptr i64 %27 to %struct.page* %32 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1048576 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %163 %37 = load volatile i64, i64* %12, align 8 %38 = and i64 %37, 1 %39 = icmp eq i64 %38, 0 %40 = add i64 %37, -1 %41 = select i1 %39, i64 %9, i64 %40, !prof !4 %42 = inttoptr i64 %41 to %struct.page* %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 0 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 32 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %163 %48 = load volatile i64, i64* %12, align 8 %49 = and i64 %48, 1 %50 = icmp eq i64 %49, 0 %51 = add i64 %48, -1 %52 = select i1 %50, i64 %9, i64 %51, !prof !4 %53 = inttoptr i64 %52 to %struct.page* %54 = getelementptr inbounds %struct.page, %struct.page* %53, i64 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 16 %57 = icmp eq i64 %56, 0 br i1 %57, label %131, label %58 %59 = load volatile i64, i64* %12, align 8 %60 = and i64 %59, 1 %61 = icmp eq i64 %60, 0 %62 = add i64 %59, -1 %63 = select i1 %61, i64 %9, i64 %62, !prof !4 %64 = inttoptr i64 %63 to %struct.page* %65 = getelementptr inbounds %struct.page, %struct.page* %64, i64 0, i32 1 %66 = bitcast %union.anon.20* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 %70 = add i64 %67, -1 %71 = select i1 %69, i64 %63, i64 %70, !prof !4 %72 = inttoptr i64 %71 to %struct.page* %73 = getelementptr inbounds %struct.page, %struct.page* %72, i64 0, i32 0 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 16 %76 = icmp eq i64 %75, 0 br i1 %76, label %156, label %77 %78 = load volatile i64, i64* %66, align 8 %79 = and i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = add i64 %78, -1 %82 = select i1 %80, i64 %63, i64 %81, !prof !4 %83 = inttoptr i64 %82 to %struct.page* %84 = getelementptr inbounds %struct.page, %struct.page* %83, i64 0, i32 0 %85 = load volatile i64, i64* %84, align 8 %86 = and i64 %85, 32 %87 = icmp eq i64 %86, 0 br i1 %87, label %88, label %156 %89 = load volatile i64, i64* %66, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 %92 = add i64 %89, -1 %93 = select i1 %91, i64 %63, i64 %92, !prof !4 %94 = inttoptr i64 %93 to %struct.page* %95 = getelementptr inbounds %struct.page, %struct.page* %94, i64 0, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = and i64 %96, 1048576 %98 = icmp eq i64 %97, 0 br i1 %98, label %99, label %156 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %100 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i8* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1, i32 0) to %struct.lock_class_key*)) #6, !srcloc !7 %101 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.pagevec* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 5)) #6, !srcloc !8 %102 = inttoptr i64 %101 to %struct.pagevec* %103 = load volatile i64, i64* %66, align 8 %104 = and i64 %103, 1 %105 = icmp eq i64 %104, 0 %106 = add i64 %103, -1 %107 = select i1 %105, i64 %63, i64 %106, !prof !4 %108 = inttoptr i64 %107 to %struct.page* %109 = getelementptr inbounds %struct.page, %struct.page* %108, i64 0, i32 3, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32* %109) #6, !srcloc !9 %110 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %102, i64 0, i32 0 %111 = load i8, i8* %110, align 8 %112 = add i8 %111, 1 store i8 %112, i8* %110, align 8 %113 = zext i8 %111 to i64 %114 = getelementptr %struct.pagevec, %struct.pagevec* %102, i64 0, i32 2, i64 %113 store %struct.page* %64, %struct.page** %114, align 8 %115 = icmp eq i8 %112, 15 br i1 %115, label %128, label %116 %117 = getelementptr inbounds %struct.page, %struct.page* %64, i64 0, i32 0 %118 = load volatile i64, i64* %117, align 8 %119 = and i64 %118, 65536 %120 = icmp eq i64 %119, 0 br i1 %120, label %121, label %128 %122 = load volatile i64, i64* %66, align 8 %123 = and i64 %122, 1 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %128 %126 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @lru_disable_count, i64 0, i32 0), align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %129, label %128 tail call fastcc void @pagevec_lru_move_fn(%struct.pagevec* %102, void (%struct.page*, %struct.lruvec*)* nonnull @__activate_page) #78 Function:pagevec_lru_move_fn %3 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 0 %4 = load i8, i8* %3, align 8 %5 = icmp eq i8 %4, 0 br i1 %5, label %68, label %6 %69 = phi i8 [ %60, %63 ], [ %67, %65 ], [ 0, %2 ] %70 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 2, i64 0 %71 = zext i8 %69 to i32 tail call void @release_pages(%struct.page** %70, i32 %71) #79 Function:release_pages %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = icmp sgt i32 %1, 0 br i1 %7, label %8, label %216 %9 = zext i32 %1 to i64 br label %10 %11 = phi i64 [ 0, %8 ], [ %210, %206 ] %12 = phi i32 [ 0, %8 ], [ %209, %206 ] %13 = phi %struct.lruvec* [ null, %8 ], [ %208, %206 ] %14 = phi i64 [ 0, %8 ], [ %207, %206 ] %15 = getelementptr %struct.page*, %struct.page** %0, i64 %11 %16 = load %struct.page*, %struct.page** %15, align 8 %17 = icmp eq %struct.lruvec* %13, null br i1 %17, label %23, label %18 %24 = phi %struct.lruvec* [ null, %21 ], [ %13, %18 ], [ null, %10 ] %25 = phi i32 [ 32, %21 ], [ %19, %18 ], [ %12, %10 ] %26 = getelementptr inbounds %struct.page, %struct.page* %16, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %16 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !4 %34 = inttoptr i64 %33 to %struct.page* %35 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 3, i32 0 %36 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !5 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %206, label %39 %40 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 65536 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50 %51 = icmp eq %struct.lruvec* %24, null br i1 %51, label %54, label %52 %55 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %34) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_pages 1 pagevec_lru_move_fn 2 mark_page_accessed 3 pagecache_get_page 4 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 call void @mark_page_accessed(%struct.page* nonnull %172) #78 Function:mark_page_accessed %2 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %3 = bitcast %union.anon.20* %2 to i64* %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 1 %6 = icmp eq i64 %5, 0 %7 = add i64 %4, -1 %8 = ptrtoint %struct.page* %0 to i64 %9 = select i1 %6, i64 %8, i64 %7, !prof !4 %10 = inttoptr i64 %9 to %struct.page* %11 = getelementptr inbounds %struct.page, %struct.page* %10, i64 0, i32 1 %12 = bitcast %union.anon.20* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 1 %15 = icmp eq i64 %14, 0 %16 = add i64 %13, -1 %17 = select i1 %15, i64 %9, i64 %16, !prof !4 %18 = inttoptr i64 %17 to %struct.page* %19 = getelementptr inbounds %struct.page, %struct.page* %18, i64 0, i32 0 %20 = load volatile i64, i64* %19, align 8 %21 = and i64 %20, 2 %22 = icmp eq i64 %21, 0 %23 = load volatile i64, i64* %12, align 8 %24 = and i64 %23, 1 %25 = icmp eq i64 %24, 0 %26 = add i64 %23, -1 %27 = select i1 %25, i64 %9, i64 %26 br i1 %22, label %28, label %30 %31 = inttoptr i64 %27 to %struct.page* %32 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 1048576 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %163 %37 = load volatile i64, i64* %12, align 8 %38 = and i64 %37, 1 %39 = icmp eq i64 %38, 0 %40 = add i64 %37, -1 %41 = select i1 %39, i64 %9, i64 %40, !prof !4 %42 = inttoptr i64 %41 to %struct.page* %43 = getelementptr inbounds %struct.page, %struct.page* %42, i64 0, i32 0 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 32 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %163 %48 = load volatile i64, i64* %12, align 8 %49 = and i64 %48, 1 %50 = icmp eq i64 %49, 0 %51 = add i64 %48, -1 %52 = select i1 %50, i64 %9, i64 %51, !prof !4 %53 = inttoptr i64 %52 to %struct.page* %54 = getelementptr inbounds %struct.page, %struct.page* %53, i64 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 16 %57 = icmp eq i64 %56, 0 br i1 %57, label %131, label %58 %59 = load volatile i64, i64* %12, align 8 %60 = and i64 %59, 1 %61 = icmp eq i64 %60, 0 %62 = add i64 %59, -1 %63 = select i1 %61, i64 %9, i64 %62, !prof !4 %64 = inttoptr i64 %63 to %struct.page* %65 = getelementptr inbounds %struct.page, %struct.page* %64, i64 0, i32 1 %66 = bitcast %union.anon.20* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 %70 = add i64 %67, -1 %71 = select i1 %69, i64 %63, i64 %70, !prof !4 %72 = inttoptr i64 %71 to %struct.page* %73 = getelementptr inbounds %struct.page, %struct.page* %72, i64 0, i32 0 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 16 %76 = icmp eq i64 %75, 0 br i1 %76, label %156, label %77 %78 = load volatile i64, i64* %66, align 8 %79 = and i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = add i64 %78, -1 %82 = select i1 %80, i64 %63, i64 %81, !prof !4 %83 = inttoptr i64 %82 to %struct.page* %84 = getelementptr inbounds %struct.page, %struct.page* %83, i64 0, i32 0 %85 = load volatile i64, i64* %84, align 8 %86 = and i64 %85, 32 %87 = icmp eq i64 %86, 0 br i1 %87, label %88, label %156 %89 = load volatile i64, i64* %66, align 8 %90 = and i64 %89, 1 %91 = icmp eq i64 %90, 0 %92 = add i64 %89, -1 %93 = select i1 %91, i64 %63, i64 %92, !prof !4 %94 = inttoptr i64 %93 to %struct.page* %95 = getelementptr inbounds %struct.page, %struct.page* %94, i64 0, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = and i64 %96, 1048576 %98 = icmp eq i64 %97, 0 br i1 %98, label %99, label %156 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %100 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i8* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 1, i32 0) to %struct.lock_class_key*)) #6, !srcloc !7 %101 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.pagevec* getelementptr inbounds (%struct.lru_pvecs, %struct.lru_pvecs* @lru_pvecs, i64 0, i32 5)) #6, !srcloc !8 %102 = inttoptr i64 %101 to %struct.pagevec* %103 = load volatile i64, i64* %66, align 8 %104 = and i64 %103, 1 %105 = icmp eq i64 %104, 0 %106 = add i64 %103, -1 %107 = select i1 %105, i64 %63, i64 %106, !prof !4 %108 = inttoptr i64 %107 to %struct.page* %109 = getelementptr inbounds %struct.page, %struct.page* %108, i64 0, i32 3, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32* %109) #6, !srcloc !9 %110 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %102, i64 0, i32 0 %111 = load i8, i8* %110, align 8 %112 = add i8 %111, 1 store i8 %112, i8* %110, align 8 %113 = zext i8 %111 to i64 %114 = getelementptr %struct.pagevec, %struct.pagevec* %102, i64 0, i32 2, i64 %113 store %struct.page* %64, %struct.page** %114, align 8 %115 = icmp eq i8 %112, 15 br i1 %115, label %128, label %116 %117 = getelementptr inbounds %struct.page, %struct.page* %64, i64 0, i32 0 %118 = load volatile i64, i64* %117, align 8 %119 = and i64 %118, 65536 %120 = icmp eq i64 %119, 0 br i1 %120, label %121, label %128 %122 = load volatile i64, i64* %66, align 8 %123 = and i64 %122, 1 %124 = icmp eq i64 %123, 0 br i1 %124, label %125, label %128 %126 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @lru_disable_count, i64 0, i32 0), align 4 %127 = icmp eq i32 %126, 0 br i1 %127, label %129, label %128 tail call fastcc void @pagevec_lru_move_fn(%struct.pagevec* %102, void (%struct.page*, %struct.lruvec*)* nonnull @__activate_page) #78 Function:pagevec_lru_move_fn %3 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 0 %4 = load i8, i8* %3, align 8 %5 = icmp eq i8 %4, 0 br i1 %5, label %68, label %6 %69 = phi i8 [ %60, %63 ], [ %67, %65 ], [ 0, %2 ] %70 = getelementptr inbounds %struct.pagevec, %struct.pagevec* %0, i64 0, i32 2, i64 0 %71 = zext i8 %69 to i32 tail call void @release_pages(%struct.page** %70, i32 %71) #79 Function:release_pages %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = icmp sgt i32 %1, 0 br i1 %7, label %8, label %216 %9 = zext i32 %1 to i64 br label %10 %11 = phi i64 [ 0, %8 ], [ %210, %206 ] %12 = phi i32 [ 0, %8 ], [ %209, %206 ] %13 = phi %struct.lruvec* [ null, %8 ], [ %208, %206 ] %14 = phi i64 [ 0, %8 ], [ %207, %206 ] %15 = getelementptr %struct.page*, %struct.page** %0, i64 %11 %16 = load %struct.page*, %struct.page** %15, align 8 %17 = icmp eq %struct.lruvec* %13, null br i1 %17, label %23, label %18 %24 = phi %struct.lruvec* [ null, %21 ], [ %13, %18 ], [ null, %10 ] %25 = phi i32 [ 32, %21 ], [ %19, %18 ], [ %12, %10 ] %26 = getelementptr inbounds %struct.page, %struct.page* %16, i64 0, i32 1 %27 = bitcast %union.anon.20* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 1 %30 = icmp eq i64 %29, 0 %31 = add i64 %28, -1 %32 = ptrtoint %struct.page* %16 to i64 %33 = select i1 %30, i64 %32, i64 %31, !prof !4 %34 = inttoptr i64 %33 to %struct.page* %35 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 3, i32 0 %36 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %35, i32* %35) #6, !srcloc !5 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %206, label %39 %40 = getelementptr inbounds %struct.page, %struct.page* %34, i64 0, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 65536 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50 %51 = icmp eq %struct.lruvec* %24, null br i1 %51, label %54, label %52 %55 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %34) #78 ------------- Use: =BAD PATH= Call Stack: 0 stable_page_flags 1 kpageflags_read ------------- Path:  Function:kpageflags_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %108 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %108 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %101, label %23 %24 = phi i64 [ %90, %87 ], [ %21, %18 ] %25 = phi i64* [ %89, %87 ], [ %5, %18 ] %26 = phi i64 [ %88, %87 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %75 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %32), i8* blockaddress(@kpageflags_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %75 %36 = lshr i64 %26, 23 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %39), i8* blockaddress(@kpageflags_read, %38)) #6 to label %37 [label %39, label %38], !srcloc !4 br label %39 %40 = phi i64 [ 2048, %38 ], [ 131072, %35 ], [ 131072, %37 ] %41 = icmp ult i64 %36, %40 br i1 %41, label %42, label %75, !prof !5, !misexpect !6 %43 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %44 = icmp eq %struct.mem_section** %43, null br i1 %44, label %75, label %45 %46 = getelementptr %struct.mem_section*, %struct.mem_section** %43, i64 %36 %47 = load %struct.mem_section*, %struct.mem_section** %46, align 8 %48 = icmp eq %struct.mem_section* %47, null br i1 %48, label %75, label %49 %50 = and i64 %29, 255 %51 = getelementptr %struct.mem_section, %struct.mem_section* %47, i64 %50 %52 = icmp eq %struct.mem_section* %51, null br i1 %52, label %75, label %53 %54 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %51, i64 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %75, label %58 %59 = and i64 %55, 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %64, label %61 %65 = getelementptr %struct.mem_section, %struct.mem_section* %47, i64 %50, i32 1 %66 = load %struct.mem_section_usage*, %struct.mem_section_usage** %65, align 8 %67 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %66, i64 0, i32 0, i64 0 %68 = lshr i64 %26, 9 %69 = and i64 %68, 63 %70 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 %69) #6, !srcloc !7 %71 = and i8 %70, 1 %72 = icmp eq i8 %71, 0 %73 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %74 = getelementptr %struct.page, %struct.page* %73, i64 %26 br i1 %72, label %75, label %76 %77 = phi %struct.page* [ null, %75 ], [ %74, %64 ], [ %63, %61 ] %78 = bitcast i64* %25 to i8* %79 = tail call i64 @stable_page_flags(%struct.page* %77) #78 Function:stable_page_flags %2 = icmp eq %struct.page* %0, null br i1 %2, label %187, label %3 %4 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 16 %6 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %7 = bitcast %union.anon.20* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 %11 = add i64 %8, -1 %12 = ptrtoint %struct.page* %0 to i64 %13 = select i1 %10, i64 %12, i64 %11, !prof !4 %14 = inttoptr i64 %13 to %struct.page* %15 = getelementptr inbounds %struct.page, %struct.page* %14, i64 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 512 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = tail call zeroext i1 @page_mapped(%struct.page* nonnull %0) #78 %21 = select i1 %20, i64 2048, i64 0 br label %22 %23 = phi i64 [ 0, %3 ], [ %21, %19 ] %24 = load volatile i64, i64* %7, align 8 %25 = and i64 %24, 1 %26 = icmp eq i64 %25, 0 %27 = add i64 %24, -1 %28 = select i1 %26, i64 %12, i64 %27, !prof !4 %29 = inttoptr i64 %28 to %struct.page* %30 = getelementptr inbounds %struct.page, %struct.page* %29, i64 0, i32 1, i32 0, i32 1 %31 = bitcast %struct.address_space** %30 to i64* %32 = load i64, i64* %31, align 8 %33 = shl i64 %32, 12 %34 = and i64 %33, 4096 %35 = or i64 %34, %23 %36 = load volatile i64, i64* %4, align 8 %37 = lshr i64 %36, 1 %38 = and i64 %37, 32768 %39 = or i64 %35, %38 %40 = load volatile i64, i64* %7, align 8 %41 = shl i64 %40, 16 %42 = and i64 %41, 65536 %43 = or i64 %39, %42 %44 = tail call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 iov_iter_zero 1 read_iter_zero ------------- Path:  Function:read_iter_zero %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %38, label %6 %7 = phi i64 [ %36, %34 ], [ %4, %2 ] %8 = phi i64 [ %20, %34 ], [ 0, %2 ] %9 = icmp ult i64 %7, 4096 %10 = select i1 %9, i64 %7, i64 4096 %11 = tail call i64 @iov_iter_zero(i64 %10, %struct.iov_iter* %1) #78 Function:iov_iter_zero %3 = alloca i32, align 4 %4 = alloca i64, align 8 %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 3 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %76 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %77, %0 %79 = select i1 %78, i64 %77, i64 %0, !prof !4 %80 = icmp eq i64 %79, 0 br i1 %80, label %352, label %81, !prof !4, !misexpect !8 switch i8 %7, label %348 [ i8 0, label %82 i8 2, label %126 i8 1, label %184 i8 4, label %227 ], !prof !9 %228 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 6, i32 0 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = lshr i64 %232, 12 %234 = bitcast %struct.xa_state* %5 to i8* %235 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 5 %236 = bitcast %union.anon.118* %235 to i64* %237 = load i64, i64* %236, align 8 %238 = bitcast %struct.xa_state* %5 to i64* store i64 %237, i64* %238, align 8 %239 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 store i64 %233, i64* %239, align 8 %240 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %241 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %242 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %243 = bitcast i8* %240 to i32* store i32 0, i32* %243, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %242, align 8 %244 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %245 = bitcast %struct.xa_node** %244 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %246 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 -1) #78 %247 = icmp eq i8* %246, null br i1 %247, label %344, label %248 %249 = trunc i64 %232 to i32 %250 = and i32 %249, 4095 br label %251 %252 = phi i8* [ %342, %341 ], [ %246, %248 ] %253 = phi i64 [ %302, %341 ], [ %79, %248 ] %254 = phi i32 [ %303, %341 ], [ %250, %248 ] %255 = phi i64 [ %304, %341 ], [ 0, %248 ] %256 = bitcast i8* %252 to %struct.page* %257 = ptrtoint i8* %252 to i64 switch i64 %257, label %259 [ i64 1030, label %301 i64 1026, label %258 ] %260 = and i64 %257, 1 %261 = icmp eq i64 %260, 0 br i1 %261, label %263, label %262, !prof !11, !misexpect !5 %264 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %256) #78 ------------- Use: =BAD PATH= Call Stack: 0 iov_iter_zero 1 read_iter_zero ------------- Path:  Function:read_iter_zero %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %38, label %6 %7 = phi i64 [ %36, %34 ], [ %4, %2 ] %8 = phi i64 [ %20, %34 ], [ 0, %2 ] %9 = icmp ult i64 %7, 4096 %10 = select i1 %9, i64 %7, i64 4096 %11 = tail call i64 @iov_iter_zero(i64 %10, %struct.iov_iter* %1) #78 Function:iov_iter_zero %3 = alloca i32, align 4 %4 = alloca i64, align 8 %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 3 br i1 %8, label %9, label %75, !prof !4, !misexpect !5 %76 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %77, %0 %79 = select i1 %78, i64 %77, i64 %0, !prof !4 %80 = icmp eq i64 %79, 0 br i1 %80, label %352, label %81, !prof !4, !misexpect !8 switch i8 %7, label %348 [ i8 0, label %82 i8 2, label %126 i8 1, label %184 i8 4, label %227 ], !prof !9 %228 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 6, i32 0 %229 = load i64, i64* %228, align 8 %230 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 3 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = lshr i64 %232, 12 %234 = bitcast %struct.xa_state* %5 to i8* %235 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 5 %236 = bitcast %union.anon.118* %235 to i64* %237 = load i64, i64* %236, align 8 %238 = bitcast %struct.xa_state* %5 to i64* store i64 %237, i64* %238, align 8 %239 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 store i64 %233, i64* %239, align 8 %240 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %241 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %242 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %243 = bitcast i8* %240 to i32* store i32 0, i32* %243, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %242, align 8 %244 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %245 = bitcast %struct.xa_node** %244 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %246 = call i8* @xas_find(%struct.xa_state* nonnull %5, i64 -1) #78 %247 = icmp eq i8* %246, null br i1 %247, label %344, label %248 %249 = trunc i64 %232 to i32 %250 = and i32 %249, 4095 br label %251 %252 = phi i8* [ %342, %341 ], [ %246, %248 ] %253 = phi i64 [ %302, %341 ], [ %79, %248 ] %254 = phi i32 [ %303, %341 ], [ %250, %248 ] %255 = phi i64 [ %304, %341 ], [ 0, %248 ] %256 = bitcast i8* %252 to %struct.page* %257 = ptrtoint i8* %252 to i64 switch i64 %257, label %259 [ i64 1030, label %301 i64 1026, label %258 ] %260 = and i64 %257, 1 %261 = icmp eq i64 %260, 0 br i1 %261, label %263, label %262, !prof !11, !misexpect !5 %264 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %256) #78 ------------- Use: =BAD PATH= Call Stack: 0 _copy_to_iter 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #78 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #78 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %56, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #78 %13 = load i64, i64* %6, align 8 %14 = icmp ult i64 %13, 33 br i1 %14, label %18, label %15 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 13 br label %20 %21 = phi i64 [ 0, %15 ], [ %29, %50 ] call void @chacha_block_generic(i32* nonnull %10, i8* nonnull %5, i32 20) #79 %22 = load i32, i32* %16, align 16 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27, !prof !4, !misexpect !5 %25 = load i32, i32* %17, align 4 %26 = add i32 %25, 1 store i32 %26, i32* %17, align 4 br label %27 %28 = call i64 @_copy_to_iter(i8* nonnull %5, i64 64, %struct.iov_iter* %0) #79 Function:_copy_to_iter %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.xa_state, align 8 %7 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = icmp eq i8 %8, 3 br i1 %9, label %10, label %79, !prof !4, !misexpect !5 %80 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %81 = load i64, i64* %80, align 8 %82 = icmp ult i64 %81, %1 %83 = select i1 %82, i64 %81, i64 %1, !prof !4 %84 = icmp eq i64 %83, 0 br i1 %84, label %376, label %85, !prof !4, !misexpect !8 switch i8 %8, label %372 [ i8 0, label %86 i8 2, label %147 i8 1, label %206 i8 4, label %250 ], !prof !9 %251 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %254 = load i64, i64* %253, align 8 %255 = add i64 %254, %252 %256 = lshr i64 %255, 12 %257 = bitcast %struct.xa_state* %6 to i8* %258 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %259 = bitcast %union.anon.118* %258 to i64* %260 = load i64, i64* %259, align 8 %261 = bitcast %struct.xa_state* %6 to i64* store i64 %260, i64* %261, align 8 %262 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %256, i64* %262, align 8 %263 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %264 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 4 %265 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %266 = bitcast i8* %263 to i32* store i32 0, i32* %266, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %265, align 8 %267 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %268 = bitcast %struct.xa_node** %267 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %269 = call i8* @xas_find(%struct.xa_state* nonnull %6, i64 -1) #78 %270 = icmp eq i8* %269, null br i1 %270, label %368, label %271 %272 = trunc i64 %255 to i32 %273 = and i32 %272, 4095 br label %274 %275 = phi i8* [ %366, %365 ], [ %269, %271 ] %276 = phi i64 [ %326, %365 ], [ %83, %271 ] %277 = phi i32 [ %327, %365 ], [ %273, %271 ] %278 = phi i64 [ %328, %365 ], [ 0, %271 ] %279 = bitcast i8* %275 to %struct.page* %280 = ptrtoint i8* %275 to i64 switch i64 %280, label %282 [ i64 1030, label %325 i64 1026, label %281 ] %283 = and i64 %280, 1 %284 = icmp eq i64 %283, 0 br i1 %284, label %286, label %285, !prof !13, !misexpect !5 %287 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %279) #78 ------------- Use: =BAD PATH= Call Stack: 0 _copy_to_iter 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #78 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #78 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %56, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #78 %13 = load i64, i64* %6, align 8 %14 = icmp ult i64 %13, 33 br i1 %14, label %18, label %15 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 13 br label %20 %21 = phi i64 [ 0, %15 ], [ %29, %50 ] call void @chacha_block_generic(i32* nonnull %10, i8* nonnull %5, i32 20) #79 %22 = load i32, i32* %16, align 16 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27, !prof !4, !misexpect !5 %25 = load i32, i32* %17, align 4 %26 = add i32 %25, 1 store i32 %26, i32* %17, align 4 br label %27 %28 = call i64 @_copy_to_iter(i8* nonnull %5, i64 64, %struct.iov_iter* %0) #79 Function:_copy_to_iter %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.xa_state, align 8 %7 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = icmp eq i8 %8, 3 br i1 %9, label %10, label %79, !prof !4, !misexpect !5 %80 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %81 = load i64, i64* %80, align 8 %82 = icmp ult i64 %81, %1 %83 = select i1 %82, i64 %81, i64 %1, !prof !4 %84 = icmp eq i64 %83, 0 br i1 %84, label %376, label %85, !prof !4, !misexpect !8 switch i8 %8, label %372 [ i8 0, label %86 i8 2, label %147 i8 1, label %206 i8 4, label %250 ], !prof !9 %251 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %254 = load i64, i64* %253, align 8 %255 = add i64 %254, %252 %256 = lshr i64 %255, 12 %257 = bitcast %struct.xa_state* %6 to i8* %258 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %259 = bitcast %union.anon.118* %258 to i64* %260 = load i64, i64* %259, align 8 %261 = bitcast %struct.xa_state* %6 to i64* store i64 %260, i64* %261, align 8 %262 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %256, i64* %262, align 8 %263 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %264 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 4 %265 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %266 = bitcast i8* %263 to i32* store i32 0, i32* %266, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %265, align 8 %267 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %268 = bitcast %struct.xa_node** %267 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %269 = call i8* @xas_find(%struct.xa_state* nonnull %6, i64 -1) #78 %270 = icmp eq i8* %269, null br i1 %270, label %368, label %271 %272 = trunc i64 %255 to i32 %273 = and i32 %272, 4095 br label %274 %275 = phi i8* [ %366, %365 ], [ %269, %271 ] %276 = phi i64 [ %326, %365 ], [ %83, %271 ] %277 = phi i32 [ %327, %365 ], [ %273, %271 ] %278 = phi i64 [ %328, %365 ], [ 0, %271 ] %279 = bitcast i8* %275 to %struct.page* %280 = ptrtoint i8* %275 to i64 switch i64 %280, label %282 [ i64 1030, label %325 i64 1026, label %281 ] %283 = and i64 %280, 1 %284 = icmp eq i64 %283, 0 br i1 %284, label %286, label %285, !prof !13, !misexpect !5 %287 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %279) #78 ------------- Use: =BAD PATH= Call Stack: 0 _copy_to_iter 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %29, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #78 %17 = icmp eq i32 %16, 0 br i1 %17, label %29, label %18 %30 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #80 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %56, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #78 %13 = load i64, i64* %6, align 8 %14 = icmp ult i64 %13, 33 br i1 %14, label %18, label %15 %16 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 12 %17 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 13 br label %20 %21 = phi i64 [ 0, %15 ], [ %29, %50 ] call void @chacha_block_generic(i32* nonnull %10, i8* nonnull %5, i32 20) #79 %22 = load i32, i32* %16, align 16 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27, !prof !4, !misexpect !5 %25 = load i32, i32* %17, align 4 %26 = add i32 %25, 1 store i32 %26, i32* %17, align 4 br label %27 %28 = call i64 @_copy_to_iter(i8* nonnull %5, i64 64, %struct.iov_iter* %0) #79 Function:_copy_to_iter %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.xa_state, align 8 %7 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = icmp eq i8 %8, 3 br i1 %9, label %10, label %79, !prof !4, !misexpect !5 %80 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %81 = load i64, i64* %80, align 8 %82 = icmp ult i64 %81, %1 %83 = select i1 %82, i64 %81, i64 %1, !prof !4 %84 = icmp eq i64 %83, 0 br i1 %84, label %376, label %85, !prof !4, !misexpect !8 switch i8 %8, label %372 [ i8 0, label %86 i8 2, label %147 i8 1, label %206 i8 4, label %250 ], !prof !9 %251 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %254 = load i64, i64* %253, align 8 %255 = add i64 %254, %252 %256 = lshr i64 %255, 12 %257 = bitcast %struct.xa_state* %6 to i8* %258 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %259 = bitcast %union.anon.118* %258 to i64* %260 = load i64, i64* %259, align 8 %261 = bitcast %struct.xa_state* %6 to i64* store i64 %260, i64* %261, align 8 %262 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %256, i64* %262, align 8 %263 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %264 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 4 %265 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %266 = bitcast i8* %263 to i32* store i32 0, i32* %266, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %265, align 8 %267 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %268 = bitcast %struct.xa_node** %267 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %269 = call i8* @xas_find(%struct.xa_state* nonnull %6, i64 -1) #78 %270 = icmp eq i8* %269, null br i1 %270, label %368, label %271 %272 = trunc i64 %255 to i32 %273 = and i32 %272, 4095 br label %274 %275 = phi i8* [ %366, %365 ], [ %269, %271 ] %276 = phi i64 [ %326, %365 ], [ %83, %271 ] %277 = phi i32 [ %327, %365 ], [ %273, %271 ] %278 = phi i64 [ %328, %365 ], [ 0, %271 ] %279 = bitcast i8* %275 to %struct.page* %280 = ptrtoint i8* %275 to i64 switch i64 %280, label %282 [ i64 1030, label %325 i64 1026, label %281 ] %283 = and i64 %280, 1 %284 = icmp eq i64 %283, 0 br i1 %284, label %286, label %285, !prof !13, !misexpect !5 %287 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %279) #78 ------------- Use: =BAD PATH= Call Stack: 0 _copy_to_iter 1 eventfd_read ------------- Path:  Function:eventfd_read %3 = alloca i64, align 8 %4 = alloca %struct.wait_queue_entry, align 8 %5 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %6 = load %struct.file*, %struct.file** %5, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %6, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.eventfd_ctx** %9 = load %struct.eventfd_ctx*, %struct.eventfd_ctx** %8, align 8 %10 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %11 = bitcast %struct.wait_queue_entry* %4 to i8* %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %4, i64 0, i32 1 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = bitcast i8** %12 to %struct.task_struct** %16 = bitcast %struct.wait_queue_entry* %4 to i64* store i64 0, i64* %16, align 8 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %4, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @default_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %17, align 8 %18 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %4, i64 0, i32 3, i32 0 %19 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %4, i64 0, i32 3, i32 1 %20 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %21 = bitcast %struct.list_head** %18 to i8* %22 = load i64, i64* %20, align 8 %23 = icmp ult i64 %22, 8 br i1 %23, label %133, label %24 %25 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %9, i64 0, i32 1 %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %25, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %9, i64 0, i32 2 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %109 %110 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %9, i64 0, i32 3 %111 = load i32, i32* %110, align 8 %112 = and i32 %111, 1 %113 = icmp eq i32 %112, 0 %114 = load i64, i64* %27, align 8 %115 = select i1 %113, i64 %114, i64 1 store i64 %115, i64* %3, align 8 %116 = sub i64 %114, %115 store i64 %116, i64* %27, align 8 %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 50 %118 = load i8, i8* %117, align 16 %119 = or i8 %118, 64 store i8 %119, i8* %117, align 16 %120 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %9, i64 0, i32 1, i32 1 %121 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %122 = load volatile %struct.list_head*, %struct.list_head** %121, align 8 %123 = icmp eq %struct.list_head* %122, %120 br i1 %123, label %126, label %124 %127 = phi i8 [ %119, %109 ], [ %125, %124 ] %128 = and i8 %127, -65 store i8 %128, i8* %117, align 16 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %129 = bitcast %struct.wait_queue_head* %25 to i8* store volatile i8 0, i8* %129, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %130 = call i64 @_copy_to_iter(i8* nonnull %10, i64 8, %struct.iov_iter* %1) #78 Function:_copy_to_iter %4 = alloca i32, align 4 %5 = alloca i64, align 8 %6 = alloca %struct.xa_state, align 8 %7 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = icmp eq i8 %8, 3 br i1 %9, label %10, label %79, !prof !4, !misexpect !5 %80 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %81 = load i64, i64* %80, align 8 %82 = icmp ult i64 %81, %1 %83 = select i1 %82, i64 %81, i64 %1, !prof !4 %84 = icmp eq i64 %83, 0 br i1 %84, label %376, label %85, !prof !4, !misexpect !8 switch i8 %8, label %372 [ i8 0, label %86 i8 2, label %147 i8 1, label %206 i8 4, label %250 ], !prof !9 %251 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %252 = load i64, i64* %251, align 8 %253 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %254 = load i64, i64* %253, align 8 %255 = add i64 %254, %252 %256 = lshr i64 %255, 12 %257 = bitcast %struct.xa_state* %6 to i8* %258 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %259 = bitcast %union.anon.118* %258 to i64* %260 = load i64, i64* %259, align 8 %261 = bitcast %struct.xa_state* %6 to i64* store i64 %260, i64* %261, align 8 %262 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %256, i64* %262, align 8 %263 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %264 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 4 %265 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %266 = bitcast i8* %263 to i32* store i32 0, i32* %266, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %265, align 8 %267 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %268 = bitcast %struct.xa_node** %267 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %269 = call i8* @xas_find(%struct.xa_state* nonnull %6, i64 -1) #78 %270 = icmp eq i8* %269, null br i1 %270, label %368, label %271 %272 = trunc i64 %255 to i32 %273 = and i32 %272, 4095 br label %274 %275 = phi i8* [ %366, %365 ], [ %269, %271 ] %276 = phi i64 [ %326, %365 ], [ %83, %271 ] %277 = phi i32 [ %327, %365 ], [ %273, %271 ] %278 = phi i64 [ %328, %365 ], [ 0, %271 ] %279 = bitcast i8* %275 to %struct.page* %280 = ptrtoint i8* %275 to i64 switch i64 %280, label %282 [ i64 1030, label %325 i64 1026, label %281 ] %283 = and i64 %280, 1 %284 = icmp eq i64 %283, 0 br i1 %284, label %286, label %285, !prof !13, !misexpect !5 %287 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %279) #78 ------------- Use: =BAD PATH= Call Stack: 0 page_mapped 1 stable_page_flags 2 kpageflags_read ------------- Path:  Function:kpageflags_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %108 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %108 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %101, label %23 %24 = phi i64 [ %90, %87 ], [ %21, %18 ] %25 = phi i64* [ %89, %87 ], [ %5, %18 ] %26 = phi i64 [ %88, %87 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %75 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %32), i8* blockaddress(@kpageflags_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %75 %36 = lshr i64 %26, 23 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %39), i8* blockaddress(@kpageflags_read, %38)) #6 to label %37 [label %39, label %38], !srcloc !4 br label %39 %40 = phi i64 [ 2048, %38 ], [ 131072, %35 ], [ 131072, %37 ] %41 = icmp ult i64 %36, %40 br i1 %41, label %42, label %75, !prof !5, !misexpect !6 %43 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %44 = icmp eq %struct.mem_section** %43, null br i1 %44, label %75, label %45 %46 = getelementptr %struct.mem_section*, %struct.mem_section** %43, i64 %36 %47 = load %struct.mem_section*, %struct.mem_section** %46, align 8 %48 = icmp eq %struct.mem_section* %47, null br i1 %48, label %75, label %49 %50 = and i64 %29, 255 %51 = getelementptr %struct.mem_section, %struct.mem_section* %47, i64 %50 %52 = icmp eq %struct.mem_section* %51, null br i1 %52, label %75, label %53 %54 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %51, i64 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %75, label %58 %59 = and i64 %55, 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %64, label %61 %65 = getelementptr %struct.mem_section, %struct.mem_section* %47, i64 %50, i32 1 %66 = load %struct.mem_section_usage*, %struct.mem_section_usage** %65, align 8 %67 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %66, i64 0, i32 0, i64 0 %68 = lshr i64 %26, 9 %69 = and i64 %68, 63 %70 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 %69) #6, !srcloc !7 %71 = and i8 %70, 1 %72 = icmp eq i8 %71, 0 %73 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %74 = getelementptr %struct.page, %struct.page* %73, i64 %26 br i1 %72, label %75, label %76 %77 = phi %struct.page* [ null, %75 ], [ %74, %64 ], [ %63, %61 ] %78 = bitcast i64* %25 to i8* %79 = tail call i64 @stable_page_flags(%struct.page* %77) #78 Function:stable_page_flags %2 = icmp eq %struct.page* %0, null br i1 %2, label %187, label %3 %4 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 16 %6 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %7 = bitcast %union.anon.20* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 %11 = add i64 %8, -1 %12 = ptrtoint %struct.page* %0 to i64 %13 = select i1 %10, i64 %12, i64 %11, !prof !4 %14 = inttoptr i64 %13 to %struct.page* %15 = getelementptr inbounds %struct.page, %struct.page* %14, i64 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 512 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = tail call zeroext i1 @page_mapped(%struct.page* nonnull %0) #78 Function:page_mapped %2 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 65536 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %16 %17 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %18 = bitcast %union.anon.20* %17 to i64* %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 1 %21 = icmp eq i64 %20, 0 %22 = add i64 %19, -1 %23 = ptrtoint %struct.page* %0 to i64 %24 = select i1 %21, i64 %23, i64 %22, !prof !4 %25 = inttoptr i64 %24 to %struct.page* %26 = getelementptr %struct.page, %struct.page* %25, i64 1, i32 1 %27 = bitcast %union.anon.20* %26 to %struct.anon.13.118835* %28 = getelementptr inbounds %struct.anon.13.118835, %struct.anon.13.118835* %27, i64 0, i32 3, i32 0 %29 = load volatile i32, i32* %28, align 4 %30 = icmp sgt i32 %29, -1 br i1 %30, label %55, label %31 %32 = tail call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 packet_sendmsg ------------- Path:  Function:packet_sendmsg %4 = alloca %struct.sockcm_cookie, align 8 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.sockcm_cookie, align 8 %8 = alloca %struct.anon.193, align 2 %9 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %10 = load %struct.sock*, %struct.sock** %9, align 8 %11 = bitcast %struct.sock* %10 to %struct.packet_sock* %12 = getelementptr inbounds %struct.sock, %struct.sock* %10, i64 1, i32 6, i32 2 %13 = bitcast i32* %12 to %union.anon.87** %14 = load %union.anon.87*, %union.anon.87** %13, align 8 %15 = icmp eq %union.anon.87* %14, null br i1 %15, label %733, label %16 %734 = bitcast %struct.msghdr* %1 to %struct.sockaddr_ll** %735 = load %struct.sockaddr_ll*, %struct.sockaddr_ll** %734, align 8 %736 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %737 = bitcast %struct.sockcm_cookie* %7 to i8* %738 = getelementptr inbounds %struct.anon.193, %struct.anon.193* %8, i64 0, i32 0 %739 = icmp eq %struct.sockaddr_ll* %735, null br i1 %739, label %740, label %752, !prof !6, !misexpect !7 store i32 -22, i32* %6, align 4 %753 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %754 = load i32, i32* %753, align 8 %755 = icmp ult i32 %754, 20 br i1 %755, label %1136, label %756 %757 = sext i32 %754 to i64 %758 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %735, i64 0, i32 5 %759 = load i8, i8* %758, align 1 %760 = zext i8 %759 to i64 %761 = add nuw nsw i64 %760, 12 %762 = icmp ugt i64 %761, %757 br i1 %762, label %1136, label %763 %764 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %735, i64 0, i32 1 %765 = load i16, i16* %764, align 2 %766 = getelementptr inbounds %struct.sock, %struct.sock* %10, i64 0, i32 0, i32 9, i32 0 %767 = load %struct.net*, %struct.net** %766, align 8 %768 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %735, i64 0, i32 2 %769 = load i32, i32* %768, align 4 %770 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index to %struct.net_device* (%struct.net*, i32)*)(%struct.net* %767, i32 %769) #78 %771 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %772 = load i16, i16* %771, align 4 %773 = icmp eq i16 %772, 2 br i1 %773, label %774, label %786 %775 = icmp eq %struct.net_device* %770, null br i1 %775, label %784, label %776 %777 = load i32, i32* %753, align 8 %778 = sext i32 %777 to i64 %779 = getelementptr inbounds %struct.net_device, %struct.net_device* %770, i64 0, i32 51 %780 = load i8, i8* %779, align 1 %781 = zext i8 %780 to i64 %782 = add nuw nsw i64 %781, 12 %783 = icmp ugt i64 %782, %778 br i1 %783, label %1131, label %784 %785 = getelementptr inbounds %struct.sockaddr_ll, %struct.sockaddr_ll* %735, i64 0, i32 6, i64 0 br label %786 %787 = phi i8* [ null, %748 ], [ %785, %784 ], [ null, %763 ] %788 = phi i16 [ %751, %748 ], [ %765, %784 ], [ %765, %763 ] %789 = phi %struct.net_device* [ %743, %748 ], [ %770, %784 ], [ %770, %763 ] store i32 -6, i32* %6, align 4 %790 = icmp eq %struct.net_device* %789, null br i1 %790, label %1136, label %791, !prof !4, !misexpect !5 store i32 -100, i32* %6, align 4 %792 = getelementptr inbounds %struct.net_device, %struct.net_device* %789, i64 0, i32 14 %793 = load i32, i32* %792, align 64 %794 = and i32 %793, 1 %795 = icmp eq i32 %794, 0 br i1 %795, label %1131, label %796, !prof !4, !misexpect !5 %797 = getelementptr inbounds %struct.sock, %struct.sock* %10, i64 0, i32 65 %798 = load i16, i16* %797, align 8 %799 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %7, i64 0, i32 0 store i64 0, i64* %799, align 8 %800 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %7, i64 0, i32 1 %801 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %7, i64 0, i32 2 store i16 %798, i16* %801, align 4 %802 = getelementptr inbounds %struct.sock, %struct.sock* %10, i64 0, i32 34 %803 = load i32, i32* %802, align 4 store i32 %803, i32* %800, align 8 %804 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %805 = load i64, i64* %804, align 8 %806 = icmp eq i64 %805, 0 br i1 %806, label %810, label %807 %808 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %10, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %7) #78 store i32 %808, i32* %6, align 4 %809 = icmp eq i32 %808, 0 br i1 %809, label %810, label %1131, !prof !6, !misexpect !5 %811 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 1 %812 = load i16, i16* %811, align 4 %813 = icmp eq i16 %812, 3 br i1 %813, label %814, label %818 %815 = getelementptr inbounds %struct.net_device, %struct.net_device* %789, i64 0, i32 19 %816 = load i16, i16* %815, align 2 %817 = zext i16 %816 to i32 br label %818 %819 = phi i32 [ %817, %814 ], [ 0, %810 ] %820 = getelementptr inbounds %struct.packet_sock, %struct.packet_sock* %11, i64 0, i32 9 %821 = load i8, i8* %820, align 4 %822 = and i8 %821, 4 %823 = icmp eq i8 %822, 0 br i1 %823, label %862, label %824 %825 = icmp ult i64 %2, 10 br i1 %825, label %859, label %826 %827 = add i64 %2, -10 %828 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %829 = call i64 @_copy_from_iter(i8* nonnull %738, i64 10, %struct.iov_iter* %828) #78 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !7 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !8 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %189 = bitcast %union.anon.118* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #78 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !12, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #78 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !7 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !8 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %189 = bitcast %union.anon.118* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #78 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !12, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #78 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 write_pool_user 2 random_write_iter ------------- Path:  Function:random_write_iter %3 = tail call fastcc i64 @write_pool_user(%struct.iov_iter* %1) #78 Function:write_pool_user %2 = alloca [64 x i8], align 16 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %36, label %7, !prof !4, !misexpect !5 %8 = phi i64 [ %10, %32 ], [ 0, %1 ] %9 = call i64 @_copy_from_iter(i8* nonnull %3, i64 64, %struct.iov_iter* %0) #78 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !7 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !8 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %189 = bitcast %union.anon.118* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #78 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !12, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #78 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 write_pool_user 2 random_write_iter ------------- Path:  Function:random_write_iter %3 = tail call fastcc i64 @write_pool_user(%struct.iov_iter* %1) #78 Function:write_pool_user %2 = alloca [64 x i8], align 16 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %36, label %7, !prof !4, !misexpect !5 %8 = phi i64 [ %10, %32 ], [ 0, %1 ] %9 = call i64 @_copy_from_iter(i8* nonnull %3, i64 64, %struct.iov_iter* %0) #78 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !7 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !8 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %189 = bitcast %union.anon.118* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #78 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !12, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #78 ------------- Use: =BAD PATH= Call Stack: 0 _copy_from_iter 1 kernfs_fop_write_iter ------------- Path:  Function:kernfs_fop_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.kernfs_open_file** %10 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %9, align 8 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %18, label %16 %17 = icmp ugt i64 %12, %14 br i1 %17, label %77, label %21 %22 = phi i64 [ %12, %16 ], [ %20, %18 ] %23 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 8 %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, null br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %10, i64 0, i32 5 tail call void @mutex_lock(%struct.mutex* %27) #78 br label %32 %33 = phi i8* [ %30, %28 ], [ %24, %26 ] %34 = icmp ugt i64 %22, 2147483647 br i1 %34, label %35, label %36, !prof !4, !misexpect !5 %37 = tail call i64 @_copy_from_iter(i8* nonnull %33, i64 %22, %struct.iov_iter* %1) #78 Function:_copy_from_iter %4 = alloca %struct.xa_state, align 8 %5 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %6 = load i8, i8* %5, align 8 %7 = icmp eq i8 %6, 3 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp ult i64 %11, %1 %13 = select i1 %12, i64 %11, i64 %1, !prof !4 %14 = icmp eq i64 %13, 0 br i1 %14, label %306, label %15, !prof !4, !misexpect !7 switch i8 %6, label %302 [ i8 0, label %16 i8 2, label %77 i8 1, label %136 i8 4, label %180 ], !prof !8 %181 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 6, i32 0 %182 = load i64, i64* %181, align 8 %183 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 3 %184 = load i64, i64* %183, align 8 %185 = add i64 %184, %182 %186 = lshr i64 %185, 12 %187 = bitcast %struct.xa_state* %4 to i8* %188 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 5 %189 = bitcast %union.anon.118* %188 to i64* %190 = load i64, i64* %189, align 8 %191 = bitcast %struct.xa_state* %4 to i64* store i64 %190, i64* %191, align 8 %192 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 1 store i64 %186, i64* %192, align 8 %193 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 2 %194 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 4 %195 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 6 %196 = bitcast i8* %193 to i32* store i32 0, i32* %196, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %195, align 8 %197 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %4, i64 0, i32 7 %198 = bitcast %struct.xa_node** %197 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %199 = call i8* @xas_find(%struct.xa_state* nonnull %4, i64 -1) #78 %200 = icmp eq i8* %199, null br i1 %200, label %298, label %201 %202 = trunc i64 %185 to i32 %203 = and i32 %202, 4095 br label %204 %205 = phi i8* [ %296, %295 ], [ %199, %201 ] %206 = phi i64 [ %256, %295 ], [ %13, %201 ] %207 = phi i32 [ %257, %295 ], [ %203, %201 ] %208 = phi i64 [ %258, %295 ], [ 0, %201 ] %209 = bitcast i8* %205 to %struct.page* %210 = ptrtoint i8* %205 to i64 switch i64 %210, label %212 [ i64 1030, label %255 i64 1026, label %211 ] %213 = and i64 %210, 1 %214 = icmp eq i64 %213, 0 br i1 %214, label %216, label %215, !prof !12, !misexpect !5 %217 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %209) #78 ------------- Use: =BAD PATH= Call Stack: 0 pagecache_get_page 1 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 4 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %132, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %128, %121 ] %36 = phi i32 [ %19, %30 ], [ %123, %121 ] %37 = phi i64 [ 0, %30 ], [ %112, %121 ] %38 = phi i64 [ %26, %30 ], [ %130, %121 ] %39 = phi i64 [ %22, %30 ], [ %127, %121 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %132, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %39, %48 br i1 %49, label %132, label %50 %51 = icmp eq i64 %39, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %38 br i1 %56, label %132, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %38 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %39, i32 2, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 %177 = trunc i32 %19 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %179, label %307 %180 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %172) #78 ------------- Use: =BAD PATH= Call Stack: 0 pagecache_get_page 1 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 %177 = trunc i32 %19 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %179, label %307 %180 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %172) #78 ------------- Use: =BAD PATH= Call Stack: 0 pagecache_get_page 1 shmem_getpage_gfp 2 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ 0, %23 ], [ %100, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ %16, %23 ], [ %103, %124 ] %32 = icmp ne i64 %31, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %31, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #78 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* store %struct.page* null, %struct.page** %9, align 8 %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %467, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = bitcast %struct.list_head** %12 to i8* %43 = icmp eq i32 %3, 4 br label %44 %45 = phi i1 [ true, %15 ], [ false, %460 ] %46 = phi i32 [ 0, %15 ], [ %427, %460 ] br label %47 %48 = phi i32 [ %46, %44 ], [ %463, %461 ] br label %49 br i1 %16, label %50, label %53 %51 = load i64, i64* %18, align 8 %52 = icmp slt i64 %17, %51 br i1 %52, label %53, label %467 %54 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 br i1 %21, label %171, label %86 br i1 %23, label %114, label %87 %88 = getelementptr inbounds i8, i8* %26, i64 8 %89 = bitcast i8* %88 to i64* %90 = load volatile i64, i64* %89, align 8 %91 = and i64 %90, 1 %92 = icmp eq i64 %91, 0 %93 = add i64 %90, -1 %94 = select i1 %92, i64 %78, i64 %93, !prof !8 %95 = inttoptr i64 %94 to %struct.page* %96 = getelementptr inbounds %struct.page, %struct.page* %95, i64 0, i32 0 %97 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %96, i64 0, i64* %96) #6, !srcloc !11 %98 = and i8 %97, 1 %99 = icmp eq i8 %98, 0 br i1 %99, label %139, label %100 %140 = getelementptr inbounds i8, i8* %26, i64 24 %141 = bitcast i8* %140 to %struct.address_space** %142 = load %struct.address_space*, %struct.address_space** %141, align 8 %143 = icmp eq %struct.address_space* %142, %0 br i1 %143, label %171, label %144, !prof !8, !misexpect !6 %172 = bitcast i8* %26 to %struct.page* %173 = and i32 %19, 1 %174 = icmp eq i32 %173, 0 br i1 %174, label %176, label %175 %177 = trunc i32 %19 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %179, label %307 %180 = call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* nonnull %172) #78 ------------- Use: =BAD PATH= Call Stack: 0 __add_to_page_cache_locked 1 add_to_page_cache_lru 2 pagecache_get_page 3 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 4 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %132, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %128, %121 ] %36 = phi i32 [ %19, %30 ], [ %123, %121 ] %37 = phi i64 [ 0, %30 ], [ %112, %121 ] %38 = phi i64 [ %26, %30 ], [ %130, %121 ] %39 = phi i64 [ %22, %30 ], [ %127, %121 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %132, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %39, %48 br i1 %49, label %132, label %50 %51 = icmp eq i64 %39, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %38 br i1 %56, label %132, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %38 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %39, i32 2, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 %182 = and i32 %19, 4 %183 = icmp eq i32 %182, 0 br i1 %183, label %307, label %184 %185 = and i32 %19, 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %211, label %187 %188 = load %struct.inode*, %struct.inode** %16, align 8 %189 = icmp eq %struct.inode* %188, null br i1 %189, label %204, label %190 %205 = phi %struct.backing_dev_info* [ %200, %195 ], [ %203, %201 ], [ @noop_backing_dev_info, %187 ] %206 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %205, i64 0, i32 6 %207 = load i32, i32* %206, align 4 %208 = shl i32 %207, 12 %209 = and i32 %208, 4096 %210 = or i32 %209, %18 br label %211 %212 = phi i32 [ %18, %184 ], [ %210, %204 ] %213 = and i32 %19, 16 %214 = icmp eq i32 %213, 0 %215 = and i32 %212, -129 %216 = select i1 %214, i32 %212, i32 %215 %217 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !13 %218 = inttoptr i64 %217 to %struct.task_struct* %219 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 51 %220 = load volatile i64, i64* %219, align 8 %221 = and i64 %220, 2 %222 = icmp eq i64 %221, 0 br i1 %222, label %241, label %223 %224 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 132, i32 0, i32 0 br label %225 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_pre_enable_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@pagecache_get_page, %226)) #6 to label %232 [label %226], !srcloc !14 %227 = load volatile i32, i32* %224, align 4 %228 = and i32 %227, 1 %229 = icmp eq i32 %228, 0 br i1 %229, label %231, label %230 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %232 %233 = phi i32 [ %227, %231 ], [ 0, %225 ] %234 = call i32 @cpuset_mem_spread_node() #78 %235 = call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %216, i32 0, i32 %234, %struct.cpumask* null) #78 %236 = icmp eq %struct.page* %235, null br i1 %236, label %237, label %246 %247 = phi %struct.page* [ %244, %243 ], [ %235, %232 ] %248 = and i32 %19, 66 %249 = icmp eq i32 %248, 0 br i1 %249, label %250, label %251, !prof !5, !misexpect !6 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.12861, i64 0, i64 0), i32 1944, i32 2307, i64 12) #6, !srcloc !18 br label %251 %252 = or i32 %19, 2 %253 = select i1 %249, i32 %252, i32 %19 %254 = and i32 %253, 1 %255 = icmp eq i32 %254, 0 br i1 %255, label %267, label %256 %268 = call i32 @add_to_page_cache_lru(%struct.page* nonnull %247, %struct.address_space* %0, i64 %1, i32 %216) #79 Function:add_to_page_cache_lru %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %8 = bitcast %union.anon.20* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 %12 = add i64 %9, -1 %13 = ptrtoint %struct.page* %0 to i64 %14 = select i1 %11, i64 %13, i64 %12, !prof !4 %15 = inttoptr i64 %14 to %struct.page* %16 = getelementptr inbounds %struct.page, %struct.page* %15, i64 0, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %16, i64 0) #6, !srcloc !5 %17 = call i32 @__add_to_page_cache_locked(%struct.page* %0, %struct.address_space* %1, i64 %2, i32 %3, i8** nonnull %5) #78 Function:__add_to_page_cache_locked %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %1, i64 0, i32 1 store %struct.xarray* %9, %struct.xarray** %8, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %13 = bitcast i8* %11 to i32* store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = tail call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __add_to_page_cache_locked 1 add_to_page_cache_lru 2 pagecache_get_page 3 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 %182 = and i32 %19, 4 %183 = icmp eq i32 %182, 0 br i1 %183, label %307, label %184 %185 = and i32 %19, 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %211, label %187 %188 = load %struct.inode*, %struct.inode** %16, align 8 %189 = icmp eq %struct.inode* %188, null br i1 %189, label %204, label %190 %205 = phi %struct.backing_dev_info* [ %200, %195 ], [ %203, %201 ], [ @noop_backing_dev_info, %187 ] %206 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %205, i64 0, i32 6 %207 = load i32, i32* %206, align 4 %208 = shl i32 %207, 12 %209 = and i32 %208, 4096 %210 = or i32 %209, %18 br label %211 %212 = phi i32 [ %18, %184 ], [ %210, %204 ] %213 = and i32 %19, 16 %214 = icmp eq i32 %213, 0 %215 = and i32 %212, -129 %216 = select i1 %214, i32 %212, i32 %215 %217 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !13 %218 = inttoptr i64 %217 to %struct.task_struct* %219 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 51 %220 = load volatile i64, i64* %219, align 8 %221 = and i64 %220, 2 %222 = icmp eq i64 %221, 0 br i1 %222, label %241, label %223 %224 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 132, i32 0, i32 0 br label %225 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_pre_enable_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@pagecache_get_page, %226)) #6 to label %232 [label %226], !srcloc !14 %227 = load volatile i32, i32* %224, align 4 %228 = and i32 %227, 1 %229 = icmp eq i32 %228, 0 br i1 %229, label %231, label %230 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %232 %233 = phi i32 [ %227, %231 ], [ 0, %225 ] %234 = call i32 @cpuset_mem_spread_node() #78 %235 = call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %216, i32 0, i32 %234, %struct.cpumask* null) #78 %236 = icmp eq %struct.page* %235, null br i1 %236, label %237, label %246 %247 = phi %struct.page* [ %244, %243 ], [ %235, %232 ] %248 = and i32 %19, 66 %249 = icmp eq i32 %248, 0 br i1 %249, label %250, label %251, !prof !5, !misexpect !6 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.12861, i64 0, i64 0), i32 1944, i32 2307, i64 12) #6, !srcloc !18 br label %251 %252 = or i32 %19, 2 %253 = select i1 %249, i32 %252, i32 %19 %254 = and i32 %253, 1 %255 = icmp eq i32 %254, 0 br i1 %255, label %267, label %256 %268 = call i32 @add_to_page_cache_lru(%struct.page* nonnull %247, %struct.address_space* %0, i64 %1, i32 %216) #79 Function:add_to_page_cache_lru %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %8 = bitcast %union.anon.20* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 %12 = add i64 %9, -1 %13 = ptrtoint %struct.page* %0 to i64 %14 = select i1 %11, i64 %13, i64 %12, !prof !4 %15 = inttoptr i64 %14 to %struct.page* %16 = getelementptr inbounds %struct.page, %struct.page* %15, i64 0, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %16, i64 0) #6, !srcloc !5 %17 = call i32 @__add_to_page_cache_locked(%struct.page* %0, %struct.address_space* %1, i64 %2, i32 %3, i8** nonnull %5) #78 Function:__add_to_page_cache_locked %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %1, i64 0, i32 1 store %struct.xarray* %9, %struct.xarray** %8, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %13 = bitcast i8* %11 to i32* store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = tail call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __add_to_page_cache_locked 1 add_to_page_cache_lru 2 pagecache_get_page 3 shmem_getpage_gfp 4 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ 0, %23 ], [ %100, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ %16, %23 ], [ %103, %124 ] %32 = icmp ne i64 %31, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %31, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #78 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* store %struct.page* null, %struct.page** %9, align 8 %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %467, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = bitcast %struct.list_head** %12 to i8* %43 = icmp eq i32 %3, 4 br label %44 %45 = phi i1 [ true, %15 ], [ false, %460 ] %46 = phi i32 [ 0, %15 ], [ %427, %460 ] br label %47 %48 = phi i32 [ %46, %44 ], [ %463, %461 ] br label %49 br i1 %16, label %50, label %53 %51 = load i64, i64* %18, align 8 %52 = icmp slt i64 %17, %51 br i1 %52, label %53, label %467 %54 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 %182 = and i32 %19, 4 %183 = icmp eq i32 %182, 0 br i1 %183, label %307, label %184 %185 = and i32 %19, 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %211, label %187 %188 = load %struct.inode*, %struct.inode** %16, align 8 %189 = icmp eq %struct.inode* %188, null br i1 %189, label %204, label %190 %205 = phi %struct.backing_dev_info* [ %200, %195 ], [ %203, %201 ], [ @noop_backing_dev_info, %187 ] %206 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %205, i64 0, i32 6 %207 = load i32, i32* %206, align 4 %208 = shl i32 %207, 12 %209 = and i32 %208, 4096 %210 = or i32 %209, %18 br label %211 %212 = phi i32 [ %18, %184 ], [ %210, %204 ] %213 = and i32 %19, 16 %214 = icmp eq i32 %213, 0 %215 = and i32 %212, -129 %216 = select i1 %214, i32 %212, i32 %215 %217 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !13 %218 = inttoptr i64 %217 to %struct.task_struct* %219 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 51 %220 = load volatile i64, i64* %219, align 8 %221 = and i64 %220, 2 %222 = icmp eq i64 %221, 0 br i1 %222, label %241, label %223 %224 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 132, i32 0, i32 0 br label %225 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_pre_enable_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@pagecache_get_page, %226)) #6 to label %232 [label %226], !srcloc !14 %227 = load volatile i32, i32* %224, align 4 %228 = and i32 %227, 1 %229 = icmp eq i32 %228, 0 br i1 %229, label %231, label %230 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %232 %233 = phi i32 [ %227, %231 ], [ 0, %225 ] %234 = call i32 @cpuset_mem_spread_node() #78 %235 = call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %216, i32 0, i32 %234, %struct.cpumask* null) #78 %236 = icmp eq %struct.page* %235, null br i1 %236, label %237, label %246 %247 = phi %struct.page* [ %244, %243 ], [ %235, %232 ] %248 = and i32 %19, 66 %249 = icmp eq i32 %248, 0 br i1 %249, label %250, label %251, !prof !5, !misexpect !6 call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.12861, i64 0, i64 0), i32 1944, i32 2307, i64 12) #6, !srcloc !18 br label %251 %252 = or i32 %19, 2 %253 = select i1 %249, i32 %252, i32 %19 %254 = and i32 %253, 1 %255 = icmp eq i32 %254, 0 br i1 %255, label %267, label %256 %268 = call i32 @add_to_page_cache_lru(%struct.page* nonnull %247, %struct.address_space* %0, i64 %1, i32 %216) #79 Function:add_to_page_cache_lru %5 = alloca i8*, align 8 %6 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %7 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %8 = bitcast %union.anon.20* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 %12 = add i64 %9, -1 %13 = ptrtoint %struct.page* %0 to i64 %14 = select i1 %11, i64 %13, i64 %12, !prof !4 %15 = inttoptr i64 %14 to %struct.page* %16 = getelementptr inbounds %struct.page, %struct.page* %15, i64 0, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %16, i64 0) #6, !srcloc !5 %17 = call i32 @__add_to_page_cache_locked(%struct.page* %0, %struct.address_space* %1, i64 %2, i32 %3, i8** nonnull %5) #78 Function:__add_to_page_cache_locked %6 = alloca %struct.xa_state, align 8 %7 = bitcast %struct.xa_state* %6 to i8* %8 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.address_space, %struct.address_space* %1, i64 0, i32 1 store %struct.xarray* %9, %struct.xarray** %8, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 1 store i64 %2, i64* %10, align 8 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 2 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 6 %13 = bitcast i8* %11 to i32* store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %6, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = tail call i32 bitcast (i32 (%struct.page.139571*)* @PageHuge to i32 (%struct.page*)*)(%struct.page* %0) #78 ------------- Good: 909 Bad: 23 Ignored: 1212 Check Use of Function:lru_add_drain_all Use: =BAD PATH= Call Stack: 0 compact_store ------------- Path:  Function:compact_store %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 29 %6 = load i32, i32* %5, align 8 %7 = icmp sgt i32 %6, -1 %8 = load i32, i32* @nr_node_ids, align 4 %9 = icmp ult i32 %6, %8 %10 = and i1 %7, %9 br i1 %10, label %11, label %17 %12 = zext i32 %6 to i64 %13 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 1, i32 0, i64 0), i64 %12) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %17, label %16 tail call void @lru_add_drain_all() #78 ------------- Good: 22 Bad: 1 Ignored: 26 Check Use of Function:mdio_ctrl_hw Check Use of Function:mod_node_page_state Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 __kmalloc_node 3 rb_alloc_aux 4 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.115111, %struct.file.115111* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.115424** %5 = load %struct.perf_event.115424*, %struct.perf_event.115424** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115588** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.115588**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.115588* %8 = getelementptr inbounds %struct.task_struct.115588, %struct.task_struct.115588* %7, i64 0, i32 85 %9 = load %struct.cred.115109*, %struct.cred.115109** %8, align 64 %10 = getelementptr inbounds %struct.cred.115109, %struct.cred.115109* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 34 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 21, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %320 %21 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %320, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.115424*)*)(%struct.perf_event.115424* %5) #78 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %320 %29 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %320 %118 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 26 %119 = load %struct.perf_event_context.115401*, %struct.perf_event_context.115401** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.115401, %struct.perf_event_context.115401* %119, i64 0, i32 21 %121 = load %struct.perf_event_context.115401*, %struct.perf_event_context.115401** %120, align 8 %122 = icmp eq %struct.perf_event_context.115401* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 37 tail call void @mutex_lock(%struct.mutex* %125) #78 %126 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 39 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %306 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %292, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call fastcc void @ring_buffer_attach(%struct.perf_event.115424* %5, %struct.perf_buffer* null) #79 tail call void @mutex_unlock(%struct.mutex* %125) #78 tail call void @mutex_lock(%struct.mutex* %125) #78 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %154 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %155 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %153 %170 = sub i64 %153, %169 %171 = getelementptr inbounds %struct.task_struct.115588, %struct.task_struct.115588* %7, i64 0, i32 95 %172 = load %struct.signal_struct.115544*, %struct.signal_struct.115544** %171, align 32 %173 = getelementptr %struct.signal_struct.115544, %struct.signal_struct.115544* %172, i64 0, i32 49, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 6 %177 = load %struct.mm_struct.115498*, %struct.mm_struct.115498** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.115498, %struct.mm_struct.115498* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %277 %278 = load i64, i64* %21, align 8 %279 = lshr i64 %278, 1 %280 = trunc i64 %279 to i32 %281 = and i32 %280, 1 %282 = load i64, i64* %34, align 8 %283 = trunc i64 %156 to i32 %284 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 21, i32 16 %285 = load i32, i32* %284, align 8 %286 = zext i32 %285 to i64 %287 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.115424*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.115424* %5, i64 %282, i32 %283, i64 %286, i32 %281) #78 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 34 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #78 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %29, !prof !4, !misexpect !5 %30 = tail call %struct.kmem_cache* @kmalloc_slab(i64 %0, i32 %1) #79 %31 = icmp ult %struct.kmem_cache* %30, inttoptr (i64 17 to %struct.kmem_cache*) br i1 %31, label %32, label %34, !prof !4, !misexpect !5 %36 = ptrtoint i8* %35 to i64 %37 = load i32, i32* @gfp_allowed_mask, align 4 %38 = and i32 %37, %1 %39 = and i32 %38, 1024 %40 = icmp eq i32 %39, 0 br i1 %40, label %43, label %41 %42 = tail call i32 @__cond_resched() #79 br label %43 %44 = tail call i32 @should_failslab(%struct.kmem_cache* %30, i32 %38) #79 %45 = icmp ne i32 %44, 0 %46 = icmp eq %struct.kmem_cache* %30, null %47 = or i1 %46, %45 br i1 %47, label %140, label %48 %49 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %30, i64 0, i32 0 %50 = icmp eq i32 %2, -1 %51 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %30, i64 0, i32 6 br label %52 %53 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %49, align 8 %54 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %53) #6, !srcloc !12 %55 = inttoptr i64 %54 to %struct.kmem_cache_cpu* %56 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %55, i64 0, i32 1 %57 = load volatile i64, i64* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %58 = inttoptr i64 %54 to i8** %59 = load i8*, i8** %58, align 8 %60 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %55, i64 0, i32 2 %61 = load %struct.page*, %struct.page** %60, align 8 %62 = icmp ne i8* %59, null %63 = icmp ne %struct.page* %61, null %64 = and i1 %62, %63 %65 = bitcast i8* %59 to i8** br i1 %64, label %66, label %73, !prof !14 br i1 %50, label %76, label %67 %68 = getelementptr inbounds %struct.page, %struct.page* %61, i64 0, i32 0 %69 = load i64, i64* %68, align 16 %70 = lshr i64 %69, 58 %71 = trunc i64 %70 to i32 %72 = icmp eq i32 %71, %2 br i1 %72, label %76, label %73 %74 = inttoptr i64 %54 to %struct.kmem_cache_cpu* %75 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %30, i32 %1, i32 %2, i64 %36, %struct.kmem_cache_cpu* %74) #79 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %270, label %268, !prof !5, !misexpect !6 %269 = call i32 @kmalloc_fix_flags(i32 %1) #78 br label %270 %271 = phi i32 [ %269, %268 ], [ %1, %267 ] %272 = load void (i8*)*, void (i8*)** %16, align 8 %273 = icmp ne void (i8*)* %272, null %274 = and i32 %271, 256 %275 = icmp ne i32 %274, 0 %276 = and i1 %273, %275 br i1 %276, label %277, label %278, !prof !29, !misexpect !6 %279 = and i32 %271, 3927776 %280 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %279, i32 %203) #78 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #78 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #78 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 kmem_cache_alloc_node 3 create_task_io_context 4 get_task_io_context 5 set_task_ioprio 6 __se_sys_ioprio_set 7 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #78 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #78 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #78 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #78 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295739* (%struct.task_struct.295774*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #78 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %14 = load %struct.io_context.295739*, %struct.io_context.295739** %10, align 8 %15 = icmp eq %struct.io_context.295739* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295774* %0, i32 %1, i32 %2) #79 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %270, label %268, !prof !5, !misexpect !6 %269 = call i32 @kmalloc_fix_flags(i32 %1) #78 br label %270 %271 = phi i32 [ %269, %268 ], [ %1, %267 ] %272 = load void (i8*)*, void (i8*)** %16, align 8 %273 = icmp ne void (i8*)* %272, null %274 = and i32 %271, 256 %275 = icmp ne i32 %274, 0 %276 = and i1 %273, %275 br i1 %276, label %277, label %278, !prof !29, !misexpect !6 %279 = and i32 %271, 3927776 %280 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %279, i32 %203) #78 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #78 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #78 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 kmem_cache_alloc_node 3 create_task_io_context 4 get_task_io_context 5 set_task_ioprio 6 __se_sys_ioprio_set 7 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #78 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #78 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #78 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #78 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295739* (%struct.task_struct.295774*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #78 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %14 = load %struct.io_context.295739*, %struct.io_context.295739** %10, align 8 %15 = icmp eq %struct.io_context.295739* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295774* %0, i32 %1, i32 %2) #79 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %270, label %268, !prof !5, !misexpect !6 %269 = call i32 @kmalloc_fix_flags(i32 %1) #78 br label %270 %271 = phi i32 [ %269, %268 ], [ %1, %267 ] %272 = load void (i8*)*, void (i8*)** %16, align 8 %273 = icmp ne void (i8*)* %272, null %274 = and i32 %271, 256 %275 = icmp ne i32 %274, 0 %276 = and i1 %273, %275 br i1 %276, label %277, label %278, !prof !29, !misexpect !6 %279 = and i32 %271, 3927776 %280 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %279, i32 %203) #78 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #78 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #78 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 kmem_cache_alloc_node 3 create_task_io_context 4 submit_bio_checks 5 __submit_bio 6 submit_bio_noacct 7 __blk_queue_split 8 blk_queue_split 9 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.705679*, align 8 store %struct.bio.705679* %0, %struct.bio.705679** %2, align 8 %3 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 1 %4 = load %struct.block_device.705676*, %struct.block_device.705676** %3, align 8 %5 = getelementptr inbounds %struct.block_device.705676, %struct.block_device.705676* %4, i64 0, i32 16 %6 = load %struct.gendisk.705501*, %struct.gendisk.705501** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.705501, %struct.gendisk.705501* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 39 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #78 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 1 %18 = icmp ne i64 %17, 0 %19 = icmp eq i8* %13, null %20 = or i1 %19, %18 %21 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 2 %22 = load i32, i32* %21, align 8 br i1 %20, label %23, label %51, !prof !4, !misexpect !5 %52 = trunc i32 %22 to i8 switch i8 %52, label %55 [ i8 3, label %53 i8 5, label %53 i8 7, label %53 i8 9, label %53 ] call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.705679**)*)(%struct.bio.705679** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.296195* %0) #79 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = tail call i32 @__cond_resched() #78 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.296233* %12 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 4096 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 123 %178 = load %struct.io_context.296155*, %struct.io_context.296155** %177, align 8 %179 = icmp eq %struct.io_context.296155* %178, null br i1 %179, label %180, label %185, !prof !14, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295774*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.296233*, i32, i32)*)(%struct.task_struct.296233* %11, i32 2592, i32 %182) #78 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %270, label %268, !prof !5, !misexpect !6 %269 = call i32 @kmalloc_fix_flags(i32 %1) #78 br label %270 %271 = phi i32 [ %269, %268 ], [ %1, %267 ] %272 = load void (i8*)*, void (i8*)** %16, align 8 %273 = icmp ne void (i8*)* %272, null %274 = and i32 %271, 256 %275 = icmp ne i32 %274, 0 %276 = and i1 %273, %275 br i1 %276, label %277, label %278, !prof !29, !misexpect !6 %279 = and i32 %271, 3927776 %280 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %279, i32 %203) #78 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #78 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #78 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 allocate_slab 1 ___slab_alloc 2 kmem_cache_alloc_node 3 create_task_io_context 4 submit_bio_checks 5 __submit_bio 6 submit_bio_noacct 7 __blk_queue_split 8 blk_queue_split 9 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.296195*, align 8 store %struct.bio.296195* %0, %struct.bio.296195** %2, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %8 = load %struct.block_device.296192*, %struct.block_device.296192** %7, align 8 %9 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %8, i64 0, i32 16 %10 = load %struct.gendisk.296190*, %struct.gendisk.296190** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.296195**)*)(%struct.bio.296195** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.296195* %0) #79 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = tail call i32 @__cond_resched() #78 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.296233* %12 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 4096 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 123 %178 = load %struct.io_context.296155*, %struct.io_context.296155** %177, align 8 %179 = icmp eq %struct.io_context.296155* %178, null br i1 %179, label %180, label %185, !prof !14, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295774*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.296233*, i32, i32)*)(%struct.task_struct.296233* %11, i32 2592, i32 %182) #78 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %270, label %268, !prof !5, !misexpect !6 %269 = call i32 @kmalloc_fix_flags(i32 %1) #78 br label %270 %271 = phi i32 [ %269, %268 ], [ %1, %267 ] %272 = load void (i8*)*, void (i8*)** %16, align 8 %273 = icmp ne void (i8*)* %272, null %274 = and i32 %271, 256 %275 = icmp ne i32 %274, 0 %276 = and i1 %273, %275 br i1 %276, label %277, label %278, !prof !29, !misexpect !6 %279 = and i32 %271, 3927776 %280 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %279, i32 %203) #78 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %28 = tail call %struct.page* @alloc_pages(i32 %25, i32 %15) #78 %29 = icmp eq %struct.page* %28, null br i1 %29, label %33, label %49, !prof !4, !misexpect !5 %34 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %35 = load i32, i32* %34, align 8 %36 = lshr i32 %35, 16 %37 = tail call %struct.page* @alloc_pages(i32 %10, i32 %36) #78 br label %43 %44 = phi i32 [ %35, %33 ], [ %40, %38 ] %45 = phi %struct.page* [ %37, %33 ], [ %42, %38 ] %46 = icmp eq %struct.page* %45, null br i1 %46, label %317, label %47, !prof !4, !misexpect !5 %48 = lshr i32 %44, 16 br label %49 %50 = phi i32 [ %48, %47 ], [ %15, %30 ], [ %15, %27 ] %51 = phi %struct.page* [ %45, %47 ], [ %31, %30 ], [ %28, %27 ] %52 = phi i32 [ %44, %47 ], [ %5, %30 ], [ %5, %27 ] %53 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 1, i32 0, i32 3 %54 = bitcast i64* %53 to i32* %55 = load i32, i32* %54, align 8 %56 = shl i32 %52, 16 %57 = and i32 %56, 2147418112 %58 = and i32 %55, -2147418113 %59 = or i32 %58, %57 store i32 %59, i32* %54, align 8 %60 = getelementptr inbounds %struct.page, %struct.page* %51, i64 0, i32 0 %61 = load i64, i64* %60, align 16 %62 = lshr i64 %61, 58 %63 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %62 %64 = load %struct.pglist_data*, %struct.pglist_data** %63, align 8 %65 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 131072 %68 = icmp eq i32 %67, 0 %69 = select i1 %68, i32 6, i32 5 %70 = zext i32 %50 to i64 %71 = shl i64 4096, %70 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %64, i32 %69, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 __kmalloc_node 4 rb_alloc_aux 5 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.115111, %struct.file.115111* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.115424** %5 = load %struct.perf_event.115424*, %struct.perf_event.115424** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115588** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.115588**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.115588* %8 = getelementptr inbounds %struct.task_struct.115588, %struct.task_struct.115588* %7, i64 0, i32 85 %9 = load %struct.cred.115109*, %struct.cred.115109** %8, align 64 %10 = getelementptr inbounds %struct.cred.115109, %struct.cred.115109* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 34 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 21, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %320 %21 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %320, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.115424*)*)(%struct.perf_event.115424* %5) #78 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %320 %29 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %320 %118 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 26 %119 = load %struct.perf_event_context.115401*, %struct.perf_event_context.115401** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.115401, %struct.perf_event_context.115401* %119, i64 0, i32 21 %121 = load %struct.perf_event_context.115401*, %struct.perf_event_context.115401** %120, align 8 %122 = icmp eq %struct.perf_event_context.115401* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 37 tail call void @mutex_lock(%struct.mutex* %125) #78 %126 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 39 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %306 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %292, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call fastcc void @ring_buffer_attach(%struct.perf_event.115424* %5, %struct.perf_buffer* null) #79 tail call void @mutex_unlock(%struct.mutex* %125) #78 tail call void @mutex_lock(%struct.mutex* %125) #78 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %154 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %155 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %153 %170 = sub i64 %153, %169 %171 = getelementptr inbounds %struct.task_struct.115588, %struct.task_struct.115588* %7, i64 0, i32 95 %172 = load %struct.signal_struct.115544*, %struct.signal_struct.115544** %171, align 32 %173 = getelementptr %struct.signal_struct.115544, %struct.signal_struct.115544* %172, i64 0, i32 49, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 6 %177 = load %struct.mm_struct.115498*, %struct.mm_struct.115498** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.115498, %struct.mm_struct.115498* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %277 %278 = load i64, i64* %21, align 8 %279 = lshr i64 %278, 1 %280 = trunc i64 %279 to i32 %281 = and i32 %280, 1 %282 = load i64, i64* %34, align 8 %283 = trunc i64 %156 to i32 %284 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 21, i32 16 %285 = load i32, i32* %284, align 8 %286 = zext i32 %285 to i64 %287 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.115424*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.115424* %5, i64 %282, i32 %283, i64 %286, i32 %281) #78 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 34 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #78 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %29, !prof !4, !misexpect !5 %30 = tail call %struct.kmem_cache* @kmalloc_slab(i64 %0, i32 %1) #79 %31 = icmp ult %struct.kmem_cache* %30, inttoptr (i64 17 to %struct.kmem_cache*) br i1 %31, label %32, label %34, !prof !4, !misexpect !5 %36 = ptrtoint i8* %35 to i64 %37 = load i32, i32* @gfp_allowed_mask, align 4 %38 = and i32 %37, %1 %39 = and i32 %38, 1024 %40 = icmp eq i32 %39, 0 br i1 %40, label %43, label %41 %42 = tail call i32 @__cond_resched() #79 br label %43 %44 = tail call i32 @should_failslab(%struct.kmem_cache* %30, i32 %38) #79 %45 = icmp ne i32 %44, 0 %46 = icmp eq %struct.kmem_cache* %30, null %47 = or i1 %46, %45 br i1 %47, label %140, label %48 %49 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %30, i64 0, i32 0 %50 = icmp eq i32 %2, -1 %51 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %30, i64 0, i32 6 br label %52 %53 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %49, align 8 %54 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %53) #6, !srcloc !12 %55 = inttoptr i64 %54 to %struct.kmem_cache_cpu* %56 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %55, i64 0, i32 1 %57 = load volatile i64, i64* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %58 = inttoptr i64 %54 to i8** %59 = load i8*, i8** %58, align 8 %60 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %55, i64 0, i32 2 %61 = load %struct.page*, %struct.page** %60, align 8 %62 = icmp ne i8* %59, null %63 = icmp ne %struct.page* %61, null %64 = and i1 %62, %63 %65 = bitcast i8* %59 to i8** br i1 %64, label %66, label %73, !prof !14 br i1 %50, label %76, label %67 %68 = getelementptr inbounds %struct.page, %struct.page* %61, i64 0, i32 0 %69 = load i64, i64* %68, align 16 %70 = lshr i64 %69, 58 %71 = trunc i64 %70 to i32 %72 = icmp eq i32 %71, %2 br i1 %72, label %76, label %73 %74 = inttoptr i64 %54 to %struct.kmem_cache_cpu* %75 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %30, i32 %1, i32 %2, i64 %36, %struct.kmem_cache_cpu* %74) #79 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 %291 = phi i8* [ %265, %264 ], [ %289, %285 ] %292 = phi %struct.kmem_cache_cpu* [ %207, %264 ], [ %286, %285 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %293)) #6 to label %298 [label %293], !srcloc !37 %294 = load i32, i32* %17, align 8 %295 = and i32 %294, 2166016 %296 = icmp eq i32 %295, 0 %297 = load %struct.page*, %struct.page** %10, align 8 br i1 %296, label %303, label %300 %301 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %297, i8* %291, i64 %3) #79 %302 = icmp eq i32 %301, 0 br i1 %302, label %206, label %359 %360 = phi %struct.page* [ %304, %318 ], [ %297, %300 ] %361 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %362 = load i32, i32* %361, align 8 %363 = zext i32 %362 to i64 %364 = getelementptr i8, i8* %291, i64 %363 %365 = bitcast i8* %364 to i8** %366 = load i8*, i8** %365, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %360, i8* %366) #79 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %142, %219 ] %95 = phi i32 [ 0, %72 ], [ %141, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i1 [ true, %124 ], [ true, %122 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %140 = phi i1 [ false, %124 ], [ false, %122 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %141 = phi i32 [ 1, %124 ], [ 1, %122 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %142 = phi i64 [ %125, %124 ], [ %94, %122 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %143 = phi i32 [ 1, %124 ], [ 1, %122 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %141 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %139, label %163, label %172 br i1 %140, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %139, %140 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #78 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #78 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #78 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #79 ------------- Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 kmem_cache_alloc_node 4 create_task_io_context 5 get_task_io_context 6 set_task_ioprio 7 __se_sys_ioprio_set 8 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #78 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #78 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #78 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #78 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295739* (%struct.task_struct.295774*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #78 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %14 = load %struct.io_context.295739*, %struct.io_context.295739** %10, align 8 %15 = icmp eq %struct.io_context.295739* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295774* %0, i32 %1, i32 %2) #79 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 %291 = phi i8* [ %265, %264 ], [ %289, %285 ] %292 = phi %struct.kmem_cache_cpu* [ %207, %264 ], [ %286, %285 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %293)) #6 to label %298 [label %293], !srcloc !37 %294 = load i32, i32* %17, align 8 %295 = and i32 %294, 2166016 %296 = icmp eq i32 %295, 0 %297 = load %struct.page*, %struct.page** %10, align 8 br i1 %296, label %303, label %300 %301 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %297, i8* %291, i64 %3) #79 %302 = icmp eq i32 %301, 0 br i1 %302, label %206, label %359 %360 = phi %struct.page* [ %304, %318 ], [ %297, %300 ] %361 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %362 = load i32, i32* %361, align 8 %363 = zext i32 %362 to i64 %364 = getelementptr i8, i8* %291, i64 %363 %365 = bitcast i8* %364 to i8** %366 = load i8*, i8** %365, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %360, i8* %366) #79 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %142, %219 ] %95 = phi i32 [ 0, %72 ], [ %141, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i1 [ true, %124 ], [ true, %122 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %140 = phi i1 [ false, %124 ], [ false, %122 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %141 = phi i32 [ 1, %124 ], [ 1, %122 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %142 = phi i64 [ %125, %124 ], [ %94, %122 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %143 = phi i32 [ 1, %124 ], [ 1, %122 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %141 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %139, label %163, label %172 br i1 %140, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %139, %140 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #78 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #78 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #78 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #79 ------------- Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 kmem_cache_alloc_node 4 create_task_io_context 5 get_task_io_context 6 set_task_ioprio 7 __se_sys_ioprio_set 8 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #78 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #78 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #78 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #78 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295739* (%struct.task_struct.295774*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #78 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %14 = load %struct.io_context.295739*, %struct.io_context.295739** %10, align 8 %15 = icmp eq %struct.io_context.295739* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295774* %0, i32 %1, i32 %2) #79 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 %291 = phi i8* [ %265, %264 ], [ %289, %285 ] %292 = phi %struct.kmem_cache_cpu* [ %207, %264 ], [ %286, %285 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %293)) #6 to label %298 [label %293], !srcloc !37 %294 = load i32, i32* %17, align 8 %295 = and i32 %294, 2166016 %296 = icmp eq i32 %295, 0 %297 = load %struct.page*, %struct.page** %10, align 8 br i1 %296, label %303, label %300 %301 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %297, i8* %291, i64 %3) #79 %302 = icmp eq i32 %301, 0 br i1 %302, label %206, label %359 %360 = phi %struct.page* [ %304, %318 ], [ %297, %300 ] %361 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %362 = load i32, i32* %361, align 8 %363 = zext i32 %362 to i64 %364 = getelementptr i8, i8* %291, i64 %363 %365 = bitcast i8* %364 to i8** %366 = load i8*, i8** %365, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %360, i8* %366) #79 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %142, %219 ] %95 = phi i32 [ 0, %72 ], [ %141, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i1 [ true, %124 ], [ true, %122 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %140 = phi i1 [ false, %124 ], [ false, %122 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %141 = phi i32 [ 1, %124 ], [ 1, %122 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %142 = phi i64 [ %125, %124 ], [ %94, %122 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %143 = phi i32 [ 1, %124 ], [ 1, %122 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %141 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %139, label %163, label %172 br i1 %140, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %139, %140 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #78 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #78 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #78 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #79 ------------- Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 kmem_cache_alloc_node 4 create_task_io_context 5 submit_bio_checks 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.705679*, align 8 store %struct.bio.705679* %0, %struct.bio.705679** %2, align 8 %3 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 1 %4 = load %struct.block_device.705676*, %struct.block_device.705676** %3, align 8 %5 = getelementptr inbounds %struct.block_device.705676, %struct.block_device.705676* %4, i64 0, i32 16 %6 = load %struct.gendisk.705501*, %struct.gendisk.705501** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.705501, %struct.gendisk.705501* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 39 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #78 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 1 %18 = icmp ne i64 %17, 0 %19 = icmp eq i8* %13, null %20 = or i1 %19, %18 %21 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 2 %22 = load i32, i32* %21, align 8 br i1 %20, label %23, label %51, !prof !4, !misexpect !5 %52 = trunc i32 %22 to i8 switch i8 %52, label %55 [ i8 3, label %53 i8 5, label %53 i8 7, label %53 i8 9, label %53 ] call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.705679**)*)(%struct.bio.705679** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.296195* %0) #79 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = tail call i32 @__cond_resched() #78 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.296233* %12 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 4096 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 123 %178 = load %struct.io_context.296155*, %struct.io_context.296155** %177, align 8 %179 = icmp eq %struct.io_context.296155* %178, null br i1 %179, label %180, label %185, !prof !14, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295774*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.296233*, i32, i32)*)(%struct.task_struct.296233* %11, i32 2592, i32 %182) #78 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 %291 = phi i8* [ %265, %264 ], [ %289, %285 ] %292 = phi %struct.kmem_cache_cpu* [ %207, %264 ], [ %286, %285 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %293)) #6 to label %298 [label %293], !srcloc !37 %294 = load i32, i32* %17, align 8 %295 = and i32 %294, 2166016 %296 = icmp eq i32 %295, 0 %297 = load %struct.page*, %struct.page** %10, align 8 br i1 %296, label %303, label %300 %301 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %297, i8* %291, i64 %3) #79 %302 = icmp eq i32 %301, 0 br i1 %302, label %206, label %359 %360 = phi %struct.page* [ %304, %318 ], [ %297, %300 ] %361 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %362 = load i32, i32* %361, align 8 %363 = zext i32 %362 to i64 %364 = getelementptr i8, i8* %291, i64 %363 %365 = bitcast i8* %364 to i8** %366 = load i8*, i8** %365, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %360, i8* %366) #79 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %142, %219 ] %95 = phi i32 [ 0, %72 ], [ %141, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i1 [ true, %124 ], [ true, %122 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %140 = phi i1 [ false, %124 ], [ false, %122 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %141 = phi i32 [ 1, %124 ], [ 1, %122 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %142 = phi i64 [ %125, %124 ], [ %94, %122 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %143 = phi i32 [ 1, %124 ], [ 1, %122 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %141 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %139, label %163, label %172 br i1 %140, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %139, %140 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #78 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #78 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #78 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #79 ------------- Use: =BAD PATH= Call Stack: 0 __free_slab 1 deactivate_slab 2 ___slab_alloc 3 kmem_cache_alloc_node 4 create_task_io_context 5 submit_bio_checks 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.296195*, align 8 store %struct.bio.296195* %0, %struct.bio.296195** %2, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %8 = load %struct.block_device.296192*, %struct.block_device.296192** %7, align 8 %9 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %8, i64 0, i32 16 %10 = load %struct.gendisk.296190*, %struct.gendisk.296190** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.296195**)*)(%struct.bio.296195** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.296195* %0) #79 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = tail call i32 @__cond_resched() #78 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.296233* %12 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 4096 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 123 %178 = load %struct.io_context.296155*, %struct.io_context.296155** %177, align 8 %179 = icmp eq %struct.io_context.296155* %178, null br i1 %179, label %180, label %185, !prof !14, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295774*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.296233*, i32, i32)*)(%struct.task_struct.296233* %11, i32 2592, i32 %182) #78 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 %291 = phi i8* [ %265, %264 ], [ %289, %285 ] %292 = phi %struct.kmem_cache_cpu* [ %207, %264 ], [ %286, %285 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@___slab_alloc, %293)) #6 to label %298 [label %293], !srcloc !37 %294 = load i32, i32* %17, align 8 %295 = and i32 %294, 2166016 %296 = icmp eq i32 %295, 0 %297 = load %struct.page*, %struct.page** %10, align 8 br i1 %296, label %303, label %300 %301 = call fastcc i32 @alloc_debug_processing(%struct.kmem_cache* %0, %struct.page* %297, i8* %291, i64 %3) #79 %302 = icmp eq i32 %301, 0 br i1 %302, label %206, label %359 %360 = phi %struct.page* [ %304, %318 ], [ %297, %300 ] %361 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %362 = load i32, i32* %361, align 8 %363 = zext i32 %362 to i64 %364 = getelementptr i8, i8* %291, i64 %363 %365 = bitcast i8* %364 to i8** %366 = load i8*, i8** %365, align 8 call fastcc void @deactivate_slab(%struct.kmem_cache* %0, %struct.page* %360, i8* %366) #79 Function:deactivate_slab %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 16 %7 = lshr i64 %6, 58 %8 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %7 %9 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %8, align 8 %10 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 2 %11 = bitcast i64* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = icmp eq i8* %2, null br i1 %14, label %72, label %15 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 256 %22 = icmp eq i32 %21, 0 %23 = load i64, i64* @vmemmap_base, align 8 %24 = ptrtoint %struct.page* %1 to i64 %25 = sub i64 %24, %23 %26 = shl i64 %25, 6 %27 = load i64, i64* @page_offset_base, align 8 %28 = add i64 %26, %27 %29 = inttoptr i64 %28 to i8* %30 = and i32 %20, 1024 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 16 %33 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %34 = bitcast i64* %33 to i32* %35 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 br label %36 %37 = phi i32 [ 0, %15 ], [ %71, %70 ] %38 = phi i8* [ null, %15 ], [ %39, %70 ] %39 = phi i8* [ %2, %15 ], [ %42, %70 ] %40 = getelementptr i8, i8* %39, i64 %18 %41 = bitcast i8* %40 to i8** %42 = load i8*, i8** %41, align 8 %43 = icmp eq i8* %42, null %44 = or i1 %43, %22 br i1 %44, label %70, label %45 br i1 %31, label %51, label %46 %47 = load i32, i32* %32, align 8 %48 = zext i32 %47 to i64 %49 = sub nsw i64 0, %48 %50 = getelementptr i8, i8* %42, i64 %49 br label %51 %52 = phi i8* [ %50, %46 ], [ %42, %45 ] %53 = icmp ult i8* %52, %29 br i1 %53, label %69, label %54 %55 = load i32, i32* %34, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 32767 %58 = load i32, i32* %35, align 8 %59 = mul i32 %57, %58 %60 = zext i32 %59 to i64 %61 = getelementptr i8, i8* %29, i64 %60 %62 = icmp ult i8* %52, %61 br i1 %62, label %63, label %69 %64 = ptrtoint i8* %52 to i64 %65 = sub i64 %64, %28 %66 = zext i32 %58 to i64 %67 = srem i64 %65, %66 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 %71 = add i32 %37, 1 br i1 %43, label %72, label %36 %73 = phi i8* [ %38, %69 ], [ null, %3 ], [ %39, %70 ] %74 = phi i32 [ %37, %69 ], [ 0, %3 ], [ %71, %70 ] %75 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %76 = icmp eq i8* %73, null %77 = ptrtoint i8* %73 to i64 %78 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 %79 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 1 %80 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 2 %81 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 0, i32 0, i32 0 %82 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %83 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 1 %84 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0, i32 0 %85 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 0 %86 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 5 %87 = getelementptr inbounds %struct.list_head, %struct.list_head* %86, i64 0, i32 0 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %85, i64 0, i32 0 %89 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2 %90 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %9, i64 0, i32 2, i32 1 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %92 = bitcast i64* %4 to i8* br label %93 %94 = phi i64 [ 0, %72 ], [ %142, %219 ] %95 = phi i32 [ 0, %72 ], [ %141, %219 ] %96 = phi i32 [ 0, %72 ], [ %143, %219 ] %97 = load volatile i8*, i8** %11, align 8 %98 = load volatile i64, i64* %75, align 8 %99 = trunc i64 %98 to i32 %100 = and i64 %98, -4294967296 br i1 %76, label %110, label %101 %111 = phi i8* [ %2, %101 ], [ %97, %93 ] %112 = phi i32 [ %105, %101 ], [ %99, %93 ] %113 = and i32 %112, 2147483647 %114 = and i32 %112, 65535 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %120 %117 = load i64, i64* %79, align 8 %118 = load i64, i64* %80, align 8 %119 = icmp ult i64 %117, %118 br i1 %119, label %120, label %138 %139 = phi i1 [ true, %124 ], [ true, %122 ], [ false, %131 ], [ false, %136 ], [ false, %116 ] %140 = phi i1 [ false, %124 ], [ false, %122 ], [ true, %131 ], [ true, %136 ], [ false, %116 ] %141 = phi i32 [ 1, %124 ], [ 1, %122 ], [ 2, %131 ], [ 2, %136 ], [ 3, %116 ] %142 = phi i64 [ %125, %124 ], [ %94, %122 ], [ %94, %131 ], [ %137, %136 ], [ %94, %116 ] %143 = phi i32 [ 1, %124 ], [ 1, %122 ], [ %96, %131 ], [ 1, %136 ], [ %96, %116 ] %144 = icmp eq i32 %95, %141 br i1 %144, label %180, label %145 switch i32 %95, label %162 [ i32 1, label %146 i32 2, label %153 ] %154 = load i32, i32* %82, align 8 %155 = and i32 %154, 65536 %156 = icmp eq i32 %155, 0 br i1 %156, label %162, label %157 %158 = load %struct.list_head*, %struct.list_head** %83, align 8 %159 = load %struct.list_head*, %struct.list_head** %84, align 8 %160 = getelementptr inbounds %struct.list_head, %struct.list_head* %159, i64 0, i32 1 store %struct.list_head* %158, %struct.list_head** %160, align 8 %161 = getelementptr inbounds %struct.list_head, %struct.list_head* %158, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %161, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %84, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %83, align 8 br label %162 br i1 %139, label %163, label %172 br i1 %140, label %173, label %180 %174 = load i32, i32* %82, align 8 %175 = and i32 %174, 65536 %176 = icmp eq i32 %175, 0 br i1 %176, label %180, label %177 %178 = load %struct.list_head*, %struct.list_head** %87, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %179, align 8 store %struct.list_head* %178, %struct.list_head** %88, align 8 store %struct.list_head* %86, %struct.list_head** %83, align 8 store volatile %struct.list_head* %85, %struct.list_head** %87, align 8 br label %180 %181 = zext i32 %113 to i64 %182 = or i64 %100, %181 %183 = load i32, i32* %82, align 8 %184 = and i32 %183, 1073741824 %185 = icmp eq i32 %184, 0 br i1 %185, label %191, label %186 %187 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %11, i64* %75, i64 16, i8* %111, i64 %182, i8** %11, i64* %75, i8* %97, i64 %98) #6, !srcloc !5 %188 = extractvalue { i8, i8*, i64 } %187, 0 %189 = and i8 %188, 1 %190 = icmp eq i8 %189, 0 br i1 %190, label %219, label %220 %221 = icmp eq i32 %143, 0 br i1 %221, label %223, label %222 %224 = or i1 %139, %140 br i1 %224, label %244, label %225 %226 = load i64, i64* %5, align 16 %227 = lshr i64 %226, 58 %228 = bitcast i64* %75 to i32* %229 = load i32, i32* %228, align 8 %230 = lshr i32 %229, 16 %231 = and i32 %230, 32767 %232 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %227 %233 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %232, align 8 %234 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 3, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %234, i64* %234) #6, !srcloc !18 %235 = zext i32 %231 to i64 %236 = getelementptr inbounds %struct.kmem_cache_node, %struct.kmem_cache_node* %233, i64 0, i32 4, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %236, i64 %235, i64* %236) #6, !srcloc !19 %237 = load i32, i32* %82, align 8 %238 = and i32 %237, 524288 %239 = icmp eq i32 %238, 0 br i1 %239, label %243, label %240, !prof !10, !misexpect !11 call fastcc void @__free_slab(%struct.kmem_cache* %0, %struct.page* %1) #78 Function:__free_slab %3 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 0 %4 = load volatile i64, i64* %3, align 8 %5 = and i64 %4, 65536 %6 = icmp eq i64 %5, 0 br i1 %6, label %13, label %7 %14 = phi i32 [ %12, %7 ], [ 0, %2 ] %15 = shl nuw i32 1, %14 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %16)) #6 to label %70 [label %16], !srcloc !4 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %70, label %21 tail call fastcc void @slab_pad_check(%struct.kmem_cache* %0, %struct.page* %1) #78 %22 = load i64, i64* @vmemmap_base, align 8 %23 = ptrtoint %struct.page* %1 to i64 %24 = sub i64 %23, %22 %25 = shl i64 %24, 6 %26 = load i64, i64* @page_offset_base, align 8 %27 = add i64 %25, %26 %28 = inttoptr i64 %27 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@__free_slab, %29)) #6 to label %38 [label %29], !srcloc !4 %39 = phi i8* [ %37, %33 ], [ %28, %29 ], [ %28, %21 ] %40 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 3 %41 = bitcast i64* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = lshr i32 %42, 16 %44 = and i32 %43, 32767 %45 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 3 %46 = load i32, i32* %45, align 8 %47 = mul i32 %44, %46 %48 = zext i32 %47 to i64 %49 = getelementptr i8, i8* %28, i64 %48 %50 = icmp ult i8* %39, %49 br i1 %50, label %51, label %70 %52 = phi i8* [ %56, %51 ], [ %39, %38 ] %53 = tail call fastcc i32 @check_object(%struct.kmem_cache* %0, %struct.page* %1, i8* %52, i8 zeroext -69) #78 %54 = load i32, i32* %45, align 8 %55 = zext i32 %54 to i64 %56 = getelementptr i8, i8* %52, i64 %55 %57 = load i64, i64* @vmemmap_base, align 8 %58 = sub i64 %23, %57 %59 = shl i64 %58, 6 %60 = load i64, i64* @page_offset_base, align 8 %61 = add i64 %59, %60 %62 = inttoptr i64 %61 to i8* %63 = load i32, i32* %41, align 8 %64 = lshr i32 %63, 16 %65 = and i32 %64, 32767 %66 = mul i32 %65, %54 %67 = zext i32 %66 to i64 %68 = getelementptr i8, i8* %62, i64 %67 %69 = icmp ult i8* %56, %68 br i1 %69, label %51, label %70 %71 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1 %72 = bitcast %union.anon.20* %71 to i64* %73 = load volatile i64, i64* %72, align 8 %74 = and i64 %73, 1 %75 = icmp eq i64 %74, 0 %76 = add i64 %73, -1 %77 = ptrtoint %struct.page* %1 to i64 %78 = select i1 %75, i64 %77, i64 %76, !prof !5 %79 = inttoptr i64 %78 to %struct.page* %80 = getelementptr inbounds %struct.page, %struct.page* %79, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %80, i64 5) #6, !srcloc !6 %81 = load volatile i64, i64* %72, align 8 %82 = and i64 %81, 1 %83 = icmp eq i64 %82, 0 %84 = add i64 %81, -1 %85 = select i1 %83, i64 %77, i64 %84, !prof !5 %86 = inttoptr i64 %85 to %struct.page* %87 = getelementptr inbounds %struct.page, %struct.page* %86, i64 0, i32 0 tail call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %87, i64 9) #6, !srcloc !6 %88 = getelementptr inbounds %struct.page, %struct.page* %1, i64 0, i32 1, i32 0, i32 1 %89 = bitcast %struct.address_space** %88 to %struct.kmem_cache** store %struct.kmem_cache* null, %struct.kmem_cache** %89, align 8 %90 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %91 = inttoptr i64 %90 to %struct.task_struct* %92 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %91, i64 0, i32 121 %93 = load %struct.reclaim_state*, %struct.reclaim_state** %92, align 8 %94 = icmp eq %struct.reclaim_state* %93, null br i1 %94, label %100, label %95 %101 = load i64, i64* %3, align 16 %102 = lshr i64 %101, 58 %103 = getelementptr [0 x %struct.pglist_data*], [0 x %struct.pglist_data*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data*]*), i64 0, i64 %102 %104 = load %struct.pglist_data*, %struct.pglist_data** %103, align 8 %105 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 131072 %108 = icmp eq i32 %107, 0 %109 = select i1 %108, i32 6, i32 5 %110 = zext i32 %14 to i64 %111 = shl i64 -4096, %110 tail call void bitcast (void (%struct.pglist_data.124547*, i32, i64)* @mod_node_page_state to void (%struct.pglist_data*, i32, i64)*)(%struct.pglist_data* %104, i32 %109, i64 %111) #79 ------------- Good: 1170 Bad: 10 Ignored: 1219 Check Use of Function:isolate_lru_page Check Use of Function:unpin_user_pages Check Use of Function:i915_driver_open Check Use of Function:putback_movable_pages Check Use of Function:compat_put_bitmap Check Use of Function:find_extend_vma Use: =BAD PATH= Call Stack: 0 __get_user_pages 1 faultin_vma_page_range 2 madvise_populate 3 do_madvise 4 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86, i32 %3) #78 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #78 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #78 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #78 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %223, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #78 ------------- Use: =BAD PATH= Call Stack: 0 __get_user_pages 1 faultin_vma_page_range 2 madvise_populate 3 do_madvise 4 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86, i32 %3) #78 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #78 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #78 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #78 Function:__get_user_pages %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.vm_area_struct*, align 8 %11 = alloca %struct.follow_page_context, align 8 store i64 %1, i64* %8, align 8 store i64 %2, i64* %9, align 8 %12 = bitcast %struct.vm_area_struct** %10 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %10, align 8 %13 = bitcast %struct.follow_page_context* %11 to i8* %14 = icmp eq i64 %2, 0 br i1 %14, label %223, label %15 %16 = shl i32 %3, 5 %17 = and i32 %16, 512 %18 = xor i32 %17, 512 %19 = or i32 %18, %3 %20 = zext i32 %19 to i64 %21 = icmp eq i32* %6, null %22 = icmp eq %struct.page** %4, null %23 = getelementptr inbounds %struct.follow_page_context, %struct.follow_page_context* %11, i64 0, i32 1 %24 = icmp eq %struct.vm_area_struct** %5, null %25 = bitcast %struct.vm_area_struct** %10 to i64* br label %26 %27 = phi %struct.vm_area_struct* [ null, %15 ], [ %191, %190 ] %28 = phi i64 [ 0, %15 ], [ %187, %190 ] %29 = phi i64 [ 0, %15 ], [ %188, %190 ] %30 = icmp eq %struct.vm_area_struct* %27, null %31 = load i64, i64* %8, align 8 br i1 %30, label %36, label %32 %37 = call %struct.vm_area_struct* @find_extend_vma(%struct.mm_struct* %0, i64 %31) #78 ------------- Good: 38 Bad: 2 Ignored: 27 Check Use of Function:iov_iter_advance Use: =BAD PATH= Call Stack: 0 write_iter_null ------------- Path:  Function:write_iter_null %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 tail call void @iov_iter_advance(%struct.iov_iter* %1, i64 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 write_iter_null ------------- Path:  Function:write_iter_null %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 tail call void @iov_iter_advance(%struct.iov_iter* %1, i64 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %93 = icmp slt i32 %83, 0 br i1 %93, label %94, label %98 store i32 %12, i32* %11, align 8 %95 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 3 store i64 0, i64* %95, align 8 call void @iov_iter_advance(%struct.iov_iter* nonnull %6, i64 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %93 = icmp slt i32 %83, 0 br i1 %93, label %94, label %98 store i32 %12, i32* %11, align 8 %95 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 3 store i64 0, i64* %95, align 8 call void @iov_iter_advance(%struct.iov_iter* nonnull %6, i64 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read 1 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*, i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.155109*, i64*, %struct.pipe_inode_info.155195*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273585*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*)(%struct.file.273585* %0, i64* %1, %struct.pipe_inode_info.273524* %2, i64 %3, i32 %4) #78 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %93 = icmp slt i32 %83, 0 br i1 %93, label %94, label %98 store i32 %12, i32* %11, align 8 %95 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 3 store i64 0, i64* %95, align 8 call void @iov_iter_advance(%struct.iov_iter* nonnull %6, i64 0) #78 ------------- Good: 52 Bad: 5 Ignored: 58 Check Use of Function:__get_user_pages Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86, i32 %3) #78 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #78 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #78 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86, i32 %3) #78 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #78 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #78 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %16 %13 = sub i64 %2, %1 %14 = lshr i64 %13, 12 %15 = tail call fastcc i64 @__get_user_pages(%struct.mm_struct* %7, i64 %1, i64 %14, i32 %8, %struct.page** null, %struct.vm_area_struct** null, i32* %4) #78 ------------- Good: 58 Bad: 2 Ignored: 41 Check Use of Function:in_gate_area Check Use of Function:get_gate_page Check Use of Function:check_vma_flags Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86, i32 %3) #78 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #78 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #78 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 faultin_vma_page_range 1 madvise_populate 2 do_madvise 3 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %208 = call fastcc i64 @madvise_populate(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86, i32 %3) #78 Function:madvise_populate %6 = alloca i32, align 4 %7 = icmp eq i32 %4, 23 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 8 %10 = bitcast i32* %6 to i8* store i32 1, i32* %6, align 4 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %11 = icmp ult i64 %2, %3 br i1 %11, label %12, label %58 %13 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 17 br label %14 %15 = phi %struct.vm_area_struct* [ %0, %12 ], [ %46, %54 ] %16 = phi i64 [ %2, %12 ], [ %56, %54 ] %17 = icmp eq %struct.vm_area_struct* %15, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %15, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %16, %20 br i1 %21, label %32, label %22 %23 = call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %9, i64 %16) #78 %24 = icmp eq %struct.vm_area_struct* %23, null br i1 %24, label %58, label %25 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp ult i64 %16, %27 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %23, i64 0, i32 1 %31 = load i64, i64* %30, align 8 br label %32 %33 = phi i64 [ %31, %29 ], [ %20, %18 ] %34 = phi %struct.vm_area_struct* [ %23, %29 ], [ %15, %18 ] %35 = icmp ugt i64 %33, %3 %36 = select i1 %35, i64 %3, i64 %33 %37 = call i64 @faultin_vma_page_range(%struct.vm_area_struct* nonnull %34, i64 %16, i64 %36, i1 zeroext %7, i32* nonnull %6) #78 Function:faultin_vma_page_range %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = select i1 %3, i32 4419, i32 4418 %9 = zext i32 %8 to i64 %10 = tail call fastcc i32 @check_vma_flags(%struct.vm_area_struct* %0, i64 %9) #78 ------------- Good: 7 Bad: 2 Ignored: 10 Check Use of Function:follow_hugetlb_page Check Use of Function:__init_rwsem Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_sys_make_inode 4 proc_sys_lookup ------------- Path:  Function:proc_sys_lookup %4 = alloca %struct.ctl_table_header*, align 8 %5 = alloca %struct.ctl_table*, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 2 %8 = bitcast %struct.list_head* %7 to %struct.ctl_table_header** %9 = load %struct.ctl_table_header*, %struct.ctl_table_header** %8, align 8 %10 = icmp eq %struct.ctl_table_header* %9, null %11 = select i1 %10, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %9 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %12 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %11, i64 0, i32 1 %13 = load %struct.completion*, %struct.completion** %12, align 8 %14 = icmp eq %struct.completion* %13, null br i1 %14, label %15, label %19, !prof !4, !misexpect !5 %20 = phi %struct.ctl_table_header* [ %11, %15 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = bitcast %struct.ctl_table_header** %4 to i8* store %struct.ctl_table_header* null, %struct.ctl_table_header** %4, align 8 %22 = bitcast %struct.ctl_table** %5 to i8* store %struct.ctl_table* null, %struct.ctl_table** %5, align 8 %23 = icmp ugt %struct.ctl_table_header* %20, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %23, label %24, label %26 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %28 = load i8*, i8** %27, align 8 %29 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %30 = bitcast %struct.anon.1* %29 to %struct.util_est* %31 = getelementptr inbounds %struct.util_est, %struct.util_est* %30, i64 0, i32 1 %32 = load i32, i32* %31, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %33 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %20, i64 1 %34 = bitcast %struct.ctl_table_header* %33 to %struct.rb_node** %35 = load %struct.rb_node*, %struct.rb_node** %34, align 8 %36 = icmp eq %struct.rb_node* %35, null br i1 %36, label %85, label %37 %38 = phi %struct.rb_node* [ %71, %69 ], [ %35, %26 ] %39 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %38, i64 1 %40 = bitcast %struct.rb_node* %39 to %struct.ctl_table_header** %41 = load %struct.ctl_table_header*, %struct.ctl_table_header** %40, align 8 %42 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 0, i32 0, i32 0 %43 = load %struct.ctl_table*, %struct.ctl_table** %42, align 8 %44 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 6 %45 = bitcast %struct.ctl_node** %44 to i64* %46 = load i64, i64* %45, align 8 %47 = ptrtoint %struct.rb_node* %38 to i64 %48 = sub i64 %47, %46 %49 = ashr exact i64 %48, 5 %50 = getelementptr %struct.ctl_table, %struct.ctl_table* %43, i64 %49 %51 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %50, i64 0, i32 0 %52 = load i8*, i8** %51, align 8 %53 = tail call i64 @strlen(i8* %52) #78 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %32, %54 %56 = select i1 %55, i32 %32, i32 %54 %57 = sext i32 %56 to i64 %58 = tail call i32 @memcmp(i8* %28, i8* %52, i64 %57) #78 %59 = icmp eq i32 %58, 0 %60 = sub i32 %32, %54 %61 = select i1 %59, i32 %60, i32 %58 %62 = icmp slt i32 %61, 0 br i1 %62, label %63, label %65 %66 = icmp eq i32 %61, 0 br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %38, i64 0, i32 1 br label %69 %70 = phi %struct.rb_node** [ %64, %63 ], [ %68, %67 ] %71 = load %struct.rb_node*, %struct.rb_node** %70, align 8 %72 = icmp eq %struct.rb_node* %71, null br i1 %72, label %85, label %37 %86 = phi %struct.ctl_table_header* [ %41, %80 ], [ null, %73 ], [ null, %26 ], [ null, %76 ], [ null, %69 ] %87 = phi %struct.ctl_table* [ %50, %80 ], [ null, %73 ], [ null, %26 ], [ null, %76 ], [ null, %69 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store %struct.ctl_table* %87, %struct.ctl_table** %5, align 8 %88 = icmp eq %struct.ctl_table* %87, null br i1 %88, label %117, label %89 %90 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %87, i64 0, i32 3 %91 = load i16, i16* %90, align 4 %92 = and i16 %91, -4096 %93 = icmp eq i16 %92, -24576 br i1 %93, label %94, label %104 %95 = call fastcc i32 @sysctl_follow_link(%struct.ctl_table_header** nonnull %4, %struct.ctl_table** nonnull %5) #79 %96 = icmp eq i32 %95, 0 br i1 %96, label %101, label %97 %102 = load %struct.ctl_table_header*, %struct.ctl_table_header** %4, align 8 %103 = load %struct.ctl_table*, %struct.ctl_table** %5, align 8 br label %104 %105 = phi %struct.ctl_table_header* [ %102, %101 ], [ %86, %89 ] %106 = phi %struct.ctl_table* [ %103, %101 ], [ %87, %89 ] %107 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %108 = load %struct.super_block*, %struct.super_block** %107, align 8 %109 = icmp eq %struct.ctl_table_header* %105, null %110 = select i1 %109, %struct.ctl_table_header* %20, %struct.ctl_table_header* %105 %111 = tail call fastcc %struct.inode* @proc_sys_make_inode(%struct.super_block* %108, %struct.ctl_table_header* %110, %struct.ctl_table* %106) #79 Function:proc_sys_make_inode %4 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %1, i64 0, i32 3 %5 = load %struct.ctl_table_root*, %struct.ctl_table_root** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_pid_make_inode 4 proc_pid_instantiate 5 proc_pid_lookup 6 proc_root_lookup ------------- Path:  Function:proc_root_lookup %4 = tail call %struct.dentry* bitcast (%struct.dentry.177444* (%struct.dentry.177444*, i32)* @proc_pid_lookup to %struct.dentry* (%struct.dentry*, i32)*)(%struct.dentry* %1, i32 %2) #78 Function:proc_pid_lookup %3 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %0, i64 0, i32 4 %4 = tail call i32 @name_to_int(%struct.qstr* %3) #78 %5 = icmp eq i32 %4, -1 br i1 %5, label %46, label %6 %7 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %0, i64 0, i32 9 %8 = load %struct.super_block.177439*, %struct.super_block.177439** %7, align 8 %9 = getelementptr inbounds %struct.super_block.177439, %struct.super_block.177439* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.proc_fs_info.177609** %11 = load %struct.proc_fs_info.177609*, %struct.proc_fs_info.177609** %10, align 16 %12 = getelementptr inbounds %struct.proc_fs_info.177609, %struct.proc_fs_info.177609* %11, i64 0, i32 0 %13 = load %struct.pid_namespace.177246*, %struct.pid_namespace.177246** %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.177581* (i32, %struct.pid_namespace.177246*)*)(i32 %4, %struct.pid_namespace.177246* %13) #78 %15 = icmp eq %struct.task_struct.177581* %14, null br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.task_struct.177581, %struct.task_struct.177581* %14, i64 0, i32 3 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !5 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !6, !misexpect !7 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !8, !misexpect !7 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #78 br label %27 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %28 = getelementptr inbounds %struct.proc_fs_info.177609, %struct.proc_fs_info.177609* %11, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 4 br i1 %30, label %31, label %33 %32 = tail call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @ptrace_may_access to i1 (%struct.task_struct.177581*, i32)*)(%struct.task_struct.177581* nonnull %14, i32 9) #78 br i1 %32, label %33, label %35 %34 = tail call %struct.dentry.177444* @proc_pid_instantiate(%struct.dentry.177444* %0, %struct.task_struct.177581* nonnull %14, i8* null) #79 Function:proc_pid_instantiate %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %0, i64 0, i32 9 %5 = load %struct.super_block.177439*, %struct.super_block.177439** %4, align 8 %6 = tail call %struct.inode.177454* @proc_pid_make_inode(%struct.super_block.177439* %5, %struct.task_struct.177581* %1, i16 zeroext 16749) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_pid_make_inode 4 proc_ns_dir_lookup ------------- Path:  Function:proc_ns_dir_lookup %4 = getelementptr %struct.inode.182601, %struct.inode.182601* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.182349** %6 = load %struct.pid.182349*, %struct.pid.182349** %5, align 8 %7 = tail call %struct.task_struct.182540* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.182540* (%struct.pid.182349*, i32)*)(%struct.pid.182349* %6, i32 0) #78 %8 = icmp eq %struct.task_struct.182540* %7, null br i1 %8, label %58, label %9 %10 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 4 %11 = bitcast %struct.qstr* %10 to %struct.util_est* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %11, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 4, i32 1 %15 = zext i32 %13 to i64 br label %16 %17 = phi %struct.proc_ns_operations.182542** [ getelementptr inbounds ([9 x %struct.proc_ns_operations.182542*], [9 x %struct.proc_ns_operations.182542*]* @ns_entries, i64 0, i64 0), %9 ], [ %28, %27 ] %18 = load %struct.proc_ns_operations.182542*, %struct.proc_ns_operations.182542** %17, align 8 %19 = getelementptr inbounds %struct.proc_ns_operations.182542, %struct.proc_ns_operations.182542* %18, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = tail call i64 @strlen(i8* %20) #79 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %27 %24 = load i8*, i8** %14, align 8 %25 = tail call i32 @bcmp(i8* %24, i8* %20, i64 %15) %26 = icmp eq i32 %25, 0 br i1 %26, label %30, label %27 %31 = phi %struct.proc_ns_operations.182542** [ %17, %23 ], [ %28, %27 ] %32 = icmp eq %struct.proc_ns_operations.182542** %31, getelementptr inbounds ([9 x %struct.proc_ns_operations.182542*], [9 x %struct.proc_ns_operations.182542*]* @ns_entries, i64 1, i64 0) br i1 %32, label %46, label %33 %34 = bitcast %struct.proc_ns_operations.182542** %31 to i64* %35 = load i64, i64* %34, align 8 %36 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 9 %37 = load %struct.super_block.182587*, %struct.super_block.182587** %36, align 8 %38 = tail call %struct.inode.182601* bitcast (%struct.inode.177454* (%struct.super_block.177439*, %struct.task_struct.177581*, i16)* @proc_pid_make_inode to %struct.inode.182601* (%struct.super_block.182587*, %struct.task_struct.182540*, i16)*)(%struct.super_block.182587* %37, %struct.task_struct.182540* nonnull %7, i16 zeroext -24065) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_pid_make_inode 4 proc_lookupfdinfo ------------- Path:  Function:proc_lookupfdinfo %4 = getelementptr %struct.inode.178653, %struct.inode.178653* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.178552** %6 = load %struct.pid.178552*, %struct.pid.178552** %5, align 8 %7 = tail call %struct.task_struct.178624* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178624* (%struct.pid.178552*, i32)*)(%struct.pid.178552* %6, i32 0) #78 %8 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %1, i64 0, i32 4 %9 = tail call i32 @name_to_int(%struct.qstr* %8) #78 %10 = icmp eq %struct.task_struct.178624* %7, null br i1 %10, label %46, label %11 %12 = icmp eq i32 %9, -1 br i1 %12, label %34, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = tail call %struct.file.178662* bitcast (%struct.file* (%struct.task_struct*, i32)* @task_lookup_fd_rcu to %struct.file.178662* (%struct.task_struct.178624*, i32)*)(%struct.task_struct.178624* nonnull %7, i32 %9) #78 %15 = icmp eq %struct.file.178662* %14, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 tail call void @rcu_read_unlock_strict() #78 br i1 %15, label %34, label %16 %17 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %1, i64 0, i32 9 %18 = load %struct.super_block.178635*, %struct.super_block.178635** %17, align 8 %19 = tail call %struct.inode.178653* bitcast (%struct.inode.177454* (%struct.super_block.177439*, %struct.task_struct.177581*, i16)* @proc_pid_make_inode to %struct.inode.178653* (%struct.super_block.178635*, %struct.task_struct.178624*, i16)*)(%struct.super_block.178635* %18, %struct.task_struct.178624* nonnull %7, i16 zeroext -32476) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_pid_make_inode 4 proc_fd_instantiate 5 proc_lookupfd ------------- Path:  Function:proc_lookupfd %4 = alloca i64, align 8 %5 = bitcast i64* %4 to %struct.util_est* %6 = getelementptr %struct.inode.178653, %struct.inode.178653* %0, i64 -1, i32 41, i32 13 %7 = bitcast %struct.list_head* %6 to %struct.pid.178552** %8 = load %struct.pid.178552*, %struct.pid.178552** %7, align 8 %9 = tail call %struct.task_struct.178624* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178624* (%struct.pid.178552*, i32)*)(%struct.pid.178552* %8, i32 0) #78 %10 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %11 = bitcast i64* %4 to i32* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %13 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %1, i64 0, i32 4 %14 = tail call i32 @name_to_int(%struct.qstr* %13) #78 store i32 %14, i32* %12, align 4 %15 = icmp eq %struct.task_struct.178624* %9, null br i1 %15, label %38, label %16 %17 = icmp eq i32 %14, -1 br i1 %17, label %26, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = tail call %struct.file.178662* bitcast (%struct.file* (%struct.task_struct*, i32)* @task_lookup_fd_rcu to %struct.file.178662* (%struct.task_struct.178624*, i32)*)(%struct.task_struct.178624* nonnull %9, i32 %14) #78 %20 = icmp eq %struct.file.178662* %19, null br i1 %20, label %25, label %21 %22 = getelementptr inbounds %struct.file.178662, %struct.file.178662* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 store i32 %23, i32* %11, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %24 = call %struct.dentry.178657* @proc_fd_instantiate(%struct.dentry.178657* %1, %struct.task_struct.178624* nonnull %9, i8* nonnull %10) #78, !callees !6 Function:proc_fd_instantiate %4 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %0, i64 0, i32 9 %5 = load %struct.super_block.178635*, %struct.super_block.178635** %4, align 8 %6 = tail call %struct.inode.178653* bitcast (%struct.inode.177454* (%struct.super_block.177439*, %struct.task_struct.177581*, i16)* @proc_pid_make_inode to %struct.inode.178653* (%struct.super_block.178635*, %struct.task_struct.178624*, i16)*)(%struct.super_block.178635* %5, %struct.task_struct.178624* %1, i16 zeroext -24576) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_create ------------- Path:  Function:ramfs_create %6 = or i16 %3, -32768 %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %8, %struct.inode* %1, i16 zeroext %6, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_symlink ------------- Path:  Function:ramfs_symlink %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext -24065, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_mkdir ------------- Path:  Function:ramfs_mkdir %5 = or i16 %3, 16384 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_mknod ------------- Path:  Function:ramfs_mknod %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %3, i32 %4) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_tmpfile ------------- Path:  Function:ramfs_tmpfile %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext %3, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 autofs_get_inode 4 autofs_dir_mkdir ------------- Path:  Function:autofs_dir_mkdir %5 = getelementptr inbounds %struct.inode.262604, %struct.inode.262604* %1, i64 0, i32 8 %6 = load %struct.super_block.262585*, %struct.super_block.262585** %5, align 8 %7 = getelementptr inbounds %struct.super_block.262585, %struct.super_block.262585* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.autofs_sb_info.262615** %9 = load %struct.autofs_sb_info.262615*, %struct.autofs_sb_info.262615** %8, align 16 %10 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %2, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.autofs_info.262616** %12 = load %struct.autofs_info.262616*, %struct.autofs_info.262616** %11, align 8 %13 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %9, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 1 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %102 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.262573** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.262573**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.262573* %20 = getelementptr inbounds %struct.task_struct.262573, %struct.task_struct.262573* %19, i64 0, i32 95 %21 = load %struct.signal_struct.262502*, %struct.signal_struct.262502** %20, align 32 %22 = getelementptr %struct.signal_struct.262502, %struct.signal_struct.262502* %21, i64 0, i32 21, i64 2 %23 = load %struct.pid*, %struct.pid** %22, align 8 %24 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %9, i64 0, i32 3 %25 = load %struct.pid*, %struct.pid** %24, align 8 %26 = icmp eq %struct.pid* %23, %25 br i1 %26, label %27, label %102 %28 = icmp eq %struct.autofs_info.262616* %12, null br i1 %28, label %29, label %30, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.autofs_info*)* @autofs_clean_ino to void (%struct.autofs_info.262616*)*)(%struct.autofs_info.262616* nonnull %12) #78 %31 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %2, i64 0, i32 9 %32 = load %struct.super_block.262585*, %struct.super_block.262585** %31, align 8 %33 = getelementptr inbounds %struct.super_block.262585, %struct.super_block.262585* %32, i64 0, i32 28 %34 = bitcast i8** %33 to %struct.autofs_sb_info.262615** %35 = load %struct.autofs_sb_info.262615*, %struct.autofs_sb_info.262615** %34, align 16 %36 = load %struct.autofs_info.262616*, %struct.autofs_info.262616** %11, align 8 %37 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %35, i64 0, i32 16 %38 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %37, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #78 %39 = getelementptr inbounds %struct.autofs_info.262616, %struct.autofs_info.262616* %36, i64 0, i32 4 %40 = getelementptr inbounds %struct.autofs_info.262616, %struct.autofs_info.262616* %36, i64 0, i32 4, i32 1 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 1 store %struct.list_head* %41, %struct.list_head** %44, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 0 store volatile %struct.list_head* %43, %struct.list_head** %45, align 8 store volatile %struct.list_head* %39, %struct.list_head** %42, align 8 store volatile %struct.list_head* %39, %struct.list_head** %40, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %46 = bitcast %struct.spinlock* %37 to i8* store volatile i8 0, i8* %46, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %47 = load %struct.super_block.262585*, %struct.super_block.262585** %5, align 8 %48 = or i16 %3, 16384 %49 = tail call %struct.inode.262604* bitcast (%struct.inode* (%struct.super_block*, i16)* @autofs_get_inode to %struct.inode.262604* (%struct.super_block.262585*, i16)*)(%struct.super_block.262585* %47, i16 zeroext %48) #78 Function:autofs_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_get_inode 4 proc_lookup_de 5 proc_tgid_net_lookup ------------- Path:  Function:proc_tgid_net_lookup %4 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %0) #78 %5 = icmp eq %struct.net* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.net, %struct.net* %4, i64 0, i32 16 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 32 %9 = tail call %struct.dentry* @proc_lookup_de(%struct.inode* %0, %struct.dentry* %1, %struct.proc_dir_entry* %8) #79 Function:proc_lookup_de tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %7 = bitcast %struct.anon.1* %6 to %struct.util_est* %8 = getelementptr inbounds %struct.util_est, %struct.util_est* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18, i32 0 %11 = load %struct.rb_node*, %struct.rb_node** %10, align 8 %12 = icmp eq %struct.rb_node* %11, null br i1 %12, label %66, label %13 %14 = zext i32 %9 to i64 br label %15 %16 = phi %struct.rb_node* [ %11, %13 ], [ %39, %37 ] %17 = getelementptr %struct.rb_node, %struct.rb_node* %16, i64 -6, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %19 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %18, i64 0, i32 23 %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i32 %22 = icmp ult i32 %9, %21 br i1 %22, label %31, label %23 %24 = icmp ugt i32 %9, %21 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %17, i64 20 %27 = bitcast %struct.rb_node** %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @memcmp(i8* %5, i8* %28, i64 %14) #78 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %33 %34 = icmp eq i32 %29, 0 br i1 %34, label %41, label %35 %42 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %43 = icmp eq %struct.rb_node** %17, null br i1 %43, label %66, label %44 %45 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %42, i64 0, i32 1 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %45, i64 0, i32 0, i32 0 %47 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 1, i32* %46) #6, !srcloc !4 %48 = icmp eq i32 %47, 0 br i1 %48, label %53, label %49, !prof !5, !misexpect !6 %50 = add i32 %47, 1 %51 = or i32 %50, %47 %52 = icmp sgt i32 %51, -1 br i1 %52, label %55, label %53, !prof !7, !misexpect !6 %54 = phi i32 [ 2, %44 ], [ 1, %49 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 %54) #78 br label %55 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %57 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %58 = load %struct.super_block*, %struct.super_block** %57, align 8 %59 = tail call %struct.inode* @proc_get_inode(%struct.super_block* %58, %struct.proc_dir_entry* nonnull %42) #78 Function:proc_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_get_inode 4 proc_lookup_de 5 proc_lookup ------------- Path:  Function:proc_lookup %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.proc_fs_info** %8 = load %struct.proc_fs_info*, %struct.proc_fs_info** %7, align 16 %9 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %8, i64 0, i32 5 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 br i1 %11, label %18, label %12 %13 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 1, i32 1 %15 = bitcast %struct.list_head** %14 to %struct.proc_dir_entry** %16 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %15, align 8 %17 = tail call %struct.dentry* @proc_lookup_de(%struct.inode* %0, %struct.dentry* %1, %struct.proc_dir_entry* %16) #78 Function:proc_lookup_de tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %7 = bitcast %struct.anon.1* %6 to %struct.util_est* %8 = getelementptr inbounds %struct.util_est, %struct.util_est* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18, i32 0 %11 = load %struct.rb_node*, %struct.rb_node** %10, align 8 %12 = icmp eq %struct.rb_node* %11, null br i1 %12, label %66, label %13 %14 = zext i32 %9 to i64 br label %15 %16 = phi %struct.rb_node* [ %11, %13 ], [ %39, %37 ] %17 = getelementptr %struct.rb_node, %struct.rb_node* %16, i64 -6, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %19 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %18, i64 0, i32 23 %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i32 %22 = icmp ult i32 %9, %21 br i1 %22, label %31, label %23 %24 = icmp ugt i32 %9, %21 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %17, i64 20 %27 = bitcast %struct.rb_node** %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @memcmp(i8* %5, i8* %28, i64 %14) #78 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %33 %34 = icmp eq i32 %29, 0 br i1 %34, label %41, label %35 %42 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %43 = icmp eq %struct.rb_node** %17, null br i1 %43, label %66, label %44 %45 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %42, i64 0, i32 1 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %45, i64 0, i32 0, i32 0 %47 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 1, i32* %46) #6, !srcloc !4 %48 = icmp eq i32 %47, 0 br i1 %48, label %53, label %49, !prof !5, !misexpect !6 %50 = add i32 %47, 1 %51 = or i32 %50, %47 %52 = icmp sgt i32 %51, -1 br i1 %52, label %55, label %53, !prof !7, !misexpect !6 %54 = phi i32 [ 2, %44 ], [ 1, %49 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 %54) #78 br label %55 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %57 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %58 = load %struct.super_block*, %struct.super_block** %57, align 8 %59 = tail call %struct.inode* @proc_get_inode(%struct.super_block* %58, %struct.proc_dir_entry* nonnull %42) #78 Function:proc_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 mqueue_get_inode 4 mqueue_create_attr 5 mqueue_create ------------- Path:  Function:mqueue_create %6 = tail call i32 @mqueue_create_attr(%struct.dentry* %2, i16 zeroext %3, i8* null) #78 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #78 %9 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace** %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 16 %14 = icmp eq %struct.ipc_namespace* %13, null br i1 %14, label %65, label %15 %16 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 24, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #78 br label %26 %27 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 15 %28 = load i32, i32* %27, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 16 %30 = load i32, i32* %29, align 4 %31 = icmp ult i32 %28, %30 br i1 %31, label %36, label %32 %33 = tail call zeroext i1 @capable(i32 24) #78 br i1 %33, label %34, label %65 %35 = load i32, i32* %27, align 8 br label %36 %37 = phi i32 [ %35, %34 ], [ %28, %26 ] %38 = add i32 %37, 1 store i32 %38, i32* %27, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %39 = load %struct.super_block*, %struct.super_block** %9, align 8 %40 = tail call fastcc %struct.inode* @mqueue_get_inode(%struct.super_block* %39, %struct.ipc_namespace* nonnull %13, i16 zeroext %1, %struct.mq_attr* %8) #79 Function:mqueue_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %270, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %270 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 105 %29 = load %struct.audit_context*, %struct.audit_context** %28, align 64 %30 = icmp eq %struct.audit_context* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %23, 0 br i1 %36, label %83, label %37 %38 = zext i8 %23 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %84) #78 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %18, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %8, label %267 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %257 ] %94 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %95 = load i32, i32* %94, align 8 %96 = call i32 @__sys_socket(i32 %90, i32 %92, i32 %95) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __se_sys_socketcall 5 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #78 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %44 = trunc i64 %40 to i32 %45 = trunc i64 %42 to i32 %46 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %47 = load i64, i64* %46, align 16 %48 = trunc i64 %47 to i32 %49 = call i32 @__sys_socket(i32 %44, i32 %45, i32 %48) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __se_sys_socketcall 5 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #78 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %44 = trunc i64 %40 to i32 %45 = trunc i64 %42 to i32 %46 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %47 = load i64, i64* %46, align 16 %48 = trunc i64 %47 to i32 %49 = call i32 @__sys_socket(i32 %44, i32 %45, i32 %48) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __ia32_sys_socket ------------- Path:  Function:__ia32_sys_socket %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call i32 @__sys_socket(i32 %8, i32 %9, i32 %10) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __x64_sys_socket ------------- Path:  Function:__x64_sys_socket %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call i32 @__sys_socket(i32 %8, i32 %9, i32 %10) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 create_pipe_files 3 __do_pipe_flags 4 do_pipe2 5 __ia32_sys_pipe ------------- Path:  Function:__ia32_sys_pipe %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i32* %6 = tail call fastcc i32 @do_pipe2(i32* %5, i32 0) #78 Function:do_pipe2 %3 = alloca [2 x %struct.file*], align 16 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to [2 x i32]* %6 = bitcast [2 x %struct.file*]* %3 to i8* %7 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %8 = bitcast i64* %4 to i32* %9 = getelementptr inbounds [2 x %struct.file*], [2 x %struct.file*]* %3, i64 0, i64 0 %10 = call fastcc i32 @__do_pipe_flags(i32* nonnull %8, %struct.file** nonnull %9, i32 %1) #78 Function:__do_pipe_flags %4 = and i32 %2, -542849 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %34 %7 = tail call i32 @create_pipe_files(%struct.file** %1, i32 %2) #78 Function:create_pipe_files %3 = load %struct.vfsmount*, %struct.vfsmount** @pipe_mnt, align 8 %4 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %3, i64 0, i32 1 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %5) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 create_pipe_files 3 __do_pipe_flags 4 do_pipe2 5 __x64_sys_pipe ------------- Path:  Function:__x64_sys_pipe %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i32** %4 = load i32*, i32** %3, align 8 %5 = tail call fastcc i32 @do_pipe2(i32* %4, i32 0) #78 Function:do_pipe2 %3 = alloca [2 x %struct.file*], align 16 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to [2 x i32]* %6 = bitcast [2 x %struct.file*]* %3 to i8* %7 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %8 = bitcast i64* %4 to i32* %9 = getelementptr inbounds [2 x %struct.file*], [2 x %struct.file*]* %3, i64 0, i64 0 %10 = call fastcc i32 @__do_pipe_flags(i32* nonnull %8, %struct.file** nonnull %9, i32 %1) #78 Function:__do_pipe_flags %4 = and i32 %2, -542849 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %34 %7 = tail call i32 @create_pipe_files(%struct.file** %1, i32 %2) #78 Function:create_pipe_files %3 = load %struct.vfsmount*, %struct.vfsmount** @pipe_mnt, align 8 %4 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %3, i64 0, i32 1 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %5) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 create_pipe_files 3 __do_pipe_flags 4 do_pipe2 5 __ia32_sys_pipe2 ------------- Path:  Function:__ia32_sys_pipe2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = inttoptr i64 %4 to i32* %8 = trunc i64 %6 to i32 %9 = tail call fastcc i32 @do_pipe2(i32* %7, i32 %8) #78 Function:do_pipe2 %3 = alloca [2 x %struct.file*], align 16 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to [2 x i32]* %6 = bitcast [2 x %struct.file*]* %3 to i8* %7 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %8 = bitcast i64* %4 to i32* %9 = getelementptr inbounds [2 x %struct.file*], [2 x %struct.file*]* %3, i64 0, i64 0 %10 = call fastcc i32 @__do_pipe_flags(i32* nonnull %8, %struct.file** nonnull %9, i32 %1) #78 Function:__do_pipe_flags %4 = and i32 %2, -542849 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %34 %7 = tail call i32 @create_pipe_files(%struct.file** %1, i32 %2) #78 Function:create_pipe_files %3 = load %struct.vfsmount*, %struct.vfsmount** @pipe_mnt, align 8 %4 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %3, i64 0, i32 1 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %5) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 create_pipe_files 3 __do_pipe_flags 4 do_pipe2 5 __x64_sys_pipe2 ------------- Path:  Function:__x64_sys_pipe2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i32** %4 = load i32*, i32** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %6 to i32 %8 = tail call fastcc i32 @do_pipe2(i32* %4, i32 %7) #78 Function:do_pipe2 %3 = alloca [2 x %struct.file*], align 16 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to [2 x i32]* %6 = bitcast [2 x %struct.file*]* %3 to i8* %7 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %8 = bitcast i64* %4 to i32* %9 = getelementptr inbounds [2 x %struct.file*], [2 x %struct.file*]* %3, i64 0, i64 0 %10 = call fastcc i32 @__do_pipe_flags(i32* nonnull %8, %struct.file** nonnull %9, i32 %1) #78 Function:__do_pipe_flags %4 = and i32 %2, -542849 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %34 %7 = tail call i32 @create_pipe_files(%struct.file** %1, i32 %2) #78 Function:create_pipe_files %3 = load %struct.vfsmount*, %struct.vfsmount** @pipe_mnt, align 8 %4 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %3, i64 0, i32 1 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %5) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 %34 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 36, i32 0 store volatile i32 0, i32* %34, align 4 %35 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 9 store %struct.address_space_operations.150610* bitcast ({ i32 (%struct.page.150615*, %struct.writeback_control*)*, i32 (%struct.file.150531*, %struct.page.150615*)*, i32 (%struct.address_space.150611*, %struct.writeback_control*)*, i32 (%struct.page.150615*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, %struct.list_head*, i32)*, void (%struct.readahead_control.150605*)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615**, i8**)*, i32 (%struct.file.150531*, %struct.address_space.150611*, i64, i32, i32, %struct.page.150615*, i8*)*, i64 (%struct.address_space.150611*, i64)*, void (%struct.page.150615*, i32, i32)*, i32 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i64 (%struct.kiocb.150216*, %struct.iov_iter*)*, i32 (%struct.address_space.150611*, %struct.page.150615*, %struct.page.150615*, i32)*, i1 (%struct.page.150615*, i32)*, void (%struct.page.150615*)*, i32 (%struct.page.150615*)*, i32 (%struct.page.150615*, i64, i64)*, void (%struct.page.150615*, i8*, i8*)*, i32 (%struct.address_space.150611*, %struct.page.150615*)*, i32 (%struct.swap_info_struct.150609*, %struct.file.150531*, i64*)*, void (%struct.file.150531*)* }* @empty_aops to %struct.address_space_operations.150610*), %struct.address_space_operations.150610** %35, align 8 %36 = getelementptr inbounds %struct.address_space.150611, %struct.address_space.150611* %3, i64 0, i32 0 store %struct.inode.150604* %1, %struct.inode.150604** %36, align 8 %37 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 10 store i64 0, i64* %37, align 8 %38 = load %struct.file_system_type.150555*, %struct.file_system_type.150555** %31, align 8 %39 = getelementptr inbounds %struct.file_system_type.150555, %struct.file_system_type.150555* %38, i64 0, i32 1 %40 = load i32, i32* %39, align 8 %41 = and i32 %40, 8192 %42 = icmp eq i32 %41, 0 br i1 %42, label %44, label %43 %45 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 11 store i32 0, i32* %45, align 8 %46 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 4, i32 0 store volatile i32 0, i32* %46, align 4 %47 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 3 store i32 17829066, i32* %47, align 8 %48 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 14 store i8* null, i8** %48, align 8 %49 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 8 store i64 0, i64* %49, align 8 %50 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41, i32 2 tail call void @__init_rwsem(%struct.rw_semaphore* %50, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.2.16444, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key.1) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_sys_make_inode 4 proc_sys_lookup ------------- Path:  Function:proc_sys_lookup %4 = alloca %struct.ctl_table_header*, align 8 %5 = alloca %struct.ctl_table*, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 2 %8 = bitcast %struct.list_head* %7 to %struct.ctl_table_header** %9 = load %struct.ctl_table_header*, %struct.ctl_table_header** %8, align 8 %10 = icmp eq %struct.ctl_table_header* %9, null %11 = select i1 %10, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %9 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %12 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %11, i64 0, i32 1 %13 = load %struct.completion*, %struct.completion** %12, align 8 %14 = icmp eq %struct.completion* %13, null br i1 %14, label %15, label %19, !prof !4, !misexpect !5 %20 = phi %struct.ctl_table_header* [ %11, %15 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = bitcast %struct.ctl_table_header** %4 to i8* store %struct.ctl_table_header* null, %struct.ctl_table_header** %4, align 8 %22 = bitcast %struct.ctl_table** %5 to i8* store %struct.ctl_table* null, %struct.ctl_table** %5, align 8 %23 = icmp ugt %struct.ctl_table_header* %20, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %23, label %24, label %26 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %28 = load i8*, i8** %27, align 8 %29 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %30 = bitcast %struct.anon.1* %29 to %struct.util_est* %31 = getelementptr inbounds %struct.util_est, %struct.util_est* %30, i64 0, i32 1 %32 = load i32, i32* %31, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %33 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %20, i64 1 %34 = bitcast %struct.ctl_table_header* %33 to %struct.rb_node** %35 = load %struct.rb_node*, %struct.rb_node** %34, align 8 %36 = icmp eq %struct.rb_node* %35, null br i1 %36, label %85, label %37 %38 = phi %struct.rb_node* [ %71, %69 ], [ %35, %26 ] %39 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %38, i64 1 %40 = bitcast %struct.rb_node* %39 to %struct.ctl_table_header** %41 = load %struct.ctl_table_header*, %struct.ctl_table_header** %40, align 8 %42 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 0, i32 0, i32 0 %43 = load %struct.ctl_table*, %struct.ctl_table** %42, align 8 %44 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 6 %45 = bitcast %struct.ctl_node** %44 to i64* %46 = load i64, i64* %45, align 8 %47 = ptrtoint %struct.rb_node* %38 to i64 %48 = sub i64 %47, %46 %49 = ashr exact i64 %48, 5 %50 = getelementptr %struct.ctl_table, %struct.ctl_table* %43, i64 %49 %51 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %50, i64 0, i32 0 %52 = load i8*, i8** %51, align 8 %53 = tail call i64 @strlen(i8* %52) #78 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %32, %54 %56 = select i1 %55, i32 %32, i32 %54 %57 = sext i32 %56 to i64 %58 = tail call i32 @memcmp(i8* %28, i8* %52, i64 %57) #78 %59 = icmp eq i32 %58, 0 %60 = sub i32 %32, %54 %61 = select i1 %59, i32 %60, i32 %58 %62 = icmp slt i32 %61, 0 br i1 %62, label %63, label %65 %66 = icmp eq i32 %61, 0 br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %38, i64 0, i32 1 br label %69 %70 = phi %struct.rb_node** [ %64, %63 ], [ %68, %67 ] %71 = load %struct.rb_node*, %struct.rb_node** %70, align 8 %72 = icmp eq %struct.rb_node* %71, null br i1 %72, label %85, label %37 %86 = phi %struct.ctl_table_header* [ %41, %80 ], [ null, %73 ], [ null, %26 ], [ null, %76 ], [ null, %69 ] %87 = phi %struct.ctl_table* [ %50, %80 ], [ null, %73 ], [ null, %26 ], [ null, %76 ], [ null, %69 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store %struct.ctl_table* %87, %struct.ctl_table** %5, align 8 %88 = icmp eq %struct.ctl_table* %87, null br i1 %88, label %117, label %89 %90 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %87, i64 0, i32 3 %91 = load i16, i16* %90, align 4 %92 = and i16 %91, -4096 %93 = icmp eq i16 %92, -24576 br i1 %93, label %94, label %104 %95 = call fastcc i32 @sysctl_follow_link(%struct.ctl_table_header** nonnull %4, %struct.ctl_table** nonnull %5) #79 %96 = icmp eq i32 %95, 0 br i1 %96, label %101, label %97 %102 = load %struct.ctl_table_header*, %struct.ctl_table_header** %4, align 8 %103 = load %struct.ctl_table*, %struct.ctl_table** %5, align 8 br label %104 %105 = phi %struct.ctl_table_header* [ %102, %101 ], [ %86, %89 ] %106 = phi %struct.ctl_table* [ %103, %101 ], [ %87, %89 ] %107 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %108 = load %struct.super_block*, %struct.super_block** %107, align 8 %109 = icmp eq %struct.ctl_table_header* %105, null %110 = select i1 %109, %struct.ctl_table_header* %20, %struct.ctl_table_header* %105 %111 = tail call fastcc %struct.inode* @proc_sys_make_inode(%struct.super_block* %108, %struct.ctl_table_header* %110, %struct.ctl_table* %106) #79 Function:proc_sys_make_inode %4 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %1, i64 0, i32 3 %5 = load %struct.ctl_table_root*, %struct.ctl_table_root** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_pid_make_inode 4 proc_pid_instantiate 5 proc_pid_lookup 6 proc_root_lookup ------------- Path:  Function:proc_root_lookup %4 = tail call %struct.dentry* bitcast (%struct.dentry.177444* (%struct.dentry.177444*, i32)* @proc_pid_lookup to %struct.dentry* (%struct.dentry*, i32)*)(%struct.dentry* %1, i32 %2) #78 Function:proc_pid_lookup %3 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %0, i64 0, i32 4 %4 = tail call i32 @name_to_int(%struct.qstr* %3) #78 %5 = icmp eq i32 %4, -1 br i1 %5, label %46, label %6 %7 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %0, i64 0, i32 9 %8 = load %struct.super_block.177439*, %struct.super_block.177439** %7, align 8 %9 = getelementptr inbounds %struct.super_block.177439, %struct.super_block.177439* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.proc_fs_info.177609** %11 = load %struct.proc_fs_info.177609*, %struct.proc_fs_info.177609** %10, align 16 %12 = getelementptr inbounds %struct.proc_fs_info.177609, %struct.proc_fs_info.177609* %11, i64 0, i32 0 %13 = load %struct.pid_namespace.177246*, %struct.pid_namespace.177246** %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.177581* (i32, %struct.pid_namespace.177246*)*)(i32 %4, %struct.pid_namespace.177246* %13) #78 %15 = icmp eq %struct.task_struct.177581* %14, null br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.task_struct.177581, %struct.task_struct.177581* %14, i64 0, i32 3 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !5 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !6, !misexpect !7 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !8, !misexpect !7 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #78 br label %27 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %28 = getelementptr inbounds %struct.proc_fs_info.177609, %struct.proc_fs_info.177609* %11, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 4 br i1 %30, label %31, label %33 %32 = tail call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @ptrace_may_access to i1 (%struct.task_struct.177581*, i32)*)(%struct.task_struct.177581* nonnull %14, i32 9) #78 br i1 %32, label %33, label %35 %34 = tail call %struct.dentry.177444* @proc_pid_instantiate(%struct.dentry.177444* %0, %struct.task_struct.177581* nonnull %14, i8* null) #79 Function:proc_pid_instantiate %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %0, i64 0, i32 9 %5 = load %struct.super_block.177439*, %struct.super_block.177439** %4, align 8 %6 = tail call %struct.inode.177454* @proc_pid_make_inode(%struct.super_block.177439* %5, %struct.task_struct.177581* %1, i16 zeroext 16749) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_pid_make_inode 4 proc_ns_dir_lookup ------------- Path:  Function:proc_ns_dir_lookup %4 = getelementptr %struct.inode.182601, %struct.inode.182601* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.182349** %6 = load %struct.pid.182349*, %struct.pid.182349** %5, align 8 %7 = tail call %struct.task_struct.182540* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.182540* (%struct.pid.182349*, i32)*)(%struct.pid.182349* %6, i32 0) #78 %8 = icmp eq %struct.task_struct.182540* %7, null br i1 %8, label %58, label %9 %10 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 4 %11 = bitcast %struct.qstr* %10 to %struct.util_est* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %11, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 4, i32 1 %15 = zext i32 %13 to i64 br label %16 %17 = phi %struct.proc_ns_operations.182542** [ getelementptr inbounds ([9 x %struct.proc_ns_operations.182542*], [9 x %struct.proc_ns_operations.182542*]* @ns_entries, i64 0, i64 0), %9 ], [ %28, %27 ] %18 = load %struct.proc_ns_operations.182542*, %struct.proc_ns_operations.182542** %17, align 8 %19 = getelementptr inbounds %struct.proc_ns_operations.182542, %struct.proc_ns_operations.182542* %18, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = tail call i64 @strlen(i8* %20) #79 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %27 %24 = load i8*, i8** %14, align 8 %25 = tail call i32 @bcmp(i8* %24, i8* %20, i64 %15) %26 = icmp eq i32 %25, 0 br i1 %26, label %30, label %27 %31 = phi %struct.proc_ns_operations.182542** [ %17, %23 ], [ %28, %27 ] %32 = icmp eq %struct.proc_ns_operations.182542** %31, getelementptr inbounds ([9 x %struct.proc_ns_operations.182542*], [9 x %struct.proc_ns_operations.182542*]* @ns_entries, i64 1, i64 0) br i1 %32, label %46, label %33 %34 = bitcast %struct.proc_ns_operations.182542** %31 to i64* %35 = load i64, i64* %34, align 8 %36 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 9 %37 = load %struct.super_block.182587*, %struct.super_block.182587** %36, align 8 %38 = tail call %struct.inode.182601* bitcast (%struct.inode.177454* (%struct.super_block.177439*, %struct.task_struct.177581*, i16)* @proc_pid_make_inode to %struct.inode.182601* (%struct.super_block.182587*, %struct.task_struct.182540*, i16)*)(%struct.super_block.182587* %37, %struct.task_struct.182540* nonnull %7, i16 zeroext -24065) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_pid_make_inode 4 proc_lookupfdinfo ------------- Path:  Function:proc_lookupfdinfo %4 = getelementptr %struct.inode.178653, %struct.inode.178653* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.178552** %6 = load %struct.pid.178552*, %struct.pid.178552** %5, align 8 %7 = tail call %struct.task_struct.178624* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178624* (%struct.pid.178552*, i32)*)(%struct.pid.178552* %6, i32 0) #78 %8 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %1, i64 0, i32 4 %9 = tail call i32 @name_to_int(%struct.qstr* %8) #78 %10 = icmp eq %struct.task_struct.178624* %7, null br i1 %10, label %46, label %11 %12 = icmp eq i32 %9, -1 br i1 %12, label %34, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = tail call %struct.file.178662* bitcast (%struct.file* (%struct.task_struct*, i32)* @task_lookup_fd_rcu to %struct.file.178662* (%struct.task_struct.178624*, i32)*)(%struct.task_struct.178624* nonnull %7, i32 %9) #78 %15 = icmp eq %struct.file.178662* %14, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 tail call void @rcu_read_unlock_strict() #78 br i1 %15, label %34, label %16 %17 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %1, i64 0, i32 9 %18 = load %struct.super_block.178635*, %struct.super_block.178635** %17, align 8 %19 = tail call %struct.inode.178653* bitcast (%struct.inode.177454* (%struct.super_block.177439*, %struct.task_struct.177581*, i16)* @proc_pid_make_inode to %struct.inode.178653* (%struct.super_block.178635*, %struct.task_struct.178624*, i16)*)(%struct.super_block.178635* %18, %struct.task_struct.178624* nonnull %7, i16 zeroext -32476) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_pid_make_inode 4 proc_fd_instantiate 5 proc_lookupfd ------------- Path:  Function:proc_lookupfd %4 = alloca i64, align 8 %5 = bitcast i64* %4 to %struct.util_est* %6 = getelementptr %struct.inode.178653, %struct.inode.178653* %0, i64 -1, i32 41, i32 13 %7 = bitcast %struct.list_head* %6 to %struct.pid.178552** %8 = load %struct.pid.178552*, %struct.pid.178552** %7, align 8 %9 = tail call %struct.task_struct.178624* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178624* (%struct.pid.178552*, i32)*)(%struct.pid.178552* %8, i32 0) #78 %10 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %11 = bitcast i64* %4 to i32* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %13 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %1, i64 0, i32 4 %14 = tail call i32 @name_to_int(%struct.qstr* %13) #78 store i32 %14, i32* %12, align 4 %15 = icmp eq %struct.task_struct.178624* %9, null br i1 %15, label %38, label %16 %17 = icmp eq i32 %14, -1 br i1 %17, label %26, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = tail call %struct.file.178662* bitcast (%struct.file* (%struct.task_struct*, i32)* @task_lookup_fd_rcu to %struct.file.178662* (%struct.task_struct.178624*, i32)*)(%struct.task_struct.178624* nonnull %9, i32 %14) #78 %20 = icmp eq %struct.file.178662* %19, null br i1 %20, label %25, label %21 %22 = getelementptr inbounds %struct.file.178662, %struct.file.178662* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 store i32 %23, i32* %11, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %24 = call %struct.dentry.178657* @proc_fd_instantiate(%struct.dentry.178657* %1, %struct.task_struct.178624* nonnull %9, i8* nonnull %10) #78, !callees !6 Function:proc_fd_instantiate %4 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %0, i64 0, i32 9 %5 = load %struct.super_block.178635*, %struct.super_block.178635** %4, align 8 %6 = tail call %struct.inode.178653* bitcast (%struct.inode.177454* (%struct.super_block.177439*, %struct.task_struct.177581*, i16)* @proc_pid_make_inode to %struct.inode.178653* (%struct.super_block.178635*, %struct.task_struct.178624*, i16)*)(%struct.super_block.178635* %5, %struct.task_struct.178624* %1, i16 zeroext -24576) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_create ------------- Path:  Function:ramfs_create %6 = or i16 %3, -32768 %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %8, %struct.inode* %1, i16 zeroext %6, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_symlink ------------- Path:  Function:ramfs_symlink %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext -24065, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_mkdir ------------- Path:  Function:ramfs_mkdir %5 = or i16 %3, 16384 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_mknod ------------- Path:  Function:ramfs_mknod %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %3, i32 %4) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 ramfs_get_inode 4 ramfs_tmpfile ------------- Path:  Function:ramfs_tmpfile %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext %3, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 autofs_get_inode 4 autofs_dir_mkdir ------------- Path:  Function:autofs_dir_mkdir %5 = getelementptr inbounds %struct.inode.262604, %struct.inode.262604* %1, i64 0, i32 8 %6 = load %struct.super_block.262585*, %struct.super_block.262585** %5, align 8 %7 = getelementptr inbounds %struct.super_block.262585, %struct.super_block.262585* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.autofs_sb_info.262615** %9 = load %struct.autofs_sb_info.262615*, %struct.autofs_sb_info.262615** %8, align 16 %10 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %2, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.autofs_info.262616** %12 = load %struct.autofs_info.262616*, %struct.autofs_info.262616** %11, align 8 %13 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %9, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 1 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %102 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.262573** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.262573**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.262573* %20 = getelementptr inbounds %struct.task_struct.262573, %struct.task_struct.262573* %19, i64 0, i32 95 %21 = load %struct.signal_struct.262502*, %struct.signal_struct.262502** %20, align 32 %22 = getelementptr %struct.signal_struct.262502, %struct.signal_struct.262502* %21, i64 0, i32 21, i64 2 %23 = load %struct.pid*, %struct.pid** %22, align 8 %24 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %9, i64 0, i32 3 %25 = load %struct.pid*, %struct.pid** %24, align 8 %26 = icmp eq %struct.pid* %23, %25 br i1 %26, label %27, label %102 %28 = icmp eq %struct.autofs_info.262616* %12, null br i1 %28, label %29, label %30, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.autofs_info*)* @autofs_clean_ino to void (%struct.autofs_info.262616*)*)(%struct.autofs_info.262616* nonnull %12) #78 %31 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %2, i64 0, i32 9 %32 = load %struct.super_block.262585*, %struct.super_block.262585** %31, align 8 %33 = getelementptr inbounds %struct.super_block.262585, %struct.super_block.262585* %32, i64 0, i32 28 %34 = bitcast i8** %33 to %struct.autofs_sb_info.262615** %35 = load %struct.autofs_sb_info.262615*, %struct.autofs_sb_info.262615** %34, align 16 %36 = load %struct.autofs_info.262616*, %struct.autofs_info.262616** %11, align 8 %37 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %35, i64 0, i32 16 %38 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %37, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #78 %39 = getelementptr inbounds %struct.autofs_info.262616, %struct.autofs_info.262616* %36, i64 0, i32 4 %40 = getelementptr inbounds %struct.autofs_info.262616, %struct.autofs_info.262616* %36, i64 0, i32 4, i32 1 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 1 store %struct.list_head* %41, %struct.list_head** %44, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 0 store volatile %struct.list_head* %43, %struct.list_head** %45, align 8 store volatile %struct.list_head* %39, %struct.list_head** %42, align 8 store volatile %struct.list_head* %39, %struct.list_head** %40, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %46 = bitcast %struct.spinlock* %37 to i8* store volatile i8 0, i8* %46, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %47 = load %struct.super_block.262585*, %struct.super_block.262585** %5, align 8 %48 = or i16 %3, 16384 %49 = tail call %struct.inode.262604* bitcast (%struct.inode* (%struct.super_block*, i16)* @autofs_get_inode to %struct.inode.262604* (%struct.super_block.262585*, i16)*)(%struct.super_block.262585* %47, i16 zeroext %48) #78 Function:autofs_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_get_inode 4 proc_lookup_de 5 proc_tgid_net_lookup ------------- Path:  Function:proc_tgid_net_lookup %4 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %0) #78 %5 = icmp eq %struct.net* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.net, %struct.net* %4, i64 0, i32 16 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 32 %9 = tail call %struct.dentry* @proc_lookup_de(%struct.inode* %0, %struct.dentry* %1, %struct.proc_dir_entry* %8) #79 Function:proc_lookup_de tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %7 = bitcast %struct.anon.1* %6 to %struct.util_est* %8 = getelementptr inbounds %struct.util_est, %struct.util_est* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18, i32 0 %11 = load %struct.rb_node*, %struct.rb_node** %10, align 8 %12 = icmp eq %struct.rb_node* %11, null br i1 %12, label %66, label %13 %14 = zext i32 %9 to i64 br label %15 %16 = phi %struct.rb_node* [ %11, %13 ], [ %39, %37 ] %17 = getelementptr %struct.rb_node, %struct.rb_node* %16, i64 -6, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %19 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %18, i64 0, i32 23 %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i32 %22 = icmp ult i32 %9, %21 br i1 %22, label %31, label %23 %24 = icmp ugt i32 %9, %21 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %17, i64 20 %27 = bitcast %struct.rb_node** %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @memcmp(i8* %5, i8* %28, i64 %14) #78 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %33 %34 = icmp eq i32 %29, 0 br i1 %34, label %41, label %35 %42 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %43 = icmp eq %struct.rb_node** %17, null br i1 %43, label %66, label %44 %45 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %42, i64 0, i32 1 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %45, i64 0, i32 0, i32 0 %47 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 1, i32* %46) #6, !srcloc !4 %48 = icmp eq i32 %47, 0 br i1 %48, label %53, label %49, !prof !5, !misexpect !6 %50 = add i32 %47, 1 %51 = or i32 %50, %47 %52 = icmp sgt i32 %51, -1 br i1 %52, label %55, label %53, !prof !7, !misexpect !6 %54 = phi i32 [ 2, %44 ], [ 1, %49 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 %54) #78 br label %55 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %57 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %58 = load %struct.super_block*, %struct.super_block** %57, align 8 %59 = tail call %struct.inode* @proc_get_inode(%struct.super_block* %58, %struct.proc_dir_entry* nonnull %42) #78 Function:proc_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 proc_get_inode 4 proc_lookup_de 5 proc_lookup ------------- Path:  Function:proc_lookup %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.proc_fs_info** %8 = load %struct.proc_fs_info*, %struct.proc_fs_info** %7, align 16 %9 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %8, i64 0, i32 5 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 br i1 %11, label %18, label %12 %13 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 1, i32 1 %15 = bitcast %struct.list_head** %14 to %struct.proc_dir_entry** %16 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %15, align 8 %17 = tail call %struct.dentry* @proc_lookup_de(%struct.inode* %0, %struct.dentry* %1, %struct.proc_dir_entry* %16) #78 Function:proc_lookup_de tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %7 = bitcast %struct.anon.1* %6 to %struct.util_est* %8 = getelementptr inbounds %struct.util_est, %struct.util_est* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18, i32 0 %11 = load %struct.rb_node*, %struct.rb_node** %10, align 8 %12 = icmp eq %struct.rb_node* %11, null br i1 %12, label %66, label %13 %14 = zext i32 %9 to i64 br label %15 %16 = phi %struct.rb_node* [ %11, %13 ], [ %39, %37 ] %17 = getelementptr %struct.rb_node, %struct.rb_node* %16, i64 -6, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %19 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %18, i64 0, i32 23 %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i32 %22 = icmp ult i32 %9, %21 br i1 %22, label %31, label %23 %24 = icmp ugt i32 %9, %21 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %17, i64 20 %27 = bitcast %struct.rb_node** %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @memcmp(i8* %5, i8* %28, i64 %14) #78 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %33 %34 = icmp eq i32 %29, 0 br i1 %34, label %41, label %35 %42 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %43 = icmp eq %struct.rb_node** %17, null br i1 %43, label %66, label %44 %45 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %42, i64 0, i32 1 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %45, i64 0, i32 0, i32 0 %47 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 1, i32* %46) #6, !srcloc !4 %48 = icmp eq i32 %47, 0 br i1 %48, label %53, label %49, !prof !5, !misexpect !6 %50 = add i32 %47, 1 %51 = or i32 %50, %47 %52 = icmp sgt i32 %51, -1 br i1 %52, label %55, label %53, !prof !7, !misexpect !6 %54 = phi i32 [ 2, %44 ], [ 1, %49 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 %54) #78 br label %55 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %57 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %58 = load %struct.super_block*, %struct.super_block** %57, align 8 %59 = tail call %struct.inode* @proc_get_inode(%struct.super_block* %58, %struct.proc_dir_entry* nonnull %42) #78 Function:proc_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 new_inode 3 mqueue_get_inode 4 mqueue_create_attr 5 mqueue_create ------------- Path:  Function:mqueue_create %6 = tail call i32 @mqueue_create_attr(%struct.dentry* %2, i16 zeroext %3, i8* null) #78 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #78 %9 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace** %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 16 %14 = icmp eq %struct.ipc_namespace* %13, null br i1 %14, label %65, label %15 %16 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 24, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #78 br label %26 %27 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 15 %28 = load i32, i32* %27, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 16 %30 = load i32, i32* %29, align 4 %31 = icmp ult i32 %28, %30 br i1 %31, label %36, label %32 %33 = tail call zeroext i1 @capable(i32 24) #78 br i1 %33, label %34, label %65 %35 = load i32, i32* %27, align 8 br label %36 %37 = phi i32 [ %35, %34 ], [ %28, %26 ] %38 = add i32 %37, 1 store i32 %38, i32* %27, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %39 = load %struct.super_block*, %struct.super_block** %9, align 8 %40 = tail call fastcc %struct.inode* @mqueue_get_inode(%struct.super_block* %39, %struct.ipc_namespace* nonnull %13, i16 zeroext %1, %struct.mq_attr* %8) #79 Function:mqueue_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 Function:new_inode %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 57 %3 = bitcast %struct.spinlock* %2 to i8* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %3) #6, !srcloc !4 %4 = tail call %struct.inode.150604* @new_inode_pseudo(%struct.super_block.150588* %0) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %270, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %270 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 105 %29 = load %struct.audit_context*, %struct.audit_context** %28, align 64 %30 = icmp eq %struct.audit_context* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %23, 0 br i1 %36, label %83, label %37 %38 = zext i8 %23 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %84) #78 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %18, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %8, label %267 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %257 ] %94 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %95 = load i32, i32* %94, align 8 %96 = call i32 @__sys_socket(i32 %90, i32 %92, i32 %95) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __se_sys_socketcall 5 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #78 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %44 = trunc i64 %40 to i32 %45 = trunc i64 %42 to i32 %46 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %47 = load i64, i64* %46, align 16 %48 = trunc i64 %47 to i32 %49 = call i32 @__sys_socket(i32 %44, i32 %45, i32 %48) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __se_sys_socketcall 5 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #78 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %44 = trunc i64 %40 to i32 %45 = trunc i64 %42 to i32 %46 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %47 = load i64, i64* %46, align 16 %48 = trunc i64 %47 to i32 %49 = call i32 @__sys_socket(i32 %44, i32 %45, i32 %48) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __ia32_sys_socket ------------- Path:  Function:__ia32_sys_socket %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call i32 @__sys_socket(i32 %8, i32 %9, i32 %10) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 __sock_create 3 __sys_socket 4 __x64_sys_socket ------------- Path:  Function:__x64_sys_socket %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call i32 @__sys_socket(i32 %8, i32 %9, i32 %10) #78 Function:__sys_socket %4 = alloca %struct.socket.273619*, align 8 %5 = bitcast %struct.socket.273619** %4 to i8* store %struct.socket.273619* null, %struct.socket.273619** %4, align 8 %6 = and i32 %1, -526352 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %56 %9 = and i32 %1, 15 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.273544* %12 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %11, i64 0, i32 94 %13 = load %struct.nsproxy.273137*, %struct.nsproxy.273137** %12, align 8 %14 = getelementptr inbounds %struct.nsproxy.273137, %struct.nsproxy.273137* %13, i64 0, i32 5 %15 = load %struct.net.273693*, %struct.net.273693** %14, align 8 %16 = call i32 @__sock_create(%struct.net.273693* %15, i32 %0, i32 %9, i32 %2, %struct.socket.273619** nonnull %4, i32 0) #78 Function:__sock_create %7 = icmp ugt i32 %1, 45 br i1 %7, label %126, label %8 %9 = icmp ugt i32 %2, 10 br i1 %9, label %126, label %10 %11 = icmp eq i32 %1, 2 %12 = icmp eq i32 %2, 10 %13 = and i1 %11, %12 br i1 %13, label %14, label %21 %15 = load i1, i1* @__sock_create.__already_done, align 1 br i1 %15, label %21, label %16, !prof !4, !misexpect !5 store i1 true, i1* @__sock_create.__already_done, align 1 %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !6 %18 = inttoptr i64 %17 to %struct.task_struct.273544* %19 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %18, i64 0, i32 87, i64 0 %20 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.2.63122, i64 0, i64 0), i8* %19) #78 br label %21 %22 = phi i32 [ %1, %10 ], [ 17, %14 ], [ 17, %16 ] %23 = tail call i32 @security_socket_create(i32 %22, i32 %2, i32 %3, i32 %5) #79 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %126 %26 = load %struct.vfsmount.273734*, %struct.vfsmount.273734** @sock_mnt, align 8 %27 = getelementptr inbounds %struct.vfsmount.273734, %struct.vfsmount.273734* %26, i64 0, i32 1 %28 = load %struct.super_block.273733*, %struct.super_block.273733** %27, align 8 %29 = tail call %struct.inode.273749* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode.273749* (%struct.super_block.273733*)*)(%struct.super_block.273733* %28) #79 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 create_pipe_files 3 __do_pipe_flags 4 do_pipe2 5 __ia32_sys_pipe ------------- Path:  Function:__ia32_sys_pipe %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i32* %6 = tail call fastcc i32 @do_pipe2(i32* %5, i32 0) #78 Function:do_pipe2 %3 = alloca [2 x %struct.file*], align 16 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to [2 x i32]* %6 = bitcast [2 x %struct.file*]* %3 to i8* %7 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %8 = bitcast i64* %4 to i32* %9 = getelementptr inbounds [2 x %struct.file*], [2 x %struct.file*]* %3, i64 0, i64 0 %10 = call fastcc i32 @__do_pipe_flags(i32* nonnull %8, %struct.file** nonnull %9, i32 %1) #78 Function:__do_pipe_flags %4 = and i32 %2, -542849 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %34 %7 = tail call i32 @create_pipe_files(%struct.file** %1, i32 %2) #78 Function:create_pipe_files %3 = load %struct.vfsmount*, %struct.vfsmount** @pipe_mnt, align 8 %4 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %3, i64 0, i32 1 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %5) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 create_pipe_files 3 __do_pipe_flags 4 do_pipe2 5 __x64_sys_pipe ------------- Path:  Function:__x64_sys_pipe %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i32** %4 = load i32*, i32** %3, align 8 %5 = tail call fastcc i32 @do_pipe2(i32* %4, i32 0) #78 Function:do_pipe2 %3 = alloca [2 x %struct.file*], align 16 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to [2 x i32]* %6 = bitcast [2 x %struct.file*]* %3 to i8* %7 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %8 = bitcast i64* %4 to i32* %9 = getelementptr inbounds [2 x %struct.file*], [2 x %struct.file*]* %3, i64 0, i64 0 %10 = call fastcc i32 @__do_pipe_flags(i32* nonnull %8, %struct.file** nonnull %9, i32 %1) #78 Function:__do_pipe_flags %4 = and i32 %2, -542849 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %34 %7 = tail call i32 @create_pipe_files(%struct.file** %1, i32 %2) #78 Function:create_pipe_files %3 = load %struct.vfsmount*, %struct.vfsmount** @pipe_mnt, align 8 %4 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %3, i64 0, i32 1 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %5) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 create_pipe_files 3 __do_pipe_flags 4 do_pipe2 5 __ia32_sys_pipe2 ------------- Path:  Function:__ia32_sys_pipe2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = inttoptr i64 %4 to i32* %8 = trunc i64 %6 to i32 %9 = tail call fastcc i32 @do_pipe2(i32* %7, i32 %8) #78 Function:do_pipe2 %3 = alloca [2 x %struct.file*], align 16 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to [2 x i32]* %6 = bitcast [2 x %struct.file*]* %3 to i8* %7 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %8 = bitcast i64* %4 to i32* %9 = getelementptr inbounds [2 x %struct.file*], [2 x %struct.file*]* %3, i64 0, i64 0 %10 = call fastcc i32 @__do_pipe_flags(i32* nonnull %8, %struct.file** nonnull %9, i32 %1) #78 Function:__do_pipe_flags %4 = and i32 %2, -542849 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %34 %7 = tail call i32 @create_pipe_files(%struct.file** %1, i32 %2) #78 Function:create_pipe_files %3 = load %struct.vfsmount*, %struct.vfsmount** @pipe_mnt, align 8 %4 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %3, i64 0, i32 1 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %5) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 inode_init_always 1 new_inode_pseudo 2 create_pipe_files 3 __do_pipe_flags 4 do_pipe2 5 __x64_sys_pipe2 ------------- Path:  Function:__x64_sys_pipe2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i32** %4 = load i32*, i32** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %6 to i32 %8 = tail call fastcc i32 @do_pipe2(i32* %4, i32 %7) #78 Function:do_pipe2 %3 = alloca [2 x %struct.file*], align 16 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to [2 x i32]* %6 = bitcast [2 x %struct.file*]* %3 to i8* %7 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %8 = bitcast i64* %4 to i32* %9 = getelementptr inbounds [2 x %struct.file*], [2 x %struct.file*]* %3, i64 0, i64 0 %10 = call fastcc i32 @__do_pipe_flags(i32* nonnull %8, %struct.file** nonnull %9, i32 %1) #78 Function:__do_pipe_flags %4 = and i32 %2, -542849 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %34 %7 = tail call i32 @create_pipe_files(%struct.file** %1, i32 %2) #78 Function:create_pipe_files %3 = load %struct.vfsmount*, %struct.vfsmount** @pipe_mnt, align 8 %4 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %3, i64 0, i32 1 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode_pseudo to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %5) #78 Function:new_inode_pseudo %2 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 6 %3 = load %struct.super_operations.150563*, %struct.super_operations.150563** %2, align 16 %4 = getelementptr inbounds %struct.super_operations.150563, %struct.super_operations.150563* %3, i64 0, i32 0 %5 = load %struct.inode.150604* (%struct.super_block.150588*)*, %struct.inode.150604* (%struct.super_block.150588*)** %4, align 8 %6 = icmp eq %struct.inode.150604* (%struct.super_block.150588*)* %5, null br i1 %6, label %9, label %7 %10 = load %struct.kmem_cache*, %struct.kmem_cache** @inode_cachep, align 8 %11 = tail call noalias align 8 i8* @kmem_cache_alloc(%struct.kmem_cache* %10, i32 3264) #78 %12 = bitcast i8* %11 to %struct.inode.150604* br label %13 %14 = phi %struct.inode.150604* [ %8, %7 ], [ %12, %9 ] %15 = icmp eq %struct.inode.150604* %14, null br i1 %15, label %54, label %16 %17 = tail call i32 @inode_init_always(%struct.super_block.150588* %0, %struct.inode.150604* nonnull %14) #78 Function:inode_init_always %3 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 41 %4 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 8 store %struct.super_block.150588* %0, %struct.super_block.150588** %4, align 8 %5 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 2 %6 = load i8, i8* %5, align 4 %7 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 20 store i8 %6, i8* %7, align 2 %8 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 4 store i32 0, i32* %8, align 4 %9 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 34, i32 0 store volatile i64 0, i64* %9, align 8 %10 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 35, i32 0 store volatile i32 1, i32* %10, align 4 %11 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 7 store %struct.inode_operations.150599* @inode_init_always.empty_iops, %struct.inode_operations.150599** %11, align 8 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 39, i32 0 store %struct.file_operations.150528* @inode_init_always.no_open_fops, %struct.file_operations.150528** %12, align 8 %13 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 11 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 12, i32 0 store i32 1, i32* %14, align 8 %15 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 1 store i16 0, i16* %15, align 2 %16 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 18 %17 = load %struct.xattr_handler**, %struct.xattr_handler*** %16, align 8 %18 = icmp eq %struct.xattr_handler** %17, null %19 = select i1 %18, i16 0, i16 8 store i16 %19, i16* %15, align 2 %20 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 2, i32 0 store i32 0, i32* %20, align 4 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 3, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 37, i32 0 store volatile i32 0, i32* %22, align 4 %23 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 14 store i64 0, i64* %23, align 8 %24 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 21 store i8 0, i8* %24, align 1 %25 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 22 store i64 0, i64* %25, align 8 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 19 store i16 0, i16* %26, align 4 %27 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 43, i32 0 %28 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 13 store i32 0, i32* %28, align 4 %29 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 25 store i64 0, i64* %29, align 8 %30 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 18, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %0, i64 0, i32 5 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %1, i64 0, i32 24 %33 = bitcast %struct.pipe_inode_info** %27 to i8* tail call void @__init_rwsem(%struct.rw_semaphore* %32, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.16443, i64 0, i64 0), %struct.lock_class_key* nonnull @inode_init_always.__key) #78 ------------- Good: 242 Bad: 46 Ignored: 494 Check Use of Function:populate_vma_page_range Check Use of Function:put_old_itimerspec32 Use: =BAD PATH= Call Stack: 0 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 %28 = icmp eq i32 %27, 0 %29 = and i1 %19, %28 br i1 %29, label %30, label %34 %31 = call i32 @put_old_itimerspec32(%struct.timens_offsets* nonnull %3, %struct.old_itimerspec32* nonnull %16) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 %26 = icmp eq i32 %25, 0 %27 = and i1 %17, %26 br i1 %27, label %28, label %32 %29 = call i32 @put_old_itimerspec32(%struct.timens_offsets* nonnull %3, %struct.old_itimerspec32* nonnull %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_timer_gettime32 ------------- Path:  Function:__ia32_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.old_itimerspec32* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %13 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %14 = icmp eq %struct.k_itimer.88513* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %13, i64 0, i32 3 %18 = load %struct.k_clock.88514*, %struct.k_clock.88514** %17, align 8 %19 = icmp eq %struct.k_clock.88514* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88513* nonnull %13, %struct.timens_offsets* nonnull %3) #78 br label %26 %27 = phi i1 [ false, %24 ], [ true, %25 ] %28 = phi i64 [ -22, %24 ], [ 0, %25 ] %29 = load i64, i64* %2, align 8 %30 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %13, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %30, i64 %29) #78 br i1 %27, label %31, label %35 %32 = call i32 @put_old_itimerspec32(%struct.timens_offsets* nonnull %3, %struct.old_itimerspec32* %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_timer_gettime32 ------------- Path:  Function:__x64_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.old_itimerspec32** %8 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %12 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %13 = icmp eq %struct.k_itimer.88513* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %12, i64 0, i32 3 %17 = load %struct.k_clock.88514*, %struct.k_clock.88514** %16, align 8 %18 = icmp eq %struct.k_clock.88514* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88513* nonnull %12, %struct.timens_offsets* nonnull %3) #78 br label %25 %26 = phi i1 [ false, %23 ], [ true, %24 ] %27 = phi i64 [ -22, %23 ], [ 0, %24 ] %28 = load i64, i64* %2, align 8 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %12, i64 0, i32 2, i32 0, i32 0 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %29, i64 %28) #78 br i1 %26, label %30, label %34 %31 = call i32 @put_old_itimerspec32(%struct.timens_offsets* nonnull %3, %struct.old_itimerspec32* %8) #78 ------------- Good: 4 Bad: 4 Ignored: 0 Check Use of Function:ext4_reset_inode_seed Check Use of Function:jbd2_journal_lock_updates Check Use of Function:ext4_double_down_write_data_sem Check Use of Function:swap_inode_data Check Use of Function:ext4_double_up_write_data_sem Check Use of Function:ext4_trim_fs Check Use of Function:slow_avc_audit Check Use of Function:shmem_lock Check Use of Function:import_single_range Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %270, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %270 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 105 %29 = load %struct.audit_context*, %struct.audit_context** %28, align 64 %30 = icmp eq %struct.audit_context* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %23, 0 br i1 %36, label %83, label %37 %38 = zext i8 %23 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %84) #78 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %18, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %8, label %267 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %257 ] %178 = zext i32 %92 to i64 %179 = inttoptr i64 %178 to i8* %180 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %181 = load i32, i32* %180, align 8 %182 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %183 = load i32, i32* %182, align 4 %184 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %185 = load i32, i32* %184, align 16 %186 = zext i32 %185 to i64 %187 = inttoptr i64 %186 to %struct.sys_desc_table* %188 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 5 %189 = load i32, i32* %188, align 4 %190 = zext i32 %189 to i64 %191 = inttoptr i64 %190 to i32* %192 = zext i32 %181 to i64 %193 = or i32 %183, -2147483648 %194 = call i32 @__sys_recvfrom(i32 %90, i8* %179, i64 %192, i32 %193, %struct.sys_desc_table* %187, i32* %191) #78 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recvfrom ------------- Path:  Function:__ia32_compat_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = or i32 %20, -2147483648 %24 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %23, %struct.sys_desc_table* %21, i32* %22) #78 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recv ------------- Path:  Function:__ia32_compat_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = or i32 %14, -2147483648 %16 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %15, %struct.sys_desc_table* null, i32* null) #78 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #78 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %133 = trunc i64 %40 to i32 %134 = inttoptr i64 %42 to i8* %135 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %136 = load i64, i64* %135, align 16 %137 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %138 = load i64, i64* %137, align 8 %139 = trunc i64 %138 to i32 %140 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %141 = bitcast i64* %140 to %struct.sys_desc_table** %142 = load %struct.sys_desc_table*, %struct.sys_desc_table** %141, align 16 %143 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %144 = bitcast i64* %143 to i32** %145 = load i32*, i32** %144, align 8 %146 = call i32 @__sys_recvfrom(i32 %133, i8* %134, i64 %136, i32 %139, %struct.sys_desc_table* %142, i32* %145) #78 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #78 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %133 = trunc i64 %40 to i32 %134 = inttoptr i64 %42 to i8* %135 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %136 = load i64, i64* %135, align 16 %137 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %138 = load i64, i64* %137, align 8 %139 = trunc i64 %138 to i32 %140 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %141 = bitcast i64* %140 to %struct.sys_desc_table** %142 = load %struct.sys_desc_table*, %struct.sys_desc_table** %141, align 16 %143 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %144 = bitcast i64* %143 to i32** %145 = load i32*, i32** %144, align 8 %146 = call i32 @__sys_recvfrom(i32 %133, i8* %134, i64 %136, i32 %139, %struct.sys_desc_table* %142, i32* %145) #78 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recv ------------- Path:  Function:__ia32_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32* null) #78 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recv ------------- Path:  Function:__x64_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_recvfrom(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32* null) #78 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recvfrom ------------- Path:  Function:__ia32_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %20, %struct.sys_desc_table* %21, i32* %22) #78 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recvfrom ------------- Path:  Function:__x64_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = bitcast i64* %14 to i32** %16 = load i32*, i32** %15, align 8 %17 = trunc i64 %3 to i32 %18 = trunc i64 %10 to i32 %19 = tail call i32 @__sys_recvfrom(i32 %17, i8* %6, i64 %8, i32 %18, %struct.sys_desc_table* %13, i32* %16) #78 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %270, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %270 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 105 %29 = load %struct.audit_context*, %struct.audit_context** %28, align 64 %30 = icmp eq %struct.audit_context* %29, null br i1 %30, label %69, label %31 %32 = bitcast %struct.audit_context* %29 to i32* %33 = load i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %69 %36 = icmp eq i8 %23, 0 br i1 %36, label %83, label %37 %38 = zext i8 %23 to i64 %39 = add nsw i64 %38, -1 %40 = and i64 %38, 3 %41 = icmp ult i64 %39, 3 br i1 %41, label %70, label %42 %43 = and i64 %38, 60 br label %44 %45 = phi i64 [ 0, %42 ], [ %66, %44 ] %46 = phi i64 [ %43, %42 ], [ %67, %44 ] %47 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %45 %48 = load i32, i32* %47, align 16 %49 = zext i32 %48 to i64 %50 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %45 store i64 %49, i64* %50, align 16 %51 = or i64 %45, 1 %52 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %51 %53 = load i32, i32* %52, align 4 %54 = zext i32 %53 to i64 %55 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %51 store i64 %54, i64* %55, align 8 %56 = or i64 %45, 2 %57 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %56 %58 = load i32, i32* %57, align 8 %59 = zext i32 %58 to i64 %60 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %56 store i64 %59, i64* %60, align 16 %61 = or i64 %45, 3 %62 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %61 %63 = load i32, i32* %62, align 4 %64 = zext i32 %63 to i64 %65 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %61 store i64 %64, i64* %65, align 8 %66 = add nuw nsw i64 %45, 4 %67 = add i64 %46, -4 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %44 %71 = phi i64 [ 0, %37 ], [ %66, %44 ] %72 = icmp eq i64 %40, 0 br i1 %72, label %83, label %73 %84 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %85 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %84) #78 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = load i32, i32* %18, align 16 %91 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %92 = load i32, i32* %91, align 4 switch i32 %8, label %267 [ i32 1, label %93 i32 2, label %97 i32 3, label %103 i32 4, label %109 i32 5, label %111 i32 6, label %119 i32 7, label %127 i32 8, label %135 i32 9, label %143 i32 11, label %152 i32 10, label %167 i32 12, label %177 i32 13, label %195 i32 14, label %197 i32 15, label %207 i32 16, label %219 i32 20, label %227 i32 17, label %236 i32 19, label %244 i32 18, label %257 ] %153 = zext i32 %92 to i64 %154 = inttoptr i64 %153 to i8* %155 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %156 = load i32, i32* %155, align 8 %157 = zext i32 %156 to i64 %158 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %159 = load i32, i32* %158, align 4 %160 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %161 = load i32, i32* %160, align 16 %162 = zext i32 %161 to i64 %163 = inttoptr i64 %162 to %struct.sys_desc_table* %164 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 5 %165 = load i32, i32* %164, align 4 %166 = call i32 @__sys_sendto(i32 %90, i8* %154, i64 %157, i32 %159, %struct.sys_desc_table* %163, i32 %165) #78 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #78 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %109 = trunc i64 %40 to i32 %110 = inttoptr i64 %42 to i8* %111 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %112 = load i64, i64* %111, align 16 %113 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %114 = load i64, i64* %113, align 8 %115 = trunc i64 %114 to i32 %116 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %117 = bitcast i64* %116 to %struct.sys_desc_table** %118 = load %struct.sys_desc_table*, %struct.sys_desc_table** %117, align 16 %119 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %120 = load i64, i64* %119, align 8 %121 = trunc i64 %120 to i32 %122 = call i32 @__sys_sendto(i32 %109, i8* %110, i64 %112, i32 %115, %struct.sys_desc_table* %118, i32 %121) #78 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #78 Function:__se_sys_socketcall %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !5 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 105 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 64 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %39, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %39, !prof !6, !misexpect !7 %35 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %40 = load i64, i64* %18, align 16 %41 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %42 = load i64, i64* %41, align 8 switch i32 %13, label %274 [ i32 1, label %43 i32 2, label %50 i32 3, label %57 i32 4, label %64 i32 5, label %68 i32 6, label %75 i32 7, label %82 i32 8, label %89 i32 9, label %99 i32 11, label %108 i32 10, label %123 i32 12, label %132 i32 13, label %147 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %109 = trunc i64 %40 to i32 %110 = inttoptr i64 %42 to i8* %111 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %112 = load i64, i64* %111, align 16 %113 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %114 = load i64, i64* %113, align 8 %115 = trunc i64 %114 to i32 %116 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %117 = bitcast i64* %116 to %struct.sys_desc_table** %118 = load %struct.sys_desc_table*, %struct.sys_desc_table** %117, align 16 %119 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %120 = load i64, i64* %119, align 8 %121 = trunc i64 %120 to i32 %122 = call i32 @__sys_sendto(i32 %109, i8* %110, i64 %112, i32 %115, %struct.sys_desc_table* %118, i32 %121) #78 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_send ------------- Path:  Function:__ia32_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_sendto(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32 0) #78 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_send ------------- Path:  Function:__x64_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_sendto(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32 0) #78 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_sendto ------------- Path:  Function:__ia32_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %3 to i32 %18 = inttoptr i64 %6 to i8* %19 = trunc i64 %11 to i32 %20 = inttoptr i64 %14 to %struct.sys_desc_table* %21 = trunc i64 %16 to i32 %22 = tail call i32 @__sys_sendto(i32 %17, i8* %18, i64 %9, i32 %19, %struct.sys_desc_table* %20, i32 %21) #78 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_sendto ------------- Path:  Function:__x64_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %10 to i32 %18 = trunc i64 %15 to i32 %19 = tail call i32 @__sys_sendto(i32 %16, i8* %6, i64 %8, i32 %17, %struct.sys_desc_table* %13, i32 %18) #78 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.273589, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.273589* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #78 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %52 = inttoptr i64 %9 to i8* %53 = tail call i64 @keyctl_instantiate_key(i32 %17, i8* %52, i64 %12, i32 %20) #78 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %11 = bitcast %struct.iovec* %5 to i8* %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %13 = call i32 @import_single_range(i32 1, i8* nonnull %1, i64 %2, %struct.iovec* nonnull %5, %struct.iov_iter* nonnull %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %154 = trunc i64 %1 to i32 %155 = trunc i64 %4 to i32 %156 = icmp ne i64 %2, 0 %157 = icmp ne i64 %3, 0 %158 = and i1 %156, %157 br i1 %158, label %159, label %171 %160 = inttoptr i64 %2 to i8* %161 = bitcast %struct.iovec* %9 to i8* %162 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %10, i64 0, i32 0 %163 = call i32 @import_single_range(i32 1, i8* nonnull %160, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %154 = trunc i64 %1 to i32 %155 = trunc i64 %4 to i32 %156 = icmp ne i64 %2, 0 %157 = icmp ne i64 %3, 0 %158 = and i1 %156, %157 br i1 %158, label %159, label %171 %160 = inttoptr i64 %2 to i8* %161 = bitcast %struct.iovec* %9 to i8* %162 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %10, i64 0, i32 0 %163 = call i32 @import_single_range(i32 1, i8* nonnull %160, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #78 ------------- Good: 26 Bad: 23 Ignored: 20 Check Use of Function:write_pool_user Use: =BAD PATH= Call Stack: 0 random_write_iter ------------- Path:  Function:random_write_iter %3 = tail call fastcc i64 @write_pool_user(%struct.iov_iter* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 random_write_iter ------------- Path:  Function:random_write_iter %3 = tail call fastcc i64 @write_pool_user(%struct.iov_iter* %1) #78 ------------- Good: 1 Bad: 2 Ignored: 0 Check Use of Function:extract_entropy Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 fib6_nh_remove_exception 4 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %4 = icmp eq %struct.dst_entry.902548* %0, null br i1 %4, label %64, label %5 %6 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.902525** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %63, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1 %13 = bitcast %struct.dst_entry.902548* %12 to %struct.fib6_info.902564** %14 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %13, align 8 %15 = load i32, i32* %7, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq %struct.fib6_info.902564* %14, null br i1 %25, label %61, label %26 %27 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %13, align 8 %43 = icmp eq %struct.fib6_info.902564* %42, null %44 = and i32 %15, 16777216 %45 = icmp eq i32 %44, 0 %46 = or i1 %45, %43 br i1 %46, label %61, label %47 %48 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %42, i64 0, i32 20 %49 = load %struct.nexthop.902560*, %struct.nexthop.902560** %48, align 8 %50 = icmp eq %struct.nexthop.902560* %49, null br i1 %50, label %58, label %51 %59 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %42, i64 0, i32 21, i64 0 %60 = tail call fastcc i32 @fib6_nh_remove_exception(%struct.fib6_nh.902563* %59, %struct.rt6_info.902561* nonnull %3) #78 Function:fib6_nh_remove_exception %3 = alloca %struct.anon.273, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.902563, %struct.fib6_nh.902563* %0, i64 0, i32 2 %6 = load volatile %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %7 = icmp eq %struct.rt6_exception_bucket* %6, null br i1 %7, label %63, label %8 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #78 %9 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %10 = icmp eq %struct.rt6_exception_bucket* %9, null %11 = ptrtoint %struct.rt6_exception_bucket* %9 to i64 %12 = and i64 %11, -2 %13 = inttoptr i64 %12 to %struct.rt6_exception_bucket* %14 = select i1 %10, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %13 %15 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %1, i64 0, i32 3, i32 0 %16 = icmp ne %struct.rt6_exception_bucket* %14, null %17 = icmp ne %struct.in6_addr* %15, null %18 = and i1 %17, %16 br i1 %18, label %19, label %61 %20 = bitcast %struct.anon.273* %3 to i8* %21 = bitcast %struct.in6_addr* %15 to i8* %22 = getelementptr inbounds %struct.anon.273, %struct.anon.273* %3, i64 0, i32 1 %23 = bitcast %struct.in6_addr* %22 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_remove_exception, %24)) #6 to label %29 [label %24], !srcloc !4 %25 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %26 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #78 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 fib6_nh_update_exception 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.902664* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.902548* %0, %struct.sock.902701* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #78 Function:__ip6_rt_update_pmtu %6 = alloca %struct.fib6_nh_match_arg, align 8 %7 = alloca %struct.fib6_result.903079, align 8 %8 = alloca %struct.fib6_nh_match_arg, align 8 %9 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %10 = icmp eq %struct.ipv6hdr* %2, null br i1 %10, label %13, label %11 %14 = icmp eq %struct.sock.902701* %1, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 10 %17 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 4 %18 = load volatile i8, i8* %17, align 2 br label %19 %20 = phi %struct.in6_addr* [ %12, %11 ], [ null, %13 ], [ %16, %15 ] br i1 %4, label %21, label %29 %22 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %23 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %22, align 8 %24 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %23, i64 0, i32 15 %25 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %24, align 16 %26 = icmp eq void (%struct.dst_entry.902548*, i8*)* %25, null br i1 %26, label %29, label %27 %28 = bitcast %struct.in6_addr* %20 to i8* tail call void %25(%struct.dst_entry.902548* %0, i8* %28) #78 br label %29 %30 = icmp ult i32 %3, 1280 br i1 %30, label %271, label %31 %32 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %33 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %32, align 8 %34 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %33, i64 0, i32 5 %35 = load i32 (%struct.dst_entry.902548*)*, i32 (%struct.dst_entry.902548*)** %34, align 32 %36 = icmp eq i32 (%struct.dst_entry.902548*)* %35, @ip6_mtu br i1 %36, label %37, label %56, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 2 %39 = load i64, i64* %38, align 8 %40 = and i64 %39, -4 %41 = inttoptr i64 %40 to i32* %42 = getelementptr i32, i32* %41, i64 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %62 %63 = phi i32 [ %59, %58 ], [ %61, %60 ], [ %43, %37 ], [ %55, %54 ] %64 = icmp ugt i32 %63, %3 br i1 %64, label %65, label %271 %66 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %67 = bitcast %struct.lwtunnel_state.902525** %66 to i32* %68 = load i32, i32* %67, align 8 %69 = and i32 %68, 16777216 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %79 %72 = and i32 %68, 1073741824 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %168 %75 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1 %76 = bitcast %struct.dst_entry.902548* %75 to %struct.fib6_info.902564** %77 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %76, align 8 %78 = icmp eq %struct.fib6_info.902564* %77, null br i1 %78, label %79, label %168 %80 = getelementptr %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 0 %81 = load %struct.net_device.902651*, %struct.net_device.902651** %80, align 8 %82 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %81, i64 0, i32 109, i32 0 %83 = load %struct.net.902772*, %struct.net.902772** %82, align 8 %84 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 2 %85 = load i64, i64* %84, align 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %87, label %88, !prof !8, !misexpect !9 %89 = and i64 %85, 1 %90 = icmp eq i64 %89, 0 br i1 %90, label %96, label %91 %97 = and i64 %85, -4 %98 = inttoptr i64 %97 to i32* br label %99 %100 = phi i32* [ %95, %91 ], [ %98, %96 ] %101 = icmp eq i32* %100, null br i1 %101, label %104, label %102 %105 = load i32, i32* %67, align 8 %106 = or i32 %105, 32 store i32 %106, i32* %67, align 8 %107 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %83, i64 0, i32 35, i32 1, i32 11 %108 = load i32, i32* %107, align 64 %109 = and i32 %105, 4194304 %110 = icmp eq i32 %109, 0 br i1 %110, label %111, label %121 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %112 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1 %113 = bitcast %struct.dst_entry.902548* %112 to %struct.fib6_info.902564** %114 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %113, align 8 %115 = icmp eq %struct.fib6_info.902564* %114, null br i1 %115, label %120, label %116 %117 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %114, i64 0, i32 6 %118 = load i64, i64* %117, align 8 %119 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 3 store i64 %118, i64* %119, align 8 br label %120 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br label %121 %122 = load volatile i64, i64* @jiffies, align 64 %123 = sext i32 %108 to i64 %124 = add i64 %122, %123 %125 = icmp eq i64 %124, 0 %126 = select i1 %125, i64 1, i64 %124 %127 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 3 %128 = load i64, i64* %127, align 8 %129 = icmp eq i64 %128, 0 %130 = sub i64 %126, %128 %131 = icmp slt i64 %130, 0 %132 = or i1 %129, %131 br i1 %132, label %133, label %134 %135 = load i32, i32* %67, align 8 %136 = or i32 %135, 4194304 store i32 %136, i32* %67, align 8 %137 = and i32 %135, 16777216 %138 = icmp eq i32 %137, 0 br i1 %138, label %271, label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %140 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1 %141 = bitcast %struct.dst_entry.902548* %140 to %struct.fib6_info.902564** %142 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %141, align 8 %143 = icmp eq %struct.fib6_info.902564* %142, null br i1 %143, label %167, label %144 %145 = load i32, i32* %67, align 8 %146 = and i32 %145, 16777216 %147 = icmp eq i32 %146, 0 br i1 %147, label %167, label %148 %149 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %142, i64 0, i32 20 %150 = load %struct.nexthop.902560*, %struct.nexthop.902560** %149, align 8 %151 = icmp eq %struct.nexthop.902560* %150, null br i1 %151, label %163, label %152 %164 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %142, i64 0, i32 21, i64 0 br label %165 %166 = phi %struct.fib6_nh.902563* [ %161, %152 ], [ %164, %163 ] call fastcc void @fib6_nh_update_exception(%struct.fib6_nh.902563* %166, %struct.rt6_info.902561* %9) #78 Function:fib6_nh_update_exception %3 = alloca %struct.anon.273, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.902563, %struct.fib6_nh.902563* %0, i64 0, i32 2 %6 = load volatile %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %7 = icmp eq %struct.rt6_exception_bucket* %6, null %8 = ptrtoint %struct.rt6_exception_bucket* %6 to i64 %9 = and i64 %8, -2 %10 = inttoptr i64 %9 to %struct.rt6_exception_bucket* %11 = select i1 %7, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %10 %12 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %1, i64 0, i32 3, i32 0 %13 = icmp ne %struct.rt6_exception_bucket* %11, null %14 = icmp ne %struct.in6_addr* %12, null %15 = and i1 %14, %13 br i1 %15, label %16, label %61 %17 = bitcast %struct.anon.273* %3 to i8* %18 = bitcast %struct.in6_addr* %12 to i8* %19 = getelementptr inbounds %struct.anon.273, %struct.anon.273* %3, i64 0, i32 1 %20 = bitcast %struct.in6_addr* %19 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_update_exception, %21)) #6 to label %26 [label %21], !srcloc !4 %22 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %23 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #78 br i1 %23, label %24, label %25, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #78 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #78 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #78 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_rps_cpu 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 tcp_recvmsg 9 inet6_recvmsg 10 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #78 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_rps_cpu 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #78 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_flow_dissect 4 packet_parse_headers 5 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 %573 = icmp sgt i32 %572, -1 br i1 %573, label %579, label %599 %580 = phi %union.anon.99* [ %577, %574 ], [ %29, %571 ] %581 = load i32, i32* %245, align 4 %582 = and i32 %581, 256 %583 = icmp eq i32 %582, 0 br i1 %583, label %599, label %584 %585 = load i16, i16* %275, align 2 %586 = zext i16 %585 to i64 %587 = getelementptr i8, i8* %3, i64 %586 %588 = getelementptr inbounds %union.anon.99, %union.anon.99* %580, i64 0, i32 0, i64 0 %589 = load i32, i32* %588, align 4 %590 = and i32 %589, 2062 %591 = icmp eq i32 %590, 2062 store i32 0, i32* %10, align 4 br i1 %591, label %594, label %592, !prof !4, !misexpect !9 call void @get_random_bytes(i8* nonnull %276, i64 4) #79 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 %13 = bitcast %struct.ctl_table* %8 to i8* store i8* %10, i8** %12, align 8 %14 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %14, align 8 %15 = icmp eq i32 %1, 0 br i1 %15, label %16, label %31 %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %18 = load i8*, i8** %17, align 8 %19 = icmp eq i8* %18, null br i1 %19, label %20, label %21 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #78 %22 = getelementptr i8, i8* %18, i64 8 %23 = load i8, i8* %22, align 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %26 call void @generate_random_uuid(i8* nonnull %18) #78 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 %13 = bitcast %struct.ctl_table* %8 to i8* store i8* %10, i8** %12, align 8 %14 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %14, align 8 %15 = icmp eq i32 %1, 0 br i1 %15, label %16, label %31 %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %18 = load i8*, i8** %17, align 8 %19 = icmp eq i8* %18, null br i1 %19, label %20, label %21 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #78 %22 = getelementptr i8, i8* %18, i64 8 %23 = load i8, i8* %22, align 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %26 call void @generate_random_uuid(i8* nonnull %18) #78 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #78 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #78 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %56, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #78 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #78 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %56, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %29, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #78 %17 = icmp eq i32 %16, 0 br i1 %17, label %29, label %18 %30 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #80 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %56, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #78 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1, !range !10 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !7, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 fib6_nh_remove_exception 4 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %4 = icmp eq %struct.dst_entry.902548* %0, null br i1 %4, label %64, label %5 %6 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.902525** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %63, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1 %13 = bitcast %struct.dst_entry.902548* %12 to %struct.fib6_info.902564** %14 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %13, align 8 %15 = load i32, i32* %7, align 8 %16 = and i32 %15, 4194304 %17 = icmp eq i32 %16, 0 br i1 %17, label %24, label %18 %25 = icmp eq %struct.fib6_info.902564* %14, null br i1 %25, label %61, label %26 %27 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 8 %28 = load i16, i16* %27, align 2 %29 = icmp eq i16 %28, -1 br i1 %29, label %30, label %41 %42 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %13, align 8 %43 = icmp eq %struct.fib6_info.902564* %42, null %44 = and i32 %15, 16777216 %45 = icmp eq i32 %44, 0 %46 = or i1 %45, %43 br i1 %46, label %61, label %47 %48 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %42, i64 0, i32 20 %49 = load %struct.nexthop.902560*, %struct.nexthop.902560** %48, align 8 %50 = icmp eq %struct.nexthop.902560* %49, null br i1 %50, label %58, label %51 %59 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %42, i64 0, i32 21, i64 0 %60 = tail call fastcc i32 @fib6_nh_remove_exception(%struct.fib6_nh.902563* %59, %struct.rt6_info.902561* nonnull %3) #78 Function:fib6_nh_remove_exception %3 = alloca %struct.anon.273, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.902563, %struct.fib6_nh.902563* %0, i64 0, i32 2 %6 = load volatile %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %7 = icmp eq %struct.rt6_exception_bucket* %6, null br i1 %7, label %63, label %8 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #78 %9 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %10 = icmp eq %struct.rt6_exception_bucket* %9, null %11 = ptrtoint %struct.rt6_exception_bucket* %9 to i64 %12 = and i64 %11, -2 %13 = inttoptr i64 %12 to %struct.rt6_exception_bucket* %14 = select i1 %10, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %13 %15 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %1, i64 0, i32 3, i32 0 %16 = icmp ne %struct.rt6_exception_bucket* %14, null %17 = icmp ne %struct.in6_addr* %15, null %18 = and i1 %17, %16 br i1 %18, label %19, label %61 %20 = bitcast %struct.anon.273* %3 to i8* %21 = bitcast %struct.in6_addr* %15 to i8* %22 = getelementptr inbounds %struct.anon.273, %struct.anon.273* %3, i64 0, i32 1 %23 = bitcast %struct.in6_addr* %22 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_remove_exception, %24)) #6 to label %29 [label %24], !srcloc !4 %25 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %26 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #78 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 fib6_nh_update_exception 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.902664* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.902548* %0, %struct.sock.902701* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #78 Function:__ip6_rt_update_pmtu %6 = alloca %struct.fib6_nh_match_arg, align 8 %7 = alloca %struct.fib6_result.903079, align 8 %8 = alloca %struct.fib6_nh_match_arg, align 8 %9 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %10 = icmp eq %struct.ipv6hdr* %2, null br i1 %10, label %13, label %11 %14 = icmp eq %struct.sock.902701* %1, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 10 %17 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 4 %18 = load volatile i8, i8* %17, align 2 br label %19 %20 = phi %struct.in6_addr* [ %12, %11 ], [ null, %13 ], [ %16, %15 ] br i1 %4, label %21, label %29 %22 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %23 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %22, align 8 %24 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %23, i64 0, i32 15 %25 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %24, align 16 %26 = icmp eq void (%struct.dst_entry.902548*, i8*)* %25, null br i1 %26, label %29, label %27 %28 = bitcast %struct.in6_addr* %20 to i8* tail call void %25(%struct.dst_entry.902548* %0, i8* %28) #78 br label %29 %30 = icmp ult i32 %3, 1280 br i1 %30, label %271, label %31 %32 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %33 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %32, align 8 %34 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %33, i64 0, i32 5 %35 = load i32 (%struct.dst_entry.902548*)*, i32 (%struct.dst_entry.902548*)** %34, align 32 %36 = icmp eq i32 (%struct.dst_entry.902548*)* %35, @ip6_mtu br i1 %36, label %37, label %56, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 2 %39 = load i64, i64* %38, align 8 %40 = and i64 %39, -4 %41 = inttoptr i64 %40 to i32* %42 = getelementptr i32, i32* %41, i64 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %62 %63 = phi i32 [ %59, %58 ], [ %61, %60 ], [ %43, %37 ], [ %55, %54 ] %64 = icmp ugt i32 %63, %3 br i1 %64, label %65, label %271 %66 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %67 = bitcast %struct.lwtunnel_state.902525** %66 to i32* %68 = load i32, i32* %67, align 8 %69 = and i32 %68, 16777216 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %79 %72 = and i32 %68, 1073741824 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %168 %75 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1 %76 = bitcast %struct.dst_entry.902548* %75 to %struct.fib6_info.902564** %77 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %76, align 8 %78 = icmp eq %struct.fib6_info.902564* %77, null br i1 %78, label %79, label %168 %80 = getelementptr %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 0 %81 = load %struct.net_device.902651*, %struct.net_device.902651** %80, align 8 %82 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %81, i64 0, i32 109, i32 0 %83 = load %struct.net.902772*, %struct.net.902772** %82, align 8 %84 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 2 %85 = load i64, i64* %84, align 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %87, label %88, !prof !8, !misexpect !9 %89 = and i64 %85, 1 %90 = icmp eq i64 %89, 0 br i1 %90, label %96, label %91 %97 = and i64 %85, -4 %98 = inttoptr i64 %97 to i32* br label %99 %100 = phi i32* [ %95, %91 ], [ %98, %96 ] %101 = icmp eq i32* %100, null br i1 %101, label %104, label %102 %105 = load i32, i32* %67, align 8 %106 = or i32 %105, 32 store i32 %106, i32* %67, align 8 %107 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %83, i64 0, i32 35, i32 1, i32 11 %108 = load i32, i32* %107, align 64 %109 = and i32 %105, 4194304 %110 = icmp eq i32 %109, 0 br i1 %110, label %111, label %121 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %112 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1 %113 = bitcast %struct.dst_entry.902548* %112 to %struct.fib6_info.902564** %114 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %113, align 8 %115 = icmp eq %struct.fib6_info.902564* %114, null br i1 %115, label %120, label %116 %117 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %114, i64 0, i32 6 %118 = load i64, i64* %117, align 8 %119 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 3 store i64 %118, i64* %119, align 8 br label %120 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br label %121 %122 = load volatile i64, i64* @jiffies, align 64 %123 = sext i32 %108 to i64 %124 = add i64 %122, %123 %125 = icmp eq i64 %124, 0 %126 = select i1 %125, i64 1, i64 %124 %127 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 3 %128 = load i64, i64* %127, align 8 %129 = icmp eq i64 %128, 0 %130 = sub i64 %126, %128 %131 = icmp slt i64 %130, 0 %132 = or i1 %129, %131 br i1 %132, label %133, label %134 %135 = load i32, i32* %67, align 8 %136 = or i32 %135, 4194304 store i32 %136, i32* %67, align 8 %137 = and i32 %135, 16777216 %138 = icmp eq i32 %137, 0 br i1 %138, label %271, label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %140 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1 %141 = bitcast %struct.dst_entry.902548* %140 to %struct.fib6_info.902564** %142 = load volatile %struct.fib6_info.902564*, %struct.fib6_info.902564** %141, align 8 %143 = icmp eq %struct.fib6_info.902564* %142, null br i1 %143, label %167, label %144 %145 = load i32, i32* %67, align 8 %146 = and i32 %145, 16777216 %147 = icmp eq i32 %146, 0 br i1 %147, label %167, label %148 %149 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %142, i64 0, i32 20 %150 = load %struct.nexthop.902560*, %struct.nexthop.902560** %149, align 8 %151 = icmp eq %struct.nexthop.902560* %150, null br i1 %151, label %163, label %152 %164 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %142, i64 0, i32 21, i64 0 br label %165 %166 = phi %struct.fib6_nh.902563* [ %161, %152 ], [ %164, %163 ] call fastcc void @fib6_nh_update_exception(%struct.fib6_nh.902563* %166, %struct.rt6_info.902561* %9) #78 Function:fib6_nh_update_exception %3 = alloca %struct.anon.273, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.902563, %struct.fib6_nh.902563* %0, i64 0, i32 2 %6 = load volatile %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %7 = icmp eq %struct.rt6_exception_bucket* %6, null %8 = ptrtoint %struct.rt6_exception_bucket* %6 to i64 %9 = and i64 %8, -2 %10 = inttoptr i64 %9 to %struct.rt6_exception_bucket* %11 = select i1 %7, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %10 %12 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %1, i64 0, i32 3, i32 0 %13 = icmp ne %struct.rt6_exception_bucket* %11, null %14 = icmp ne %struct.in6_addr* %12, null %15 = and i1 %14, %13 br i1 %15, label %16, label %61 %17 = bitcast %struct.anon.273* %3 to i8* %18 = bitcast %struct.in6_addr* %12 to i8* %19 = getelementptr inbounds %struct.anon.273, %struct.anon.273* %3, i64 0, i32 1 %20 = bitcast %struct.in6_addr* %19 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_update_exception, %21)) #6 to label %26 [label %21], !srcloc !4 %22 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %23 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #78 br i1 %23, label %24, label %25, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #78 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #78 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %67 = load i32, i32* %7, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %175 %176 = phi %struct.net_device.837070* [ %25, %27 ], [ %44, %66 ], [ %44, %69 ], [ %87, %139 ], [ %164, %161 ], [ %174, %170 ], [ %97, %95 ] %177 = phi i32 [ 0, %27 ], [ %6, %66 ], [ %6, %69 ], [ %6, %139 ], [ %167, %161 ], [ %6, %170 ], [ %6, %95 ] %178 = phi i32 [ 0, %27 ], [ 0, %66 ], [ 0, %69 ], [ 0, %139 ], [ -2147483648, %161 ], [ 0, %170 ], [ -2147483648, %95 ] %179 = tail call fastcc %struct.rtable.836556* @__mkroute_output(%struct.fib_result.837080* %2, %struct.flowi4* %1, i32 %177, %struct.net_device.837070* %176, i32 %178) #79 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 7 %8 = load %struct.fib_info.836560*, %struct.fib_info.836560** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 67 %13 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %12, align 8 %14 = icmp eq %struct.in_device.837027* %13, null br i1 %14, label %308, label %15 %16 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 0 %17 = load %struct.net_device.837070*, %struct.net_device.837070** %16, align 8 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %17, i64 0, i32 109, i32 0 %19 = load %struct.net.836644*, %struct.net.836644** %18, align 8 %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %19, i64 0, i32 34, i32 6 %21 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %20, align 8 %22 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %21, i64 0, i32 1, i64 25 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %44, !prof !4 %26 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %13, i64 0, i32 20, i32 1, i64 25 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %44, !prof !4, !misexpect !5 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 127 br i1 %33, label %34, label %44 %35 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 %36 = load i32, i32* %35, align 64 %37 = and i32 %36, 8 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %44 %40 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 15 %41 = load i32, i32* %40, align 4 %42 = and i32 %41, 262144 %43 = icmp eq i32 %42, 0 br i1 %43, label %308, label %44 %45 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %46 = load i32, i32* %45, align 4 %47 = icmp eq i32 %46, -1 br i1 %47, label %48, label %50 %51 = and i32 %46, 240 %52 = icmp eq i32 %51, 224 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %3, i64 0, i32 14 br label %67 %68 = phi i32 [ %4, %53 ], [ %62, %57 ] %69 = phi i32* [ %54, %53 ], [ %58, %57 ] %70 = or i32 %68, -1610612736 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %72 = load i32, i32* %71, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %74 = load i8, i8* %73, align 2 %75 = tail call i32 bitcast (i32 (%struct.in_device.862607*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.837027*, i32, i32, i8)*)(%struct.in_device.837027* nonnull %13, i32 %46, i32 %72, i8 zeroext %74) #78 %76 = icmp eq i32 %75, 0 %77 = and i32 %70, 2147483647 %78 = select i1 %76, i32 %77, i32 %70 %79 = icmp eq %struct.fib_info.836560* %8, null br i1 %79, label %203, label %80 %81 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 1 %82 = load i8, i8* %81, align 4 %83 = icmp ult i8 %82, 4 br i1 %83, label %203, label %84 %85 = zext i1 %76 to i32 %86 = zext i1 %76 to i8 %87 = load i32, i32* %45, align 4 br label %103 %104 = phi i32 [ %87, %84 ], [ %46, %97 ] %105 = phi i8 [ %86, %84 ], [ %102, %97 ] %106 = phi i32 [ %85, %84 ], [ %101, %97 ] %107 = phi i32 [ %78, %84 ], [ %62, %97 ] %108 = phi i16 [ 5, %84 ], [ %11, %97 ] %109 = phi i32* [ %69, %84 ], [ %58, %97 ] %110 = icmp eq i32 %106, 0 %111 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %0, i64 0, i32 6 %112 = load %struct.fib_nh_common.836559*, %struct.fib_nh_common.836559** %111, align 8 %113 = getelementptr inbounds %struct.fib_nh_common.836559, %struct.fib_nh_common.836559* %112, i64 0, i32 12 %114 = load volatile %struct.fnhe_hash_bucket.836558*, %struct.fnhe_hash_bucket.836558** %113, align 8 %115 = icmp eq %struct.fnhe_hash_bucket.836558* %114, null br i1 %115, label %147, label %116 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %117)) #6 to label %122 [label %117], !srcloc !6 %123 = call i64 @siphash_1u32(i32 %104, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #78 %124 = mul i64 %123, 7046029254386353131 %125 = lshr i64 %124, 53 %126 = getelementptr %struct.fnhe_hash_bucket.836558, %struct.fnhe_hash_bucket.836558* %114, i64 %125, i32 0 %127 = load volatile %struct.fib_nh_exception.836557*, %struct.fib_nh_exception.836557** %126, align 8 %128 = icmp eq %struct.fib_nh_exception.836557* %127, null br i1 %128, label %147, label %129 %130 = phi %struct.fib_nh_exception.836557* [ %145, %143 ], [ %127, %122 ] %131 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 4 %133 = icmp eq i32 %132, %104 br i1 %133, label %134, label %143 %135 = getelementptr inbounds %struct.fib_nh_exception.836557, %struct.fib_nh_exception.836557* %130, i64 0, i32 6 %136 = load i64, i64* %135, align 8 %137 = icmp eq i64 %136, 0 br i1 %137, label %147, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = sub i64 %136, %139 %141 = icmp slt i64 %140, 0 br i1 %141, label %142, label %147 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.836559* %112, i32 %104) #78 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #78 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_rps_cpu 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 tcp_recvmsg 9 inet6_recvmsg 10 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #78 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_rps_cpu 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #78 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_flow_dissect 4 packet_parse_headers 5 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 %573 = icmp sgt i32 %572, -1 br i1 %573, label %579, label %599 %580 = phi %union.anon.99* [ %577, %574 ], [ %29, %571 ] %581 = load i32, i32* %245, align 4 %582 = and i32 %581, 256 %583 = icmp eq i32 %582, 0 br i1 %583, label %599, label %584 %585 = load i16, i16* %275, align 2 %586 = zext i16 %585 to i64 %587 = getelementptr i8, i8* %3, i64 %586 %588 = getelementptr inbounds %union.anon.99, %union.anon.99* %580, i64 0, i32 0, i64 0 %589 = load i32, i32* %588, align 4 %590 = and i32 %589, 2062 %591 = icmp eq i32 %590, 2062 store i32 0, i32* %10, align 4 br i1 %591, label %594, label %592, !prof !4, !misexpect !9 call void @get_random_bytes(i8* nonnull %276, i64 4) #79 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 %13 = bitcast %struct.ctl_table* %8 to i8* store i8* %10, i8** %12, align 8 %14 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %14, align 8 %15 = icmp eq i32 %1, 0 br i1 %15, label %16, label %31 %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %18 = load i8*, i8** %17, align 8 %19 = icmp eq i8* %18, null br i1 %19, label %20, label %21 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #78 %22 = getelementptr i8, i8* %18, i64 8 %23 = load i8, i8* %22, align 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %26 call void @generate_random_uuid(i8* nonnull %18) #78 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 %13 = bitcast %struct.ctl_table* %8 to i8* store i8* %10, i8** %12, align 8 %14 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %14, align 8 %15 = icmp eq i32 %1, 0 br i1 %15, label %16, label %31 %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %18 = load i8*, i8** %17, align 8 %19 = icmp eq i8* %18, null br i1 %19, label %20, label %21 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #78 %22 = getelementptr i8, i8* %18, i64 8 %23 = load i8, i8* %22, align 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %26 call void @generate_random_uuid(i8* nonnull %18) #78 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #78 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #78 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #78 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #78 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %56, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %2, i64 0, i32 0 %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #78 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #78 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %56, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %29, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #78 %17 = icmp eq i32 %16, 0 br i1 %17, label %29, label %18 %30 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #80 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 4 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %56, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #78 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !7, !misexpect !8 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 3, i32 0, i32 0)) #78 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !7, !misexpect !8 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.112.372408, %struct.anon.112.372408* @base_crng, i64 0, i32 0, i64 0)) #79 ------------- Good: 1603 Bad: 26 Ignored: 2286 Check Use of Function:local_bh_enable.68300 Check Use of Function:dev_change_carrier Check Use of Function:exit_swap_address_space Check Use of Function:ext4_iomap_swap_activate Check Use of Function:probe_acpi_namespace_devices Check Use of Function:nfs_swap_activate Check Use of Function:_enable_swap_info Check Use of Function:filemap_write_and_wait_range Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #78 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236429** %24 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236429* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236429* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236429* %31, %struct.nfs4_label* null) #79 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236401** %15 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236429* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236428* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 2 %27 = bitcast %struct.nfs_fh** %24 to %struct.seqcount_spinlock** %28 = bitcast %struct.nfs_setattrargs* %8 to i8* store %struct.seqcount_spinlock* %26, %struct.seqcount_spinlock** %27, align 8 %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %30 = bitcast %struct.nfs4_stateid_struct* %29 to i8* %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %32, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %34 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %34, i32** %33, align 8 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %35, align 8 %36 = bitcast %struct.nfs_setattrres* %9 to i8* %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 %38 = bitcast %struct.nfs_setattrres* %9 to i8* store %struct.nfs_fattr* %2, %struct.nfs_fattr** %37, align 8 %39 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %39, align 8 %40 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %40, align 8 %41 = bitcast %struct.nfs4_exception* %10 to i8* %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236428* %22, %struct.nfs4_state.236428** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %29, %struct.nfs4_stateid_struct** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = and i32 %49, 6145 %51 = icmp eq i32 %50, 0 %52 = select i1 %51, i64 256, i64 131328 %53 = and i32 %49, 6 %54 = icmp eq i32 %53, 0 %55 = or i64 %52, 4096 %56 = select i1 %54, i64 %52, i64 %55 %57 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 35, i64 0 %58 = bitcast i32* %57 to i8* %59 = icmp eq %struct.inode* %0, null %60 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 38 %61 = bitcast %struct.seqcount_spinlock* %60 to i64* %62 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 0 %64 = icmp eq %struct.nfs4_state.236428* %22, null %65 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %22, i64 0, i32 13 br label %66 br i1 %59, label %92, label %67 %93 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236429* %4) #79 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236401** %14 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.236417** %6 = load %struct.nfs_renameargs.236417*, %struct.nfs_renameargs.236417** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.236418** %9 = load %struct.nfs_renameres.236418*, %struct.nfs_renameres.236418** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.236413** %6 = load %struct.nfs_removeargs.236413*, %struct.nfs_removeargs.236413** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.236415** %9 = load %struct.nfs_removeres.236415*, %struct.nfs_removeres.236415** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.236401** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #78 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_file_flush ------------- Path:  Function:nfs4_file_flush %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.214586** %9 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %9, i64 0, i32 6 %11 = load %struct.nfs_iostats*, %struct.nfs_iostats** %10, align 8 %12 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %11, i64 0, i32 1, i64 14 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %30, label %17 %18 = tail call zeroext i1 @nfs4_delegation_flush_on_close(%struct.inode* %4) #78 %19 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %20 = load %struct.address_space*, %struct.address_space** %19, align 8 br i1 %18, label %23, label %21 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %20, i64 0, i32 11 %25 = tail call i32 @errseq_sample(i32* %24) #78 %26 = tail call i32 @nfs_wb_all(%struct.inode* %4) #78 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 do_unlk 2 nfs_lock ------------- Path:  Function:nfs_lock %4 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 18 %5 = load %struct.address_space.214817*, %struct.address_space.214817** %4, align 8 %6 = getelementptr inbounds %struct.address_space.214817, %struct.address_space.214817* %5, i64 0, i32 0 %7 = load %struct.inode.215256*, %struct.inode.215256** %6, align 8 %8 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %7, i64 0, i32 8 %9 = load %struct.super_block.215246*, %struct.super_block.215246** %8, align 8 %10 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215399** %12 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 16 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !4 %16 = getelementptr inbounds %struct.file_lock.215252, %struct.file_lock.215252* %2, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 4096 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %86 %21 = load %struct.super_block.215246*, %struct.super_block.215246** %8, align 8 %22 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %21, i64 0, i32 28 %23 = bitcast i8** %22 to %struct.nfs_server.215399** %24 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %23, align 16 %25 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %24, i64 0, i32 8 %26 = load i32, i32* %25, align 8 %27 = lshr i32 %26, 21 %28 = and i32 %27, 1 %29 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %24, i64 0, i32 0 %30 = load %struct.nfs_client.215393*, %struct.nfs_client.215393** %29, align 8 %31 = getelementptr inbounds %struct.nfs_client.215393, %struct.nfs_client.215393* %30, i64 0, i32 12 %32 = load %struct.nfs_rpc_ops.215376*, %struct.nfs_rpc_ops.215376** %31, align 8 %33 = getelementptr inbounds %struct.nfs_rpc_ops.215376, %struct.nfs_rpc_ops.215376* %32, i64 0, i32 43 %34 = load i32 (%struct.file_lock.215252*)*, i32 (%struct.file_lock.215252*)** %33, align 8 %35 = icmp eq i32 (%struct.file_lock.215252*)* %34, null br i1 %35, label %39, label %36 %40 = icmp eq i32 %1, 5 br i1 %40, label %41, label %78 %79 = getelementptr inbounds %struct.file_lock.215252, %struct.file_lock.215252* %2, i64 0, i32 7 %80 = load i8, i8* %79, align 4 %81 = icmp eq i8 %80, 2 br i1 %81, label %82, label %84 %83 = tail call fastcc i32 @do_unlk(%struct.file.215264* %0, i32 %1, %struct.file_lock.215252* %2, i32 %28) #79 Function:do_unlk %5 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 18 %6 = load %struct.address_space.214817*, %struct.address_space.214817** %5, align 8 %7 = getelementptr inbounds %struct.address_space.214817, %struct.address_space.214817* %6, i64 0, i32 0 %8 = load %struct.inode.215256*, %struct.inode.215256** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.215256*)*)(%struct.inode.215256* %8) #78 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 do_unlk 2 nfs_flock ------------- Path:  Function:nfs_flock %4 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 18 %5 = load %struct.address_space.214817*, %struct.address_space.214817** %4, align 8 %6 = getelementptr inbounds %struct.address_space.214817, %struct.address_space.214817* %5, i64 0, i32 0 %7 = load %struct.inode.215256*, %struct.inode.215256** %6, align 8 %8 = getelementptr inbounds %struct.file_lock.215252, %struct.file_lock.215252* %2, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %32, label %12 %13 = getelementptr inbounds %struct.file_lock.215252, %struct.file_lock.215252* %2, i64 0, i32 7 %14 = load i8, i8* %13, align 4 %15 = and i8 %14, 32 %16 = icmp eq i8 %15, 0 br i1 %16, label %17, label %32 %18 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %7, i64 0, i32 8 %19 = load %struct.super_block.215246*, %struct.super_block.215246** %18, align 8 %20 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %19, i64 0, i32 28 %21 = bitcast i8** %20 to %struct.nfs_server.215399** %22 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %21, align 16 %23 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %22, i64 0, i32 8 %24 = load i32, i32* %23, align 8 %25 = lshr i32 %24, 20 %26 = and i32 %25, 1 %27 = icmp eq i8 %14, 2 br i1 %27, label %28, label %30 %29 = tail call fastcc i32 @do_unlk(%struct.file.215264* %0, i32 %1, %struct.file_lock.215252* %2, i32 %26) #78 Function:do_unlk %5 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 18 %6 = load %struct.address_space.214817*, %struct.address_space.214817** %5, align 8 %7 = getelementptr inbounds %struct.address_space.214817, %struct.address_space.214817* %6, i64 0, i32 0 %8 = load %struct.inode.215256*, %struct.inode.215256** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode*)* @nfs_wb_all to i32 (%struct.inode.215256*)*)(%struct.inode.215256* %8) #78 Function:nfs_wb_all callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %16 [label %2], !srcloc !4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %18 = load %struct.address_space*, %struct.address_space** %17, align 8 %19 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %18, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr ------------- Path:  Function:nfs_getattr %6 = getelementptr inbounds %struct.path.216280, %struct.path.216280* %1, i64 0, i32 1 %7 = load %struct.dentry.216888*, %struct.dentry.216888** %6, align 8 %8 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %7, i64 0, i32 5 %9 = load %struct.inode.216899*, %struct.inode.216899** %8, align 8 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %9, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %31 [label %17], !srcloc !4 %32 = and i32 %3, 2047 %33 = and i32 %4, 16384 %34 = icmp eq i32 %33, 0 %35 = xor i1 %16, true %36 = or i1 %34, %35 br i1 %36, label %54, label %37 %55 = and i32 %3, 192 %56 = icmp eq i32 %55, 0 br i1 %56, label %66, label %57 %58 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %9, i64 0, i32 0 %59 = load i16, i16* %58, align 8 %60 = and i16 %59, -4096 %61 = icmp eq i16 %60, -32768 br i1 %61, label %62, label %66 %63 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %9, i64 0, i32 9 %64 = load %struct.address_space.216900*, %struct.address_space.216900** %63, align 8 %65 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.216900*, i64, i64)*)(%struct.address_space.216900* %64, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr 1 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %9, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 2 %12 = bitcast %struct.seqcount_spinlock* %11 to i16* %13 = load i16, i16* %12, align 2 %14 = icmp eq i16 %13, 0 br i1 %14, label %17, label %15 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.path.216280*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.user_namespace*, %struct.path*, %struct.kstat*, i32, i32)*)(%struct.user_namespace* %0, %struct.path* %1, %struct.kstat* %2, i32 %3, i32 %4) #78 Function:nfs_getattr %6 = getelementptr inbounds %struct.path.216280, %struct.path.216280* %1, i64 0, i32 1 %7 = load %struct.dentry.216888*, %struct.dentry.216888** %6, align 8 %8 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %7, i64 0, i32 5 %9 = load %struct.inode.216899*, %struct.inode.216899** %8, align 8 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %9, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %31 [label %17], !srcloc !4 %32 = and i32 %3, 2047 %33 = and i32 %4, 16384 %34 = icmp eq i32 %33, 0 %35 = xor i1 %16, true %36 = or i1 %34, %35 br i1 %36, label %54, label %37 %55 = and i32 %3, 192 %56 = icmp eq i32 %55, 0 br i1 %56, label %66, label %57 %58 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %9, i64 0, i32 0 %59 = load i16, i16* %58, align 8 %60 = and i16 %59, -4096 %61 = icmp eq i16 %60, -32768 br i1 %61, label %62, label %66 %63 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %9, i64 0, i32 9 %64 = load %struct.address_space.216900*, %struct.address_space.216900** %63, align 8 %65 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.216900*, i64, i64)*)(%struct.address_space.216900* %64, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 fiemap_prep 1 iomap_fiemap 2 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ %6, %4 ], [ %14, %12 ] %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 34 %18 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %17, i64 10, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 524288 %21 = icmp eq i64 %20, 0 %22 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %23 = load %struct.super_block*, %struct.super_block** %22, align 8 br i1 %21, label %26, label %24 %27 = getelementptr inbounds %struct.super_block, %struct.super_block* %23, i64 0, i32 28 %28 = bitcast i8** %27 to %struct.ext4_sb_info** %29 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %28, align 16 %30 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %29, i64 0, i32 13 br label %31 %32 = phi i64* [ %25, %24 ], [ %30, %26 ] %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %3, 0 br i1 %34, label %51, label %35 %36 = icmp ult i64 %33, %2 br i1 %36, label %51, label %37 %38 = icmp ult i64 %33, %3 %39 = sub i64 %33, %3 %40 = icmp ult i64 %39, %2 %41 = or i1 %38, %40 %42 = sub i64 %33, %2 %43 = select i1 %41, i64 %42, i64 %3 %44 = and i32 %16, 2 %45 = icmp eq i32 %44, 0 br i1 %45, label %49, label %46 %50 = tail call i32 @iomap_fiemap(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %43, %struct.iomap_ops* nonnull @ext4_iomap_report_ops) #79 Function:iomap_fiemap %6 = alloca %struct.iomap_iter, align 8 %7 = bitcast %struct.iomap_iter* %6 to i8* %8 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 3 %10 = bitcast i64* %9 to i8* store %struct.inode* %0, %struct.inode** %8, align 8 %11 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 1 store i64 %2, i64* %11, align 8 %12 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 2 store i64 %3, i64* %12, align 8 %13 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 4 store i32 4, i32* %13, align 8 %14 = call i32 bitcast (i32 (%struct.inode.148633*, %struct.fiemap_extent_info*, i64, i64*, i32)* @fiemap_prep to i32 (%struct.inode*, %struct.fiemap_extent_info*, i64, i64*, i32)*)(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64* %12, i32 0) #78 Function:fiemap_prep %6 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %0, i64 0, i32 8 %7 = load %struct.super_block.148616*, %struct.super_block.148616** %6, align 8 %8 = getelementptr inbounds %struct.super_block.148616, %struct.super_block.148616* %7, i64 0, i32 4 %9 = load i64, i64* %8, align 32 %10 = load i64, i64* %3, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %36, label %12 %13 = icmp ugt i64 %9, %2 br i1 %13, label %14, label %36 %15 = icmp ult i64 %9, %10 %16 = sub i64 %9, %10 %17 = icmp ult i64 %16, %2 %18 = or i1 %15, %17 br i1 %18, label %19, label %21 %22 = and i32 %4, 2 %23 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = xor i32 %22, -2 %26 = and i32 %24, %25 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = and i32 %24, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %0, i64 0, i32 9 %34 = load %struct.address_space.148637*, %struct.address_space.148637** %33, align 8 %35 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.148637*, i64, i64)*)(%struct.address_space.148637* %34, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 fiemap_prep 1 iomap_fiemap 2 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ %6, %4 ], [ %14, %12 ] %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 34 %18 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %17, i64 10, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = and i64 %19, 524288 %21 = icmp eq i64 %20, 0 %22 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %23 = load %struct.super_block*, %struct.super_block** %22, align 8 br i1 %21, label %26, label %24 %27 = getelementptr inbounds %struct.super_block, %struct.super_block* %23, i64 0, i32 28 %28 = bitcast i8** %27 to %struct.ext4_sb_info** %29 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %28, align 16 %30 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %29, i64 0, i32 13 br label %31 %32 = phi i64* [ %25, %24 ], [ %30, %26 ] %33 = load i64, i64* %32, align 8 %34 = icmp eq i64 %3, 0 br i1 %34, label %51, label %35 %36 = icmp ult i64 %33, %2 br i1 %36, label %51, label %37 %38 = icmp ult i64 %33, %3 %39 = sub i64 %33, %3 %40 = icmp ult i64 %39, %2 %41 = or i1 %38, %40 %42 = sub i64 %33, %2 %43 = select i1 %41, i64 %42, i64 %3 %44 = and i32 %16, 2 %45 = icmp eq i32 %44, 0 br i1 %45, label %49, label %46 %50 = tail call i32 @iomap_fiemap(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %43, %struct.iomap_ops* nonnull @ext4_iomap_report_ops) #79 Function:iomap_fiemap %6 = alloca %struct.iomap_iter, align 8 %7 = bitcast %struct.iomap_iter* %6 to i8* %8 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 0 %9 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 3 %10 = bitcast i64* %9 to i8* store %struct.inode* %0, %struct.inode** %8, align 8 %11 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 1 store i64 %2, i64* %11, align 8 %12 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 2 store i64 %3, i64* %12, align 8 %13 = getelementptr inbounds %struct.iomap_iter, %struct.iomap_iter* %6, i64 0, i32 4 store i32 4, i32* %13, align 8 %14 = call i32 bitcast (i32 (%struct.inode.148633*, %struct.fiemap_extent_info*, i64, i64*, i32)* @fiemap_prep to i32 (%struct.inode*, %struct.fiemap_extent_info*, i64, i64*, i32)*)(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64* %12, i32 0) #78 Function:fiemap_prep %6 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %0, i64 0, i32 8 %7 = load %struct.super_block.148616*, %struct.super_block.148616** %6, align 8 %8 = getelementptr inbounds %struct.super_block.148616, %struct.super_block.148616* %7, i64 0, i32 4 %9 = load i64, i64* %8, align 32 %10 = load i64, i64* %3, align 8 %11 = icmp eq i64 %10, 0 br i1 %11, label %36, label %12 %13 = icmp ugt i64 %9, %2 br i1 %13, label %14, label %36 %15 = icmp ult i64 %9, %10 %16 = sub i64 %9, %10 %17 = icmp ult i64 %16, %2 %18 = or i1 %15, %17 br i1 %18, label %19, label %21 %22 = and i32 %4, 2 %23 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = xor i32 %22, -2 %26 = and i32 %24, %25 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = and i32 %24, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %0, i64 0, i32 9 %34 = load %struct.address_space.148637*, %struct.address_space.148637** %33, align 8 %35 = tail call i32 bitcast (i32 (%struct.address_space*, i64, i64)* @filemap_write_and_wait_range to i32 (%struct.address_space.148637*, i64, i64)*)(%struct.address_space.148637* %34, i64 0, i64 9223372036854775807) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_read_iter 1 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %4 = load %struct.file.294911*, %struct.file.294911** %3, align 8 %5 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %4, i64 0, i32 18 %6 = load %struct.address_space.294992*, %struct.address_space.294992** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %6, i64 0, i32 0 %8 = load %struct.inode.294985*, %struct.inode.294985** %7, align 8 %9 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #78 ------------- Good: 86 Bad: 13 Ignored: 123 Check Use of Function:blkdev_issue_discard Check Use of Function:generic_swapfile_activate Check Use of Function:nfs_swap_deactivate Check Use of Function:generic_setlease Use: =BAD PATH= Call Stack: 0 nfs4_proc_setlease 1 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #78 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %21 = tail call i32 @generic_setlease(%struct.file* %0, i64 2, %struct.file_lock** null, i8** %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_setlease 1 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #78 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq i64 %1, 0 %9 = select i1 %8, i32 1, i32 2 %10 = tail call i32 @nfs4_have_delegation(%struct.inode* %7, i32 %9) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %22, label %12 %13 = tail call i32 @generic_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #78 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:do_timens_ktime_to_host Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_set 1 do_timer_settime 2 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_set 1 do_timer_settime 2 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_set 1 do_timer_settime 2 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_set 1 do_timer_settime 2 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 ------------- Good: 2 Bad: 8 Ignored: 7 Check Use of Function:alarmtimer_do_nsleep Check Use of Function:ktime_add_safe Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #78 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #78 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #78 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %37 = call i64 @ktime_get() #78 %38 = load i64, i64* %7, align 8 %39 = call i64 @ktime_add_safe(i64 %37, i64 %38) #78 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %41 = phi i32 [ %6, %34 ], [ %6, %38 ], [ -1, %39 ] %42 = tail call fastcc i32 @futex_wait(i32* %0, i32 %35, i32 %2, i64* %3, i32 %41) #78 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.92026, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.92026* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* store %struct.futex_hash_bucket* null, %struct.futex_hash_bucket** %7, align 8 %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %99, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.92019* %17 = icmp eq i64* %3, null br i1 %17, label %28, label %18 %19 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %16, i64 0, i32 160 %20 = load i64, i64* %19, align 16 %21 = lshr i32 %1, 1 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %6, i32 %23, i32 0) #78 %24 = load i64, i64* %3, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %6, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %24, i64 %20) #78 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %41 = phi i32 [ %6, %34 ], [ %6, %38 ], [ -1, %39 ] %42 = tail call fastcc i32 @futex_wait(i32* %0, i32 %35, i32 %2, i64* %3, i32 %41) #78 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.92026, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.92026* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* store %struct.futex_hash_bucket* null, %struct.futex_hash_bucket** %7, align 8 %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %99, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.92019* %17 = icmp eq i64* %3, null br i1 %17, label %28, label %18 %19 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %16, i64 0, i32 160 %20 = load i64, i64* %19, align 16 %21 = lshr i32 %1, 1 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %6, i32 %23, i32 0) #78 %24 = load i64, i64* %3, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %6, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %24, i64 %20) #78 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %41 = phi i32 [ %6, %34 ], [ %6, %38 ], [ -1, %39 ] %42 = tail call fastcc i32 @futex_wait(i32* %0, i32 %35, i32 %2, i64* %3, i32 %41) #78 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.92026, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.92026* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* store %struct.futex_hash_bucket* null, %struct.futex_hash_bucket** %7, align 8 %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %99, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.92019* %17 = icmp eq i64* %3, null br i1 %17, label %28, label %18 %19 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %16, i64 0, i32 160 %20 = load i64, i64* %19, align 16 %21 = lshr i32 %1, 1 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %6, i32 %23, i32 0) #78 %24 = load i64, i64* %3, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %6, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %24, i64 %20) #78 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %41 = phi i32 [ %6, %34 ], [ %6, %38 ], [ -1, %39 ] %42 = tail call fastcc i32 @futex_wait(i32* %0, i32 %35, i32 %2, i64* %3, i32 %41) #78 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.92026, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.92026* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* store %struct.futex_hash_bucket* null, %struct.futex_hash_bucket** %7, align 8 %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %99, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.92019* %17 = icmp eq i64* %3, null br i1 %17, label %28, label %18 %19 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %16, i64 0, i32 160 %20 = load i64, i64* %19, align 16 %21 = lshr i32 %1, 1 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %6, i32 %23, i32 0) #78 %24 = load i64, i64* %3, align 8 %25 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %6, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = call i64 @ktime_add_safe(i64 %24, i64 %20) #78 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] %709 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %35, i64* null, i32 1) #78 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.92026, align 8 %6 = alloca %struct.task_struct.92019*, align 8 %7 = alloca %struct.rt_mutex_waiter.91979, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.92026* %5 to i8* %10 = bitcast %struct.task_struct.92019** %6 to i8* store %struct.task_struct.92019* null, %struct.task_struct.92019** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.91979* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct.92019* %15 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %14, i64 0, i32 140 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 8 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #78 %21 = icmp eq i8* %20, null br i1 %21, label %259, label %22 %23 = bitcast i8* %20 to %struct.list_head* %24 = bitcast i8* %20 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %20, i64 8 %26 = bitcast i8* %25 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %26, align 8 %27 = getelementptr inbounds i8, i8* %20, i64 48 %28 = bitcast i8* %27 to %struct.task_struct.92019** store %struct.task_struct.92019* null, %struct.task_struct.92019** %28, align 8 %29 = getelementptr inbounds i8, i8* %20, i64 56 %30 = bitcast i8* %29 to i32* store volatile i32 1, i32* %30, align 8 %31 = getelementptr inbounds i8, i8* %20, i64 64 %32 = bitcast %struct.futex_pi_state** %15 to i8** store i8* %20, i8** %32, align 8 br label %33 %34 = icmp eq i64* %2, null br i1 %34, label %43, label %35 %36 = lshr i32 %1, 1 %37 = and i32 %36, 1 %38 = xor i32 %37, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %5, i32 %38, i32 0) #78 %39 = load i64, i64* %2, align 8 %40 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %5, i64 0, i32 0, i32 1 store i64 %39, i64* %40, align 8 %41 = call i64 @ktime_add_safe(i64 %39, i64 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] %709 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %35, i64* null, i32 1) #78 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.92026, align 8 %6 = alloca %struct.task_struct.92019*, align 8 %7 = alloca %struct.rt_mutex_waiter.91979, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.92026* %5 to i8* %10 = bitcast %struct.task_struct.92019** %6 to i8* store %struct.task_struct.92019* null, %struct.task_struct.92019** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.91979* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct.92019* %15 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %14, i64 0, i32 140 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 8 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #78 %21 = icmp eq i8* %20, null br i1 %21, label %259, label %22 %23 = bitcast i8* %20 to %struct.list_head* %24 = bitcast i8* %20 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %20, i64 8 %26 = bitcast i8* %25 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %26, align 8 %27 = getelementptr inbounds i8, i8* %20, i64 48 %28 = bitcast i8* %27 to %struct.task_struct.92019** store %struct.task_struct.92019* null, %struct.task_struct.92019** %28, align 8 %29 = getelementptr inbounds i8, i8* %20, i64 56 %30 = bitcast i8* %29 to i32* store volatile i32 1, i32* %30, align 8 %31 = getelementptr inbounds i8, i8* %20, i64 64 %32 = bitcast %struct.futex_pi_state** %15 to i8** store i8* %20, i8** %32, align 8 br label %33 %34 = icmp eq i64* %2, null br i1 %34, label %43, label %35 %36 = lshr i32 %1, 1 %37 = and i32 %36, 1 %38 = xor i32 %37, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %5, i32 %38, i32 0) #78 %39 = load i64, i64* %2, align 8 %40 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %5, i64 0, i32 0, i32 1 store i64 %39, i64* %40, align 8 %41 = call i64 @ktime_add_safe(i64 %39, i64 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] %709 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %35, i64* null, i32 1) #78 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.92026, align 8 %6 = alloca %struct.task_struct.92019*, align 8 %7 = alloca %struct.rt_mutex_waiter.91979, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.92026* %5 to i8* %10 = bitcast %struct.task_struct.92019** %6 to i8* store %struct.task_struct.92019* null, %struct.task_struct.92019** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.91979* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct.92019* %15 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %14, i64 0, i32 140 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 8 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #78 %21 = icmp eq i8* %20, null br i1 %21, label %259, label %22 %23 = bitcast i8* %20 to %struct.list_head* %24 = bitcast i8* %20 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %20, i64 8 %26 = bitcast i8* %25 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %26, align 8 %27 = getelementptr inbounds i8, i8* %20, i64 48 %28 = bitcast i8* %27 to %struct.task_struct.92019** store %struct.task_struct.92019* null, %struct.task_struct.92019** %28, align 8 %29 = getelementptr inbounds i8, i8* %20, i64 56 %30 = bitcast i8* %29 to i32* store volatile i32 1, i32* %30, align 8 %31 = getelementptr inbounds i8, i8* %20, i64 64 %32 = bitcast %struct.futex_pi_state** %15 to i8** store i8* %20, i8** %32, align 8 br label %33 %34 = icmp eq i64* %2, null br i1 %34, label %43, label %35 %36 = lshr i32 %1, 1 %37 = and i32 %36, 1 %38 = xor i32 %37, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %5, i32 %38, i32 0) #78 %39 = load i64, i64* %2, align 8 %40 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %5, i64 0, i32 0, i32 1 store i64 %39, i64* %40, align 8 %41 = call i64 @ktime_add_safe(i64 %39, i64 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] %709 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %35, i64* null, i32 1) #78 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.92026, align 8 %6 = alloca %struct.task_struct.92019*, align 8 %7 = alloca %struct.rt_mutex_waiter.91979, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.92026* %5 to i8* %10 = bitcast %struct.task_struct.92019** %6 to i8* store %struct.task_struct.92019* null, %struct.task_struct.92019** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.91979* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct.92019* %15 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %14, i64 0, i32 140 %16 = load %struct.futex_pi_state*, %struct.futex_pi_state** %15, align 8 %17 = icmp eq %struct.futex_pi_state* %16, null br i1 %17, label %18, label %33, !prof !5, !misexpect !6 %19 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %20 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %19, i32 3520, i64 88) #78 %21 = icmp eq i8* %20, null br i1 %21, label %259, label %22 %23 = bitcast i8* %20 to %struct.list_head* %24 = bitcast i8* %20 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %24, align 8 %25 = getelementptr inbounds i8, i8* %20, i64 8 %26 = bitcast i8* %25 to %struct.list_head** store volatile %struct.list_head* %23, %struct.list_head** %26, align 8 %27 = getelementptr inbounds i8, i8* %20, i64 48 %28 = bitcast i8* %27 to %struct.task_struct.92019** store %struct.task_struct.92019* null, %struct.task_struct.92019** %28, align 8 %29 = getelementptr inbounds i8, i8* %20, i64 56 %30 = bitcast i8* %29 to i32* store volatile i32 1, i32* %30, align 8 %31 = getelementptr inbounds i8, i8* %20, i64 64 %32 = bitcast %struct.futex_pi_state** %15 to i8** store i8* %20, i8** %32, align 8 br label %33 %34 = icmp eq i64* %2, null br i1 %34, label %43, label %35 %36 = lshr i32 %1, 1 %37 = and i32 %36, 1 %38 = xor i32 %37, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %5, i32 %38, i32 0) #78 %39 = load i64, i64* %2, align 8 %40 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %5, i64 0, i32 0, i32 1 store i64 %39, i64* %40, align 8 %41 = call i64 @ktime_add_safe(i64 %39, i64 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex_time32 2 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] store i32 -1, i32* %19, align 4 %712 = bitcast %struct.hrtimer_sleeper.92026* %8 to i8* %713 = bitcast %struct.rt_mutex_waiter.91979* %9 to i8* %714 = bitcast %struct.futex_hash_bucket** %10 to i8* store %struct.futex_hash_bucket* null, %struct.futex_hash_bucket** %10, align 8 %715 = bitcast %union.futex_key* %11 to i8* %716 = bitcast %struct.futex_q* %12 to i8* %717 = icmp eq i32* %0, %4 br i1 %717, label %929, label %718 %719 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !6 %720 = inttoptr i64 %719 to %struct.task_struct.92019* %721 = icmp eq i64* %3, null br i1 %721, label %732, label %722 %723 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %720, i64 0, i32 160 %724 = load i64, i64* %723, align 16 %725 = lshr i32 %35, 1 %726 = and i32 %725, 1 %727 = xor i32 %726, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %8, i32 %727, i32 0) #79 %728 = load i64, i64* %3, align 8 %729 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %8, i64 0, i32 0, i32 1 store i64 %728, i64* %729, align 8 %730 = call i64 @ktime_add_safe(i64 %728, i64 %724) #79 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex_time32 2 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex_time32 %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = and i32 %10, -385 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %16 = bitcast %struct.cpu_itimer* %8 to i8* %17 = icmp eq i64 %3, 0 br i1 %17, label %56, label %18 switch i32 %14, label %56 [ i32 0, label %19 i32 6, label %19 i32 13, label %19 i32 9, label %19 i32 11, label %19 ] %20 = inttoptr i64 %3 to i8* %21 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %8, i8* nonnull %20) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %14, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %18 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %12, i32 %58, i32 %13) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] store i32 -1, i32* %19, align 4 %712 = bitcast %struct.hrtimer_sleeper.92026* %8 to i8* %713 = bitcast %struct.rt_mutex_waiter.91979* %9 to i8* %714 = bitcast %struct.futex_hash_bucket** %10 to i8* store %struct.futex_hash_bucket* null, %struct.futex_hash_bucket** %10, align 8 %715 = bitcast %union.futex_key* %11 to i8* %716 = bitcast %struct.futex_q* %12 to i8* %717 = icmp eq i32* %0, %4 br i1 %717, label %929, label %718 %719 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !6 %720 = inttoptr i64 %719 to %struct.task_struct.92019* %721 = icmp eq i64* %3, null br i1 %721, label %732, label %722 %723 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %720, i64 0, i32 160 %724 = load i64, i64* %723, align 16 %725 = lshr i32 %35, 1 %726 = and i32 %725, 1 %727 = xor i32 %726, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %8, i32 %727, i32 0) #79 %728 = load i64, i64* %3, align 8 %729 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %8, i64 0, i32 0, i32 1 store i64 %728, i64* %729, align 8 %730 = call i64 @ktime_add_safe(i64 %728, i64 %724) #79 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex 2 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] store i32 -1, i32* %19, align 4 %712 = bitcast %struct.hrtimer_sleeper.92026* %8 to i8* %713 = bitcast %struct.rt_mutex_waiter.91979* %9 to i8* %714 = bitcast %struct.futex_hash_bucket** %10 to i8* store %struct.futex_hash_bucket* null, %struct.futex_hash_bucket** %10, align 8 %715 = bitcast %union.futex_key* %11 to i8* %716 = bitcast %struct.futex_q* %12 to i8* %717 = icmp eq i32* %0, %4 br i1 %717, label %929, label %718 %719 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !6 %720 = inttoptr i64 %719 to %struct.task_struct.92019* %721 = icmp eq i64* %3, null br i1 %721, label %732, label %722 %723 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %720, i64 0, i32 160 %724 = load i64, i64* %723, align 16 %725 = lshr i32 %35, 1 %726 = and i32 %725, 1 %727 = xor i32 %726, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %8, i32 %727, i32 0) #79 %728 = load i64, i64* %3, align 8 %729 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %8, i64 0, i32 0, i32 1 store i64 %728, i64* %729, align 8 %730 = call i64 @ktime_add_safe(i64 %728, i64 %724) #79 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex 2 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_futex %7 = alloca i64, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.cpu_itimer* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = and i32 %10, -385 %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = bitcast %struct.cpu_itimer* %8 to i8* %18 = icmp eq i64 %3, 0 br i1 %18, label %56, label %19 switch i32 %15, label %56 [ i32 0, label %20 i32 6, label %20 i32 13, label %20 i32 9, label %20 i32 11, label %20 ] %21 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %8, %struct.cpu_itimer* nonnull %12) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %60 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp slt i64 %25, 0 br i1 %26, label %60, label %27 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 %29 = load i64, i64* %28, align 8 %30 = icmp ult i64 %29, 1000000000 br i1 %30, label %31, label %60 %32 = icmp sgt i64 %25, 9223372035 %33 = mul i64 %25, 1000000000 %34 = add i64 %29, %33 %35 = select i1 %32, i64 9223372036854775807, i64 %34, !prof !4 store i64 %35, i64* %7, align 8 switch i32 %15, label %40 [ i32 0, label %36 i32 6, label %56 ] %41 = and i32 %10, 256 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %56 %44 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !5 %45 = inttoptr i64 %44 to %struct.task_struct.92019* %46 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %45, i64 0, i32 94 %47 = load %struct.nsproxy.91957*, %struct.nsproxy.91957** %46, align 8 %48 = getelementptr inbounds %struct.nsproxy.91957, %struct.nsproxy.91957* %47, i64 0, i32 6 %49 = load %struct.time_namespace.91939*, %struct.time_namespace.91939** %48, align 8 %50 = icmp eq %struct.time_namespace.91939* %49, bitcast (%struct.time_namespace* @init_time_ns to %struct.time_namespace.91939*) br i1 %50, label %54, label %51, !prof !6, !misexpect !7 %52 = getelementptr inbounds %struct.time_namespace.91939, %struct.time_namespace.91939* %49, i64 0, i32 3 %53 = call i64 @do_timens_ktime_to_host(i32 1, i64 %35, %struct.timens_offsets* %52) #78 br label %54 %55 = phi i64 [ %53, %51 ], [ %35, %43 ] store i64 %55, i64* %7, align 8 br label %56 %57 = phi i64* [ null, %6 ], [ null, %19 ], [ %7, %31 ], [ %7, %40 ], [ %7, %54 ], [ %7, %36 ] %58 = trunc i64 %3 to i32 %59 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %57, i32* %13, i32 %58, i32 %14) #78 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.92026, align 8 %9 = alloca %struct.rt_mutex_waiter.91979, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.rt_wake_q_head.92028, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = trunc i32 %1 to i8 %22 = icmp sgt i8 %21, -1 %23 = lshr i32 %1, 7 %24 = and i32 %23, 1 %25 = xor i32 %24, 1 %26 = and i32 %1, 256 %27 = icmp eq i32 %26, 0 br i1 %27, label %34, label %28 %35 = phi i32 [ %29, %28 ], [ %25, %7 ] switch i32 %20, label %935 [ i32 6, label %36 i32 13, label %36 i32 7, label %36 i32 8, label %36 i32 11, label %36 i32 12, label %36 i32 0, label %39 i32 9, label %40 i32 1, label %44 i32 10, label %45 i32 3, label %49 i32 4, label %52 i32 5, label %55 ] %37 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %37, label %38, label %935 switch i32 %20, label %935 [ i32 12, label %932 i32 9, label %40 i32 11, label %711 i32 10, label %45 i32 8, label %708 i32 7, label %449 i32 13, label %445 i32 6, label %443 ] store i32 -1, i32* %19, align 4 %712 = bitcast %struct.hrtimer_sleeper.92026* %8 to i8* %713 = bitcast %struct.rt_mutex_waiter.91979* %9 to i8* %714 = bitcast %struct.futex_hash_bucket** %10 to i8* store %struct.futex_hash_bucket* null, %struct.futex_hash_bucket** %10, align 8 %715 = bitcast %union.futex_key* %11 to i8* %716 = bitcast %struct.futex_q* %12 to i8* %717 = icmp eq i32* %0, %4 br i1 %717, label %929, label %718 %719 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.92019** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.92019**)) #11, !srcloc !6 %720 = inttoptr i64 %719 to %struct.task_struct.92019* %721 = icmp eq i64* %3, null br i1 %721, label %732, label %722 %723 = getelementptr inbounds %struct.task_struct.92019, %struct.task_struct.92019* %720, i64 0, i32 160 %724 = load i64, i64* %723, align 16 %725 = lshr i32 %35, 1 %726 = and i32 %725, 1 %727 = xor i32 %726, 1 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.92026*, i32, i32)*)(%struct.hrtimer_sleeper.92026* nonnull %8, i32 %727, i32 0) #79 %728 = load i64, i64* %3, align 8 %729 = getelementptr inbounds %struct.hrtimer_sleeper.92026, %struct.hrtimer_sleeper.92026* %8, i64 0, i32 0, i32 1 store i64 %728, i64* %729, align 8 %730 = call i64 @ktime_add_safe(i64 %728, i64 %724) #79 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88513*, i64, i1, i1)*, void (%struct.k_itimer.88513*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88513* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #79 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15 %6 = bitcast %union.anon.113.88086* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88514* @clock_realtime, %struct.k_clock.88514* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 store %struct.k_clock.88514* %13, %struct.k_clock.88514** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #78 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #78 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88513*, i64, i1, i1)*, void (%struct.k_itimer.88513*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88513* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #79 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15 %6 = bitcast %union.anon.113.88086* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88514* @clock_realtime, %struct.k_clock.88514* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 store %struct.k_clock.88514* %13, %struct.k_clock.88514** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #78 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #78 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88513*, i64, i1, i1)*, void (%struct.k_itimer.88513*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88513* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #79 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15 %6 = bitcast %union.anon.113.88086* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88514* @clock_realtime, %struct.k_clock.88514* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 store %struct.k_clock.88514* %13, %struct.k_clock.88514** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #78 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #78 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88513*, i64, i1, i1)*, void (%struct.k_itimer.88513*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88513* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #79 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15 %6 = bitcast %union.anon.113.88086* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88514* @clock_realtime, %struct.k_clock.88514* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 store %struct.k_clock.88514* %13, %struct.k_clock.88514** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #78 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #78 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #78 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %113, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #78 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = bitcast i8** %23 to %struct.task_struct** %27 = bitcast %struct.wait_queue_entry* %5 to i64* store i64 0, i64* %27, align 8 store %struct.task_struct* %25, %struct.task_struct** %26, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %29, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %29, %struct.list_head** %31, align 8 br label %32 %33 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #78 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = load %struct.list_head*, %struct.list_head** %31, align 8 %40 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 1 store volatile i32 0, i32* %44, align 8 %45 = sext i32 %33 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %38 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %78 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0 %79 = call i64 @alarm_forward_now(%struct.alarm* %78, i64 %70) #78 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #78 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.19.9504, i64 0, i64 0), i32 154, i32 2305, i64 12) #6, !srcloc !6 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #78 ------------- Good: 9 Bad: 21 Ignored: 16 Check Use of Function:hidraw_ioctl Check Use of Function:snd_timer_user_ioctl Check Use of Function:ext4_alloc_da_blocks Check Use of Function:perf_ioctl Use: =BAD PATH= Call Stack: 0 perf_compat_ioctl ------------- Path:  Function:perf_compat_ioctl %4 = trunc i32 %1 to i8 switch i8 %4, label %11 [ i8 6, label %5 i8 7, label %5 i8 10, label %5 i8 11, label %5 ] %6 = and i32 %1, 1073676288 %7 = icmp eq i32 %6, 262144 br i1 %7, label %8, label %11 %12 = phi i32 [ %1, %3 ], [ %10, %8 ], [ %1, %5 ] %13 = tail call i64 @perf_ioctl(%struct.file.115111* %0, i32 %12, i64 %2) #78 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:security_sb_kern_mount Check Use of Function:rtnetlink_send Check Use of Function:__import_iovec Check Use of Function:user_disable_single_step Check Use of Function:new_inode Use: =BAD PATH= Call Stack: 0 proc_pid_make_inode 1 proc_pid_instantiate 2 proc_pid_lookup 3 proc_root_lookup ------------- Path:  Function:proc_root_lookup %4 = tail call %struct.dentry* bitcast (%struct.dentry.177444* (%struct.dentry.177444*, i32)* @proc_pid_lookup to %struct.dentry* (%struct.dentry*, i32)*)(%struct.dentry* %1, i32 %2) #78 Function:proc_pid_lookup %3 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %0, i64 0, i32 4 %4 = tail call i32 @name_to_int(%struct.qstr* %3) #78 %5 = icmp eq i32 %4, -1 br i1 %5, label %46, label %6 %7 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %0, i64 0, i32 9 %8 = load %struct.super_block.177439*, %struct.super_block.177439** %7, align 8 %9 = getelementptr inbounds %struct.super_block.177439, %struct.super_block.177439* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.proc_fs_info.177609** %11 = load %struct.proc_fs_info.177609*, %struct.proc_fs_info.177609** %10, align 16 %12 = getelementptr inbounds %struct.proc_fs_info.177609, %struct.proc_fs_info.177609* %11, i64 0, i32 0 %13 = load %struct.pid_namespace.177246*, %struct.pid_namespace.177246** %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (i32, %struct.pid_namespace*)* @find_task_by_pid_ns to %struct.task_struct.177581* (i32, %struct.pid_namespace.177246*)*)(i32 %4, %struct.pid_namespace.177246* %13) #78 %15 = icmp eq %struct.task_struct.177581* %14, null br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.task_struct.177581, %struct.task_struct.177581* %14, i64 0, i32 3 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !5 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !6, !misexpect !7 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !8, !misexpect !7 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %17, i32 %26) #78 br label %27 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %28 = getelementptr inbounds %struct.proc_fs_info.177609, %struct.proc_fs_info.177609* %11, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 4 br i1 %30, label %31, label %33 %32 = tail call zeroext i1 bitcast (i1 (%struct.task_struct*, i32)* @ptrace_may_access to i1 (%struct.task_struct.177581*, i32)*)(%struct.task_struct.177581* nonnull %14, i32 9) #78 br i1 %32, label %33, label %35 %34 = tail call %struct.dentry.177444* @proc_pid_instantiate(%struct.dentry.177444* %0, %struct.task_struct.177581* nonnull %14, i8* null) #79 Function:proc_pid_instantiate %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %0, i64 0, i32 9 %5 = load %struct.super_block.177439*, %struct.super_block.177439** %4, align 8 %6 = tail call %struct.inode.177454* @proc_pid_make_inode(%struct.super_block.177439* %5, %struct.task_struct.177581* %1, i16 zeroext 16749) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_make_inode 1 proc_ns_dir_lookup ------------- Path:  Function:proc_ns_dir_lookup %4 = getelementptr %struct.inode.182601, %struct.inode.182601* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.182349** %6 = load %struct.pid.182349*, %struct.pid.182349** %5, align 8 %7 = tail call %struct.task_struct.182540* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.182540* (%struct.pid.182349*, i32)*)(%struct.pid.182349* %6, i32 0) #78 %8 = icmp eq %struct.task_struct.182540* %7, null br i1 %8, label %58, label %9 %10 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 4 %11 = bitcast %struct.qstr* %10 to %struct.util_est* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %11, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 4, i32 1 %15 = zext i32 %13 to i64 br label %16 %17 = phi %struct.proc_ns_operations.182542** [ getelementptr inbounds ([9 x %struct.proc_ns_operations.182542*], [9 x %struct.proc_ns_operations.182542*]* @ns_entries, i64 0, i64 0), %9 ], [ %28, %27 ] %18 = load %struct.proc_ns_operations.182542*, %struct.proc_ns_operations.182542** %17, align 8 %19 = getelementptr inbounds %struct.proc_ns_operations.182542, %struct.proc_ns_operations.182542* %18, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = tail call i64 @strlen(i8* %20) #79 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %27 %24 = load i8*, i8** %14, align 8 %25 = tail call i32 @bcmp(i8* %24, i8* %20, i64 %15) %26 = icmp eq i32 %25, 0 br i1 %26, label %30, label %27 %31 = phi %struct.proc_ns_operations.182542** [ %17, %23 ], [ %28, %27 ] %32 = icmp eq %struct.proc_ns_operations.182542** %31, getelementptr inbounds ([9 x %struct.proc_ns_operations.182542*], [9 x %struct.proc_ns_operations.182542*]* @ns_entries, i64 1, i64 0) br i1 %32, label %46, label %33 %34 = bitcast %struct.proc_ns_operations.182542** %31 to i64* %35 = load i64, i64* %34, align 8 %36 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 9 %37 = load %struct.super_block.182587*, %struct.super_block.182587** %36, align 8 %38 = tail call %struct.inode.182601* bitcast (%struct.inode.177454* (%struct.super_block.177439*, %struct.task_struct.177581*, i16)* @proc_pid_make_inode to %struct.inode.182601* (%struct.super_block.182587*, %struct.task_struct.182540*, i16)*)(%struct.super_block.182587* %37, %struct.task_struct.182540* nonnull %7, i16 zeroext -24065) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_make_inode 1 proc_lookupfdinfo ------------- Path:  Function:proc_lookupfdinfo %4 = getelementptr %struct.inode.178653, %struct.inode.178653* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.178552** %6 = load %struct.pid.178552*, %struct.pid.178552** %5, align 8 %7 = tail call %struct.task_struct.178624* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178624* (%struct.pid.178552*, i32)*)(%struct.pid.178552* %6, i32 0) #78 %8 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %1, i64 0, i32 4 %9 = tail call i32 @name_to_int(%struct.qstr* %8) #78 %10 = icmp eq %struct.task_struct.178624* %7, null br i1 %10, label %46, label %11 %12 = icmp eq i32 %9, -1 br i1 %12, label %34, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = tail call %struct.file.178662* bitcast (%struct.file* (%struct.task_struct*, i32)* @task_lookup_fd_rcu to %struct.file.178662* (%struct.task_struct.178624*, i32)*)(%struct.task_struct.178624* nonnull %7, i32 %9) #78 %15 = icmp eq %struct.file.178662* %14, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 tail call void @rcu_read_unlock_strict() #78 br i1 %15, label %34, label %16 %17 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %1, i64 0, i32 9 %18 = load %struct.super_block.178635*, %struct.super_block.178635** %17, align 8 %19 = tail call %struct.inode.178653* bitcast (%struct.inode.177454* (%struct.super_block.177439*, %struct.task_struct.177581*, i16)* @proc_pid_make_inode to %struct.inode.178653* (%struct.super_block.178635*, %struct.task_struct.178624*, i16)*)(%struct.super_block.178635* %18, %struct.task_struct.178624* nonnull %7, i16 zeroext -32476) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_make_inode 1 proc_fd_instantiate 2 proc_lookupfd ------------- Path:  Function:proc_lookupfd %4 = alloca i64, align 8 %5 = bitcast i64* %4 to %struct.util_est* %6 = getelementptr %struct.inode.178653, %struct.inode.178653* %0, i64 -1, i32 41, i32 13 %7 = bitcast %struct.list_head* %6 to %struct.pid.178552** %8 = load %struct.pid.178552*, %struct.pid.178552** %7, align 8 %9 = tail call %struct.task_struct.178624* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.178624* (%struct.pid.178552*, i32)*)(%struct.pid.178552* %8, i32 0) #78 %10 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %11 = bitcast i64* %4 to i32* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %13 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %1, i64 0, i32 4 %14 = tail call i32 @name_to_int(%struct.qstr* %13) #78 store i32 %14, i32* %12, align 4 %15 = icmp eq %struct.task_struct.178624* %9, null br i1 %15, label %38, label %16 %17 = icmp eq i32 %14, -1 br i1 %17, label %26, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = tail call %struct.file.178662* bitcast (%struct.file* (%struct.task_struct*, i32)* @task_lookup_fd_rcu to %struct.file.178662* (%struct.task_struct.178624*, i32)*)(%struct.task_struct.178624* nonnull %9, i32 %14) #78 %20 = icmp eq %struct.file.178662* %19, null br i1 %20, label %25, label %21 %22 = getelementptr inbounds %struct.file.178662, %struct.file.178662* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 store i32 %23, i32* %11, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %24 = call %struct.dentry.178657* @proc_fd_instantiate(%struct.dentry.178657* %1, %struct.task_struct.178624* nonnull %9, i8* nonnull %10) #78, !callees !6 Function:proc_fd_instantiate %4 = getelementptr inbounds %struct.dentry.178657, %struct.dentry.178657* %0, i64 0, i32 9 %5 = load %struct.super_block.178635*, %struct.super_block.178635** %4, align 8 %6 = tail call %struct.inode.178653* bitcast (%struct.inode.177454* (%struct.super_block.177439*, %struct.task_struct.177581*, i16)* @proc_pid_make_inode to %struct.inode.178653* (%struct.super_block.178635*, %struct.task_struct.178624*, i16)*)(%struct.super_block.178635* %5, %struct.task_struct.178624* %1, i16 zeroext -24576) #78 Function:proc_pid_make_inode %4 = tail call %struct.inode.177454* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode.177454* (%struct.super_block.177439*)*)(%struct.super_block.177439* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_get_inode 1 proc_lookup_de 2 proc_tgid_net_lookup ------------- Path:  Function:proc_tgid_net_lookup %4 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %0) #78 %5 = icmp eq %struct.net* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.net, %struct.net* %4, i64 0, i32 16 %8 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %7, align 32 %9 = tail call %struct.dentry* @proc_lookup_de(%struct.inode* %0, %struct.dentry* %1, %struct.proc_dir_entry* %8) #79 Function:proc_lookup_de tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %7 = bitcast %struct.anon.1* %6 to %struct.util_est* %8 = getelementptr inbounds %struct.util_est, %struct.util_est* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18, i32 0 %11 = load %struct.rb_node*, %struct.rb_node** %10, align 8 %12 = icmp eq %struct.rb_node* %11, null br i1 %12, label %66, label %13 %14 = zext i32 %9 to i64 br label %15 %16 = phi %struct.rb_node* [ %11, %13 ], [ %39, %37 ] %17 = getelementptr %struct.rb_node, %struct.rb_node* %16, i64 -6, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %19 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %18, i64 0, i32 23 %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i32 %22 = icmp ult i32 %9, %21 br i1 %22, label %31, label %23 %24 = icmp ugt i32 %9, %21 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %17, i64 20 %27 = bitcast %struct.rb_node** %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @memcmp(i8* %5, i8* %28, i64 %14) #78 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %33 %34 = icmp eq i32 %29, 0 br i1 %34, label %41, label %35 %42 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %43 = icmp eq %struct.rb_node** %17, null br i1 %43, label %66, label %44 %45 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %42, i64 0, i32 1 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %45, i64 0, i32 0, i32 0 %47 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 1, i32* %46) #6, !srcloc !4 %48 = icmp eq i32 %47, 0 br i1 %48, label %53, label %49, !prof !5, !misexpect !6 %50 = add i32 %47, 1 %51 = or i32 %50, %47 %52 = icmp sgt i32 %51, -1 br i1 %52, label %55, label %53, !prof !7, !misexpect !6 %54 = phi i32 [ 2, %44 ], [ 1, %49 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 %54) #78 br label %55 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %57 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %58 = load %struct.super_block*, %struct.super_block** %57, align 8 %59 = tail call %struct.inode* @proc_get_inode(%struct.super_block* %58, %struct.proc_dir_entry* nonnull %42) #78 Function:proc_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_get_inode 1 proc_lookup_de 2 proc_lookup ------------- Path:  Function:proc_lookup %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.proc_fs_info** %8 = load %struct.proc_fs_info*, %struct.proc_fs_info** %7, align 16 %9 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %8, i64 0, i32 5 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 br i1 %11, label %18, label %12 %13 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 1, i32 1 %15 = bitcast %struct.list_head** %14 to %struct.proc_dir_entry** %16 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %15, align 8 %17 = tail call %struct.dentry* @proc_lookup_de(%struct.inode* %0, %struct.dentry* %1, %struct.proc_dir_entry* %16) #78 Function:proc_lookup_de tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %7 = bitcast %struct.anon.1* %6 to %struct.util_est* %8 = getelementptr inbounds %struct.util_est, %struct.util_est* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18, i32 0 %11 = load %struct.rb_node*, %struct.rb_node** %10, align 8 %12 = icmp eq %struct.rb_node* %11, null br i1 %12, label %66, label %13 %14 = zext i32 %9 to i64 br label %15 %16 = phi %struct.rb_node* [ %11, %13 ], [ %39, %37 ] %17 = getelementptr %struct.rb_node, %struct.rb_node* %16, i64 -6, i32 1 %18 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %19 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %18, i64 0, i32 23 %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i32 %22 = icmp ult i32 %9, %21 br i1 %22, label %31, label %23 %24 = icmp ugt i32 %9, %21 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.rb_node*, %struct.rb_node** %17, i64 20 %27 = bitcast %struct.rb_node** %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @memcmp(i8* %5, i8* %28, i64 %14) #78 %30 = icmp slt i32 %29, 0 br i1 %30, label %31, label %33 %34 = icmp eq i32 %29, 0 br i1 %34, label %41, label %35 %42 = bitcast %struct.rb_node** %17 to %struct.proc_dir_entry* %43 = icmp eq %struct.rb_node** %17, null br i1 %43, label %66, label %44 %45 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %42, i64 0, i32 1 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %45, i64 0, i32 0, i32 0 %47 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 1, i32* %46) #6, !srcloc !4 %48 = icmp eq i32 %47, 0 br i1 %48, label %53, label %49, !prof !5, !misexpect !6 %50 = add i32 %47, 1 %51 = or i32 %50, %47 %52 = icmp sgt i32 %51, -1 br i1 %52, label %55, label %53, !prof !7, !misexpect !6 %54 = phi i32 [ 2, %44 ], [ 1, %49 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %45, i32 %54) #78 br label %55 %56 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %57 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %58 = load %struct.super_block*, %struct.super_block** %57, align 8 %59 = tail call %struct.inode* @proc_get_inode(%struct.super_block* %58, %struct.proc_dir_entry* nonnull %42) #78 Function:proc_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_sys_make_inode 1 proc_sys_lookup ------------- Path:  Function:proc_sys_lookup %4 = alloca %struct.ctl_table_header*, align 8 %5 = alloca %struct.ctl_table*, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 2 %8 = bitcast %struct.list_head* %7 to %struct.ctl_table_header** %9 = load %struct.ctl_table_header*, %struct.ctl_table_header** %8, align 8 %10 = icmp eq %struct.ctl_table_header* %9, null %11 = select i1 %10, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %9 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %12 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %11, i64 0, i32 1 %13 = load %struct.completion*, %struct.completion** %12, align 8 %14 = icmp eq %struct.completion* %13, null br i1 %14, label %15, label %19, !prof !4, !misexpect !5 %20 = phi %struct.ctl_table_header* [ %11, %15 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = bitcast %struct.ctl_table_header** %4 to i8* store %struct.ctl_table_header* null, %struct.ctl_table_header** %4, align 8 %22 = bitcast %struct.ctl_table** %5 to i8* store %struct.ctl_table* null, %struct.ctl_table** %5, align 8 %23 = icmp ugt %struct.ctl_table_header* %20, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %23, label %24, label %26 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %28 = load i8*, i8** %27, align 8 %29 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %30 = bitcast %struct.anon.1* %29 to %struct.util_est* %31 = getelementptr inbounds %struct.util_est, %struct.util_est* %30, i64 0, i32 1 %32 = load i32, i32* %31, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %33 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %20, i64 1 %34 = bitcast %struct.ctl_table_header* %33 to %struct.rb_node** %35 = load %struct.rb_node*, %struct.rb_node** %34, align 8 %36 = icmp eq %struct.rb_node* %35, null br i1 %36, label %85, label %37 %38 = phi %struct.rb_node* [ %71, %69 ], [ %35, %26 ] %39 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %38, i64 1 %40 = bitcast %struct.rb_node* %39 to %struct.ctl_table_header** %41 = load %struct.ctl_table_header*, %struct.ctl_table_header** %40, align 8 %42 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 0, i32 0, i32 0 %43 = load %struct.ctl_table*, %struct.ctl_table** %42, align 8 %44 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %41, i64 0, i32 6 %45 = bitcast %struct.ctl_node** %44 to i64* %46 = load i64, i64* %45, align 8 %47 = ptrtoint %struct.rb_node* %38 to i64 %48 = sub i64 %47, %46 %49 = ashr exact i64 %48, 5 %50 = getelementptr %struct.ctl_table, %struct.ctl_table* %43, i64 %49 %51 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %50, i64 0, i32 0 %52 = load i8*, i8** %51, align 8 %53 = tail call i64 @strlen(i8* %52) #78 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %32, %54 %56 = select i1 %55, i32 %32, i32 %54 %57 = sext i32 %56 to i64 %58 = tail call i32 @memcmp(i8* %28, i8* %52, i64 %57) #78 %59 = icmp eq i32 %58, 0 %60 = sub i32 %32, %54 %61 = select i1 %59, i32 %60, i32 %58 %62 = icmp slt i32 %61, 0 br i1 %62, label %63, label %65 %66 = icmp eq i32 %61, 0 br i1 %66, label %73, label %67 %68 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %38, i64 0, i32 1 br label %69 %70 = phi %struct.rb_node** [ %64, %63 ], [ %68, %67 ] %71 = load %struct.rb_node*, %struct.rb_node** %70, align 8 %72 = icmp eq %struct.rb_node* %71, null br i1 %72, label %85, label %37 %86 = phi %struct.ctl_table_header* [ %41, %80 ], [ null, %73 ], [ null, %26 ], [ null, %76 ], [ null, %69 ] %87 = phi %struct.ctl_table* [ %50, %80 ], [ null, %73 ], [ null, %26 ], [ null, %76 ], [ null, %69 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store %struct.ctl_table* %87, %struct.ctl_table** %5, align 8 %88 = icmp eq %struct.ctl_table* %87, null br i1 %88, label %117, label %89 %90 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %87, i64 0, i32 3 %91 = load i16, i16* %90, align 4 %92 = and i16 %91, -4096 %93 = icmp eq i16 %92, -24576 br i1 %93, label %94, label %104 %95 = call fastcc i32 @sysctl_follow_link(%struct.ctl_table_header** nonnull %4, %struct.ctl_table** nonnull %5) #79 %96 = icmp eq i32 %95, 0 br i1 %96, label %101, label %97 %102 = load %struct.ctl_table_header*, %struct.ctl_table_header** %4, align 8 %103 = load %struct.ctl_table*, %struct.ctl_table** %5, align 8 br label %104 %105 = phi %struct.ctl_table_header* [ %102, %101 ], [ %86, %89 ] %106 = phi %struct.ctl_table* [ %103, %101 ], [ %87, %89 ] %107 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %108 = load %struct.super_block*, %struct.super_block** %107, align 8 %109 = icmp eq %struct.ctl_table_header* %105, null %110 = select i1 %109, %struct.ctl_table_header* %20, %struct.ctl_table_header* %105 %111 = tail call fastcc %struct.inode* @proc_sys_make_inode(%struct.super_block* %108, %struct.ctl_table_header* %110, %struct.ctl_table* %106) #79 Function:proc_sys_make_inode %4 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %1, i64 0, i32 3 %5 = load %struct.ctl_table_root*, %struct.ctl_table_root** %4, align 8 %6 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_create ------------- Path:  Function:ramfs_create %6 = or i16 %3, -32768 %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %8, %struct.inode* %1, i16 zeroext %6, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_symlink ------------- Path:  Function:ramfs_symlink %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext -24065, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_mkdir ------------- Path:  Function:ramfs_mkdir %5 = or i16 %3, 16384 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_mknod ------------- Path:  Function:ramfs_mknod %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %3, i32 %4) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 ramfs_get_inode 1 ramfs_tmpfile ------------- Path:  Function:ramfs_tmpfile %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call %struct.inode* @ramfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext %3, i32 0) #78 Function:ramfs_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 autofs_get_inode 1 autofs_dir_mkdir ------------- Path:  Function:autofs_dir_mkdir %5 = getelementptr inbounds %struct.inode.262604, %struct.inode.262604* %1, i64 0, i32 8 %6 = load %struct.super_block.262585*, %struct.super_block.262585** %5, align 8 %7 = getelementptr inbounds %struct.super_block.262585, %struct.super_block.262585* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.autofs_sb_info.262615** %9 = load %struct.autofs_sb_info.262615*, %struct.autofs_sb_info.262615** %8, align 16 %10 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %2, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.autofs_info.262616** %12 = load %struct.autofs_info.262616*, %struct.autofs_info.262616** %11, align 8 %13 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %9, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 1 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %102 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.262573** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.262573**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.262573* %20 = getelementptr inbounds %struct.task_struct.262573, %struct.task_struct.262573* %19, i64 0, i32 95 %21 = load %struct.signal_struct.262502*, %struct.signal_struct.262502** %20, align 32 %22 = getelementptr %struct.signal_struct.262502, %struct.signal_struct.262502* %21, i64 0, i32 21, i64 2 %23 = load %struct.pid*, %struct.pid** %22, align 8 %24 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %9, i64 0, i32 3 %25 = load %struct.pid*, %struct.pid** %24, align 8 %26 = icmp eq %struct.pid* %23, %25 br i1 %26, label %27, label %102 %28 = icmp eq %struct.autofs_info.262616* %12, null br i1 %28, label %29, label %30, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.autofs_info*)* @autofs_clean_ino to void (%struct.autofs_info.262616*)*)(%struct.autofs_info.262616* nonnull %12) #78 %31 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %2, i64 0, i32 9 %32 = load %struct.super_block.262585*, %struct.super_block.262585** %31, align 8 %33 = getelementptr inbounds %struct.super_block.262585, %struct.super_block.262585* %32, i64 0, i32 28 %34 = bitcast i8** %33 to %struct.autofs_sb_info.262615** %35 = load %struct.autofs_sb_info.262615*, %struct.autofs_sb_info.262615** %34, align 16 %36 = load %struct.autofs_info.262616*, %struct.autofs_info.262616** %11, align 8 %37 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %35, i64 0, i32 16 %38 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %37, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #78 %39 = getelementptr inbounds %struct.autofs_info.262616, %struct.autofs_info.262616* %36, i64 0, i32 4 %40 = getelementptr inbounds %struct.autofs_info.262616, %struct.autofs_info.262616* %36, i64 0, i32 4, i32 1 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 1 store %struct.list_head* %41, %struct.list_head** %44, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 0 store volatile %struct.list_head* %43, %struct.list_head** %45, align 8 store volatile %struct.list_head* %39, %struct.list_head** %42, align 8 store volatile %struct.list_head* %39, %struct.list_head** %40, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %46 = bitcast %struct.spinlock* %37 to i8* store volatile i8 0, i8* %46, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %47 = load %struct.super_block.262585*, %struct.super_block.262585** %5, align 8 %48 = or i16 %3, 16384 %49 = tail call %struct.inode.262604* bitcast (%struct.inode* (%struct.super_block*, i16)* @autofs_get_inode to %struct.inode.262604* (%struct.super_block.262585*, i16)*)(%struct.super_block.262585* %47, i16 zeroext %48) #78 Function:autofs_get_inode %3 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14575, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #78 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #78 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #78 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #80 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14575, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #78 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #78 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #78 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #80 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14575, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #78 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #78 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #78 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #80 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14575, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #78 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #78 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #78 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #80 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlb_file_setup 2 ksys_mmap_pgoff 3 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %59 = bitcast %struct.ucounts** %7 to i8* store %struct.ucounts* null, %struct.ucounts** %7, align 8 %60 = lshr i64 %3, 26 %61 = trunc i64 %60 to i32 %62 = and i32 %61, 63 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %68 %65 = load i32, i32* @default_hstate_idx, align 4 %66 = zext i32 %65 to i64 %67 = getelementptr [2 x %struct.hstate], [2 x %struct.hstate]* @hstates, i64 0, i64 %66 br label %72 %73 = phi %struct.hstate* [ %71, %68 ], [ %67, %64 ] %74 = icmp eq %struct.hstate* %73, null br i1 %74, label %88, label %75 %76 = getelementptr inbounds %struct.hstate, %struct.hstate* %73, i64 0, i32 3 %77 = load i32, i32* %76, align 8 %78 = zext i32 %77 to i64 %79 = shl i64 4096, %78 %80 = add i64 %1, -1 %81 = add i64 %80, %79 %82 = sub i64 0, %79 %83 = and i64 %81, %82 %84 = call %struct.file* @hugetlb_file_setup(i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.14575, i64 0, i64 0), i64 %83, i64 2097152, %struct.ucounts** nonnull %7, i32 2, i32 %62) #78 Function:hugetlb_file_setup %7 = icmp eq i32 %5, 0 br i1 %7, label %8, label %12 %13 = zext i32 %5 to i64 %14 = shl nuw i64 1, %13 %15 = tail call %struct.hstate* @size_to_hstate(i64 %14) #78 br label %16 %17 = phi %struct.hstate* [ %15, %12 ], [ %11, %8 ] %18 = icmp eq %struct.hstate* %17, null br i1 %18, label %94, label %19 %20 = ptrtoint %struct.hstate* %17 to i64 %21 = sub i64 %20, ptrtoint ([2 x %struct.hstate]* @hstates to i64) %22 = sdiv exact i64 %21, 1952 %23 = trunc i64 %22 to i32 %24 = icmp slt i32 %23, 0 br i1 %24, label %94, label %25 store %struct.ucounts* null, %struct.ucounts** %3, align 8 %26 = and i64 %22, 4294967295 %27 = getelementptr [2 x %struct.vfsmount*], [2 x %struct.vfsmount*]* @hugetlbfs_vfsmount, i64 0, i64 %26 %28 = load %struct.vfsmount*, %struct.vfsmount** %27, align 8 %29 = icmp eq %struct.vfsmount* %28, null br i1 %29, label %94, label %30 %31 = icmp eq i32 %4, 1 br i1 %31, label %32, label %59 %33 = load i32, i32* @sysctl_hugetlb_shm_group, align 4 %34 = tail call zeroext i1 @capable(i32 14) #78 br i1 %34, label %59, label %35 %60 = getelementptr inbounds %struct.vfsmount, %struct.vfsmount* %28, i64 0, i32 1 %61 = load %struct.super_block*, %struct.super_block** %60, align 8 %62 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %61, %struct.inode* null, i16 zeroext -32257, i32 0) #80 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_create ------------- Path:  Function:hugetlbfs_create %6 = or i16 %3, -32768 %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %8, %struct.inode* %1, i16 zeroext %6, i32 0) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_symlink ------------- Path:  Function:hugetlbfs_symlink %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %6, %struct.inode* %1, i16 zeroext -24065, i32 0) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_mkdir ------------- Path:  Function:hugetlbfs_mkdir %5 = or i16 %3, 16384 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_mknod ------------- Path:  Function:hugetlbfs_mknod %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %3, i32 %4) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 hugetlbfs_get_inode 1 hugetlbfs_tmpfile ------------- Path:  Function:hugetlbfs_tmpfile %5 = or i16 %3, -32768 %6 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = tail call fastcc %struct.inode* @hugetlbfs_get_inode(%struct.super_block* %7, %struct.inode* %1, i16 zeroext %5, i32 0) #78 Function:hugetlbfs_get_inode %5 = and i16 %2, -4096 switch i16 %5, label %12 [ i16 -32768, label %6 i16 -24576, label %6 ] %13 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 mqueue_get_inode 1 mqueue_create_attr 2 mqueue_create ------------- Path:  Function:mqueue_create %6 = tail call i32 @mqueue_create_attr(%struct.dentry* %2, i16 zeroext %3, i8* null) #78 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %5 = load %struct.dentry*, %struct.dentry** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %5, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #78 %9 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace** %13 = load %struct.ipc_namespace*, %struct.ipc_namespace** %12, align 16 %14 = icmp eq %struct.ipc_namespace* %13, null br i1 %14, label %65, label %15 %16 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 24, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #78 br label %26 %27 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 15 %28 = load i32, i32* %27, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %13, i64 0, i32 16 %30 = load i32, i32* %29, align 4 %31 = icmp ult i32 %28, %30 br i1 %31, label %36, label %32 %33 = tail call zeroext i1 @capable(i32 24) #78 br i1 %33, label %34, label %65 %35 = load i32, i32* %27, align 8 br label %36 %37 = phi i32 [ %35, %34 ], [ %28, %26 ] %38 = add i32 %37, 1 store i32 %38, i32* %27, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %39 = load %struct.super_block*, %struct.super_block** %9, align 8 %40 = tail call fastcc %struct.inode* @mqueue_get_inode(%struct.super_block* %39, %struct.ipc_namespace* nonnull %13, i16 zeroext %1, %struct.mq_attr* %8) #79 Function:mqueue_get_inode %5 = tail call %struct.inode* bitcast (%struct.inode.150604* (%struct.super_block.150588*)* @new_inode to %struct.inode* (%struct.super_block*)*)(%struct.super_block* %0) #78 ------------- Good: 67 Bad: 24 Ignored: 65 Check Use of Function:seccomp_notify_ioctl Check Use of Function:cfg80211_mlme_purge_registrations Check Use of Function:posix_clock_compat_ioctl Check Use of Function:inotify_ioctl Check Use of Function:__ext4_journal_start_sb Check Use of Function:__ptrace_link Check Use of Function:compat_ptr_ioctl Check Use of Function:hung_up_tty_compat_ioctl Check Use of Function:ext4_swap_extents Check Use of Function:loop_control_ioctl Check Use of Function:update_ref_ctr Check Use of Function:send_signal Use: =BAD PATH= Call Stack: 0 force_sig_info_to_task 1 force_sig 2 signal_fault 3 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = bitcast %struct.cpumask* %2 to i8* %12 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -4 %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -268 %18 = icmp ult i64 %17, %15 br i1 %18, label %42, label %19, !prof !6, !misexpect !7 %20 = inttoptr i64 %15 to %struct.rt_sigframe_ia32* %22 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %20, i64 0, i32 5, i32 4 %23 = bitcast %struct.kernel_cap_struct* %22 to i64* %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %21) #6, !srcloc !8 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 store i64 %26, i64* %12, align 8 %29 = and i64 %28, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %42, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #78 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %20, i64 0, i32 5, i32 3 %33 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %32) #79 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %42 %36 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %20, i64 0, i32 5, i32 2 %37 = call i32 @compat_restore_altstack(%struct.uid_gid_extent* %36) #78 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %42 %43 = inttoptr i64 %15 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %43, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.3.4769, i64 0, i64 0)) #78 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #78 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 %5 = bitcast %struct.kernel_siginfo* %2 to i8* store i32 %0, i32* %4, align 8 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %6, align 4 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %9, align 4 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.51970* %12 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.51970* %11, i32 0) #78 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %50 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct.51970* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %1, i32 1) #78 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %65 tail call void bitcast (void (%struct.task_struct*)* @kick_process to void (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %1) #78 br label %65 %66 = load void (i32)*, void (i32)** %13, align 8 %67 = icmp eq void (i32)* %66, null br i1 %67, label %68, label %80 %69 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 5 %70 = load i32, i32* %69, align 16 %71 = icmp eq i32 %70, 0 %72 = icmp eq i32 %2, 2 %73 = or i1 %72, %71 br i1 %73, label %74, label %80 %81 = tail call fastcc i32 @send_signal(i32 %5, %struct.kernel_siginfo* %0, %struct.task_struct.51970* %1, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 force_sig_info_to_task 1 force_sig 2 signal_fault 3 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = inttoptr i64 %13 to %struct.sigframe_ia32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %18 = add i64 %17, -736 %19 = icmp ult i64 %18, %13 br i1 %19, label %50, label %20, !prof !6, !misexpect !7 %22 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2 %23 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2, i32 26 %24 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %23, i64 4, i64 %21) #6, !srcloc !8 %25 = extractvalue { i32*, i32, i64 } %24, 0 %26 = extractvalue { i32*, i32, i64 } %24, 1 %27 = extractvalue { i32*, i32, i64 } %24, 2 %28 = ptrtoint i32* %25 to i64 %29 = zext i32 %26 to i64 store i64 %29, i64* %16, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %50, !prof !9, !misexpect !10 %34 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 4, i64 0 %35 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %34, i64 4, i64 %33) #6, !srcloc !11 %36 = extractvalue { i32*, i32, i64 } %35, 0 %37 = extractvalue { i32*, i32, i64 } %35, 1 %38 = extractvalue { i32*, i32, i64 } %35, 2 %39 = ptrtoint i32* %36 to i64 %40 = bitcast %struct.cpumask* %2 to i32* %41 = getelementptr inbounds i32, i32* %40, i64 1 store i32 %37, i32* %41, align 4 %42 = and i64 %39, 4294967295 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #78 %45 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %22) #79 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %50 %51 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %51, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4766, i64 0, i64 0)) #78 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #78 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 %5 = bitcast %struct.kernel_siginfo* %2 to i8* store i32 %0, i32* %4, align 8 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %6, align 4 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %9, align 4 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.51970* %12 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.51970* %11, i32 0) #78 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %50 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct.51970* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %1, i32 1) #78 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %65 tail call void bitcast (void (%struct.task_struct*)* @kick_process to void (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %1) #78 br label %65 %66 = load void (i32)*, void (i32)** %13, align 8 %67 = icmp eq void (i32)* %66, null br i1 %67, label %68, label %80 %69 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 5 %70 = load i32, i32* %69, align 16 %71 = icmp eq i32 %70, 0 %72 = icmp eq i32 %2, 2 %73 = or i1 %72, %71 br i1 %73, label %74, label %80 %81 = tail call fastcc i32 @send_signal(i32 %5, %struct.kernel_siginfo* %0, %struct.task_struct.51970* %1, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 inode_newsize_ok 3 nfs_setattr ------------- Path:  Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %1, i64 0, i32 5 %5 = load %struct.inode.216899*, %struct.inode.216899** %4, align 8 %6 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 8 %7 = load %struct.super_block.216885*, %struct.super_block.216885** %6, align 8 %8 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217027** %10 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150840*, i64)* @inode_newsize_ok to i32 (%struct.inode.216899*, i64)*)(%struct.inode.216899* %5, i64 %32) #78 Function:inode_newsize_ok %3 = icmp slt i64 %1, 0 br i1 %3, label %30, label %4 %5 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %0, i64 0, i32 14 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, %1 br i1 %7, label %8, label %22 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.150950* %11 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %10, i64 0, i32 95 %12 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %11, align 32 %13 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %12, i64 0, i32 49, i64 1, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp ult i64 %14, %1 br i1 %15, label %28, label %16 %29 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %10, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 inode_newsize_ok 3 nfs_setattr 4 nfs_namespace_setattr ------------- Path:  Function:nfs_namespace_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 2 %8 = bitcast %struct.seqcount_spinlock* %7 to i16* %9 = load i16, i16* %8, align 2 %10 = icmp eq i16 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.216888*, %struct.iattr.216890*)* @nfs_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %1, i64 0, i32 5 %5 = load %struct.inode.216899*, %struct.inode.216899** %4, align 8 %6 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 8 %7 = load %struct.super_block.216885*, %struct.super_block.216885** %6, align 8 %8 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217027** %10 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150840*, i64)* @inode_newsize_ok to i32 (%struct.inode.216899*, i64)*)(%struct.inode.216899* %5, i64 %32) #78 Function:inode_newsize_ok %3 = icmp slt i64 %1, 0 br i1 %3, label %30, label %4 %5 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %0, i64 0, i32 14 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, %1 br i1 %7, label %8, label %22 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.150950* %11 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %10, i64 0, i32 95 %12 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %11, align 32 %13 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %12, i64 0, i32 49, i64 1, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp ult i64 %14, %1 br i1 %15, label %28, label %16 %29 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %10, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.273737*, %struct.iattr.273739*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry.273737* %1, %struct.iattr.273739* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 simple_setattr 4 notify_change 5 file_remove_privs 6 __generic_file_write_iter 7 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147847*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %6, i32 2) #78 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.150840*)*)(%struct.inode.150840* %6) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %64, i64 %66, %struct.inode.150840* %6) #78 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %77, i64 %79, %struct.inode.150840* %6) #78 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %171 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150835*, %struct.inode_operations.150835** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150835, %struct.inode_operations.150835* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*, i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.user_namespace* %0, %struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 setattr_prepare 3 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig_info 1 send_sig 2 generic_write_checks 3 nfs_file_direct_write 4 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.214823, %struct.kiocb.214823* %0, i64 0, i32 0 %4 = load %struct.file.215264*, %struct.file.215264** %3, align 8 %5 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %4, i64 0, i32 2 %6 = load %struct.inode.215256*, %struct.inode.215256** %5, align 8 %7 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %6, i64 0, i32 8 %8 = load %struct.super_block.215246*, %struct.super_block.215246** %7, align 8 %9 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.215399** %11 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.215264*, %struct.inode.215256*)*)(%struct.file.215264* %4, %struct.inode.215256* %6) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = getelementptr inbounds %struct.kiocb.214823, %struct.kiocb.214823* %0, i64 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 131072 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %24 = tail call i64 bitcast (i64 (%struct.kiocb.218633*, %struct.iov_iter*, i1)* @nfs_file_direct_write to i64 (%struct.kiocb.214823*, %struct.iov_iter*, i1)*)(%struct.kiocb.214823* %0, %struct.iov_iter* %1, i1 zeroext false) #78 Function:nfs_file_direct_write %4 = getelementptr inbounds %struct.kiocb.218633, %struct.kiocb.218633* %0, i64 0, i32 0 %5 = load %struct.file.219240*, %struct.file.219240** %4, align 8 %6 = getelementptr inbounds %struct.file.219240, %struct.file.219240* %5, i64 0, i32 18 %7 = load %struct.address_space.218627*, %struct.address_space.218627** %6, align 8 %8 = getelementptr inbounds %struct.address_space.218627, %struct.address_space.218627* %7, i64 0, i32 0 %9 = load %struct.inode.219234*, %struct.inode.219234** %8, align 8 br i1 %2, label %10, label %13 %14 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_write_checks to i64 (%struct.kiocb.218633*, %struct.iov_iter*)*)(%struct.kiocb.218633* %0, %struct.iov_iter* %1) #78 Function:generic_write_checks %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 4 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 256 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %69 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %69, label %17 %18 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 16 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %27 = and i32 %19, 131080 %28 = icmp eq i32 %27, 8 br i1 %28, label %69, label %29 %30 = load i64, i64* %14, align 8 %31 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = load %struct.address_space*, %struct.address_space** %5, align 8 %34 = getelementptr inbounds %struct.address_space, %struct.address_space* %33, i64 0, i32 0 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 8 %37 = load %struct.super_block*, %struct.super_block** %36, align 8 %38 = getelementptr inbounds %struct.super_block, %struct.super_block* %37, i64 0, i32 4 %39 = load i64, i64* %38, align 32 %40 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %41 = inttoptr i64 %40 to %struct.task_struct* %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %41, i64 0, i32 95 %43 = load %struct.signal_struct*, %struct.signal_struct** %42, align 32 %44 = getelementptr %struct.signal_struct, %struct.signal_struct* %43, i64 0, i32 49, i64 1, i32 0 %45 = load volatile i64, i64* %44, align 8 %46 = icmp eq i64 %45, -1 br i1 %46, label %55, label %47 %48 = icmp sgt i64 %45, %32 br i1 %48, label %51, label %49 %50 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct*, i32)*)(i32 25, %struct.task_struct* %41, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 ------------- Good: 97 Bad: 25 Ignored: 219 Check Use of Function:rtc_dev_compat_ioctl Check Use of Function:redirected_tty_write Check Use of Function:bdev_resize_partition Check Use of Function:ata_acpi_dev_uevent Check Use of Function:shmem_unlink Use: =BAD PATH= Call Stack: 0 shmem_rmdir ------------- Path:  Function:shmem_rmdir %3 = tail call i32 bitcast (i32 (%struct.dentry.153949*)* @simple_empty to i32 (%struct.dentry*)*)(%struct.dentry* %1) #78 %4 = icmp eq i32 %3, 0 br i1 %4, label %9, label %5 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 tail call void bitcast (void (%struct.inode.150604*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* %7) #78 tail call void bitcast (void (%struct.inode.150604*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* %0) #78 %8 = tail call i32 @shmem_unlink(%struct.inode* %0, %struct.dentry* %1) #79 ------------- Use: =BAD PATH= Call Stack: 0 shmem_rename2 ------------- Path:  Function:shmem_rename2 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 0 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, -4096 %12 = icmp eq i16 %11, 16384 %13 = icmp ult i32 %5, 8 br i1 %13, label %14, label %101 %15 = and i32 %5, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %53, label %17 %54 = tail call i32 bitcast (i32 (%struct.dentry.153949*)* @simple_empty to i32 (%struct.dentry*)*)(%struct.dentry* %4) #78 %55 = icmp eq i32 %54, 0 br i1 %55, label %101, label %56 %57 = and i32 %5, 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %69, label %59 %60 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 3 %61 = load %struct.dentry*, %struct.dentry** %60, align 8 %62 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %63 = tail call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %61, %struct.qstr* %62) #78 %64 = icmp eq %struct.dentry* %63, null br i1 %64, label %101, label %65 %66 = tail call i32 @shmem_mknod(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %1, %struct.dentry* nonnull %63, i16 zeroext 8192, i32 0) #78 tail call void bitcast (void (%struct.dentry.150061*)* @dput to void (%struct.dentry*)*)(%struct.dentry* nonnull %63) #78 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %101 tail call void bitcast (void (%struct.dentry.150061*)* @d_rehash to void (%struct.dentry*)*)(%struct.dentry* nonnull %63) #78 br label %69 %70 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %71 = load %struct.inode*, %struct.inode** %70, align 8 %72 = icmp eq %struct.inode* %71, null br i1 %72, label %77, label %73 %74 = tail call i32 @shmem_unlink(%struct.inode* %3, %struct.dentry* %4) #79 ------------- Good: 0 Bad: 2 Ignored: 0 Check Use of Function:msdos_unlink Check Use of Function:htree_dirblock_to_tree Use: =BAD PATH= Call Stack: 0 ext4_htree_fill_tree 1 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info** %17 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #78 %60 = icmp eq i8* %59, null br i1 %60, label %853, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %88 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %93 %71 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %72 = inttoptr i64 %71 to %struct.task_struct* %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %72, i64 0, i32 0, i32 2 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2 %76 = icmp eq i32 %75, 0 %77 = trunc i64 %57 to i32 %78 = shl i32 %77, 1 %79 = lshr i64 %57, 31 %80 = trunc i64 %79 to i32 %81 = and i32 %80, -2 %82 = select i1 %76, i32 %81, i32 %78 %83 = getelementptr inbounds i8, i8* %59, i64 32 %84 = bitcast i8* %83 to i32* store i32 %82, i32* %84, align 8 %85 = load i32, i32* %73, align 8 %86 = and i32 %85, 2 %87 = icmp eq i32 %86, 0 br i1 %87, label %99, label %101 %100 = trunc i64 %57 to i32 br label %101 %102 = phi i32 [ %100, %99 ], [ 0, %70 ], [ 0, %88 ] %103 = getelementptr inbounds i8, i8* %59, i64 36 %104 = bitcast i8* %103 to i32* store i32 %102, i32* %104, align 4 store i8* %59, i8** %48, align 8 br label %105 %106 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %101 ] %107 = phi i32 [ %54, %52 ], [ %64, %101 ] %108 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %109 = load i64, i64* %108, align 8 %110 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %111 = and i32 %107, 512 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %124 %114 = and i32 %107, 1024 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %123 %117 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct* %119 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %124 br label %124 %125 = phi i64 [ 9223372036854775807, %123 ], [ 2147483647, %116 ], [ 2147483647, %105 ] %126 = icmp eq i64 %109, %125 br i1 %126, label %853, label %127 %128 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 3 %129 = load i64, i64* %128, align 8 %130 = icmp eq i64 %129, %109 br i1 %130, label %202, label %131 %203 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 2 %204 = load %struct.fname*, %struct.fname** %203, align 8 %205 = icmp eq %struct.fname* %204, null br i1 %205, label %277, label %206 %207 = load %struct.inode*, %struct.inode** %6, align 8 %208 = getelementptr inbounds %struct.inode, %struct.inode* %207, i64 0, i32 8 %209 = load %struct.super_block*, %struct.super_block** %208, align 8 %210 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 0 %211 = load i32, i32* %210, align 8 %212 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 1 %213 = load i32, i32* %212, align 4 br i1 %112, label %214, label %224 %215 = and i32 %107, 1024 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %227 %218 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %219 = inttoptr i64 %218 to %struct.task_struct* %220 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %219, i64 0, i32 0, i32 2 %221 = load i32, i32* %220, align 8 %222 = and i32 %221, 2 %223 = icmp eq i32 %222, 0 br i1 %223, label %227, label %224 %228 = lshr i32 %211, 1 %229 = zext i32 %228 to i64 %230 = shl nuw nsw i64 %229, 32 %231 = zext i32 %213 to i64 %232 = or i64 %230, %231 br label %233 %234 = phi i64 [ %226, %224 ], [ %232, %227 ] store i64 %234, i64* %108, align 8 %235 = getelementptr inbounds %struct.super_block, %struct.super_block* %209, i64 0, i32 28 %236 = bitcast i8** %235 to %struct.ext4_sb_info** %237 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %238 %239 = phi %struct.fname* [ %204, %233 ], [ %271, %269 ] %240 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 7, i64 0 %241 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 5 %242 = load i8, i8* %241, align 4 %243 = zext i8 %242 to i32 %244 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 4 %245 = load i32, i32* %244, align 8 %246 = zext i32 %245 to i64 %247 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 6 %248 = load i8, i8* %247, align 1 %249 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %236, align 16 %250 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %249, i64 0, i32 15 %251 = load %struct.ext4_super_block*, %struct.ext4_super_block** %250, align 8 %252 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %251, i64 0, i32 29 %253 = load i32, i32* %252, align 8 %254 = and i32 %253, 2 %255 = icmp eq i32 %254, 0 %256 = icmp ugt i8 %248, 7 %257 = or i1 %256, %255 br i1 %257, label %262, label %258 %259 = zext i8 %248 to i64 %260 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %259 %261 = load i8, i8* %260, align 1 br label %262 %263 = phi i8 [ %261, %258 ], [ 0, %238 ] %264 = zext i8 %263 to i32 %265 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %237, align 8 %266 = load i64, i64* %108, align 8 %267 = tail call i32 %265(%struct.dir_context* %1, i8* %240, i32 %243, i64 %266, i64 %246, i32 %264) #78 %268 = icmp eq i32 %267, 0 br i1 %268, label %269, label %273 %270 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 3 %271 = load %struct.fname*, %struct.fname** %270, align 8 %272 = icmp eq %struct.fname* %271, null br i1 %272, label %276, label %238 store %struct.fname* null, %struct.fname** %203, align 8 br label %464 %465 = phi i32 [ 0, %276 ], [ %375, %390 ], [ %375, %457 ] %466 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %467 = load %struct.rb_node*, %struct.rb_node** %466, align 8 %468 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %467) #78 store %struct.rb_node* %468, %struct.rb_node** %466, align 8 %469 = icmp eq %struct.rb_node* %468, null %470 = bitcast %struct.rb_node* %468 to i8* br i1 %469, label %480, label %471 %481 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %482 = load i32, i32* %481, align 8 %483 = icmp eq i32 %482, -1 br i1 %483, label %484, label %501 %502 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %482, i32* %502, align 8 %503 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 0, i32* %503, align 4 br label %287 %288 = phi i8* [ %470, %471 ], [ %470, %501 ], [ %281, %277 ], [ %286, %282 ] %289 = phi %struct.rb_node* [ %468, %471 ], [ null, %501 ], [ %279, %277 ], [ %285, %282 ] %290 = phi i32 [ %465, %471 ], [ %465, %501 ], [ 0, %277 ], [ 0, %282 ] %291 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %292 = icmp eq %struct.rb_node* %289, null br i1 %292, label %300, label %293 %294 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 %295 = load i64, i64* %294, align 8 %296 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %297 = load volatile i64, i64* %296, align 8 %298 = lshr i64 %297, 1 %299 = icmp eq i64 %298, %295 br i1 %299, label %373, label %300 store %struct.rb_node* null, %struct.rb_node** %291, align 8 %301 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0 %302 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %301) #78 %303 = icmp eq %struct.rb_node* %302, null %304 = getelementptr %struct.rb_node, %struct.rb_node* %302, i64 -1, i32 2 %305 = icmp eq %struct.rb_node** %304, null %306 = or i1 %303, %305 br i1 %306, label %326, label %307 %308 = bitcast %struct.rb_node** %304 to %struct.fname* br label %311 %312 = phi %struct.fname* [ %318, %309 ], [ %308, %307 ] %313 = getelementptr inbounds %struct.fname, %struct.fname* %312, i64 0, i32 2 %314 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %313) #78 %315 = icmp eq %struct.rb_node* %314, null %316 = getelementptr %struct.rb_node, %struct.rb_node* %314, i64 -1, i32 2 %317 = bitcast %struct.rb_node** %316 to %struct.fname* %318 = select i1 %315, %struct.fname* null, %struct.fname* %317 %319 = icmp eq %struct.fname* %312, null br i1 %319, label %309, label %320 %321 = phi %struct.fname* [ %323, %320 ], [ %312, %311 ] %322 = getelementptr inbounds %struct.fname, %struct.fname* %321, i64 0, i32 3 %323 = load %struct.fname*, %struct.fname** %322, align 8 %324 = bitcast %struct.fname* %321 to i8* tail call void @kfree(i8* nonnull %324) #78 %325 = icmp eq %struct.fname* %323, null br i1 %325, label %309, label %320 %310 = icmp eq %struct.fname* %318, null br i1 %310, label %326, label %311 %327 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %327, align 8 %328 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %329 = load volatile i64, i64* %328, align 8 br label %330 %331 = phi i64 [ %329, %326 ], [ %337, %335 ] %332 = and i64 %331, 1 %333 = icmp eq i64 %332, 0 br i1 %333, label %335, label %334 %336 = or i64 %331, 1 %337 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %328, i64 %336, i64 %331, i64* %328) #6, !srcloc !6 %338 = icmp eq i64 %337, %331 br i1 %338, label %339, label %330, !prof !7, !misexpect !8 %340 = lshr i64 %331, 1 %341 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 store i64 %340, i64* %341, align 8 %342 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 %343 = load i32, i32* %342, align 8 %344 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 %345 = load i32, i32* %344, align 4 %346 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %347 = tail call i32 @ext4_htree_fill_tree(%struct.file* %0, i32 %343, i32 %345, i32* %346) #78 Function:ext4_htree_fill_tree %5 = alloca %struct.dx_hash_info, align 8 %6 = alloca [3 x %struct.dx_frame], align 16 %7 = alloca %struct.uuidcmp, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.dx_hash_info* %5 to i8* %10 = bitcast [3 x %struct.dx_frame]* %6 to i8* %11 = bitcast %struct.uuidcmp* %7 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = getelementptr %struct.inode, %struct.inode* %13, i64 -1, i32 34 %15 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %14, i64 10, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 4096 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr inbounds %struct.inode, %struct.inode* %13, i64 0, i32 4 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 49152 %23 = icmp eq i32 %22, 49152 br i1 %23, label %24, label %26 %25 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 2 store i32 6, i32* %25, align 8 br label %36 %37 = getelementptr inbounds %struct.inode, %struct.inode* %13, i64 0, i32 8 %38 = load %struct.super_block*, %struct.super_block** %37, align 8 %39 = getelementptr inbounds %struct.super_block, %struct.super_block* %38, i64 0, i32 28 %40 = bitcast i8** %39 to %struct.ext4_sb_info** %41 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %40, align 16 br label %51 %52 = phi %struct.ext4_sb_info* [ %41, %36 ], [ %47, %42 ] %53 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %52, i64 0, i32 33, i64 0 %54 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 3 store i32* %53, i32** %54, align 8 %55 = load volatile i64, i64* %15, align 8 %56 = and i64 %55, 268435456 %57 = icmp eq i64 %56, 0 br i1 %57, label %70, label %58 %71 = call fastcc i32 @htree_dirblock_to_tree(%struct.file* %0, %struct.inode* %13, i32 0, %struct.dx_hash_info* nonnull %5, i32 %1, i32 %2) #79 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:drm_client_dev_restore Check Use of Function:ext4_da_update_reserve_space Check Use of Function:nfs_unlink Check Use of Function:security_inode_unlink Check Use of Function:autofs_dir_rmdir Check Use of Function:security_inode_rmdir Check Use of Function:cleanup_single_sta Check Use of Function:vfat_rmdir Check Use of Function:kernfs_iop_rmdir Check Use of Function:take_dentry_name_snapshot Check Use of Function:sg_new_read Use: =BAD PATH= Call Stack: 0 sg_read ------------- Path:  Function:sg_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %0, i64 0, i32 12 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295320** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295320**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.295320* %10 = getelementptr inbounds %struct.task_struct.295320, %struct.task_struct.295320* %9, i64 0, i32 84 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = icmp eq %struct.cred* %7, %11 br i1 %12, label %19, label %13 %20 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %0, i64 0, i32 16 %21 = bitcast i8** %20 to %struct.sg_fd** %22 = load %struct.sg_fd*, %struct.sg_fd** %21, align 8 %23 = icmp eq %struct.sg_fd* %22, null br i1 %23, label %484, label %24 %25 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 1 %26 = load %struct.sg_device*, %struct.sg_device** %25, align 8 %27 = icmp eq %struct.sg_device* %26, null br i1 %27, label %484, label %28 %29 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 11 %30 = load i8, i8* %29, align 8 %31 = icmp ne i8 %30, 0 %32 = icmp ugt i64 %2, 35 %33 = and i1 %32, %31 br i1 %33, label %34, label %83 %84 = phi i32 [ %74, %71 ], [ -1, %28 ], [ -1, %64 ] %85 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 3 %86 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #78 %87 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 8 %88 = bitcast %struct.list_head* %87 to %struct.sg_request** %89 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %90 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %113, label %92 %93 = icmp eq i32 %84, -1 br label %94 %95 = phi %struct.sg_request* [ %89, %92 ], [ %110, %108 ] %96 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 7 %97 = load i8, i8* %96, align 2 %98 = icmp eq i8 %97, 0 br i1 %98, label %99, label %108 br i1 %93, label %104, label %100 %101 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 3, i32 11 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, %84 br i1 %103, label %104, label %108 %105 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 8 %106 = load i8, i8* %105, align 1 %107 = icmp eq i8 %106, 1 br i1 %107, label %114, label %108 %109 = bitcast %struct.sg_request* %95 to %struct.sg_request** %110 = load %struct.sg_request*, %struct.sg_request** %109, align 8 %111 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %110, i64 0, i32 0 %112 = icmp eq %struct.list_head* %111, %87 br i1 %112, label %113, label %94 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %86) #78 br label %117 %118 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %0, i64 0, i32 7 %119 = load i32, i32* %118, align 8 %120 = and i32 %119, 2048 %121 = icmp eq i32 %120, 0 br i1 %121, label %122, label %484 %123 = tail call i32 @__cond_resched() #78 %124 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #78 %125 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %126 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %125, i64 0, i32 0 %127 = icmp eq %struct.list_head* %126, %87 br i1 %127, label %152, label %128 %129 = icmp eq i32 %84, -1 br label %130 %131 = phi i8 [ 0, %128 ], [ %147, %146 ] %132 = phi %struct.sg_request* [ %125, %128 ], [ %149, %146 ] %133 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 7 %134 = load i8, i8* %133, align 2 %135 = icmp eq i8 %134, 0 br i1 %135, label %136, label %146 br i1 %129, label %141, label %137 %138 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 3, i32 11 %139 = load i32, i32* %138, align 8 %140 = icmp eq i32 %139, %84 br i1 %140, label %141, label %146 %142 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 8 %143 = load i8, i8* %142, align 1 %144 = sext i8 %143 to i32 switch i32 %144, label %146 [ i32 0, label %145 i32 1, label %154 ] %155 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 8 store i8 2, i8* %155, align 1 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %124) #78 %156 = icmp eq %struct.sg_request* %132, null br i1 %156, label %157, label %222 %223 = phi %struct.sg_request* [ %95, %114 ], [ %212, %211 ], [ %132, %154 ] %224 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %223, i64 0, i32 3, i32 0 %225 = load i32, i32* %224, align 8 %226 = icmp eq i32 %225, 0 br i1 %226, label %229, label %227 %228 = call fastcc i64 @sg_new_read(%struct.sg_fd* nonnull %22, i8* %1, i64 %2, %struct.sg_request* nonnull %223) #80 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:may_delete Check Use of Function:i915_ioc32_compat_ioctl Check Use of Function:get_net_ns_by_id Check Use of Function:unlock_two_nondirectories Check Use of Function:ext4_rename2 Check Use of Function:ieee80211_key_free Check Use of Function:propagate_mount_busy Check Use of Function:ext4_xattr_inode_array_free Check Use of Function:set_cpus_allowed_ptr Check Use of Function:mq_select_queue Check Use of Function:ieee80211_rx_bss_put Check Use of Function:thaw_super Check Use of Function:usbdev_ioctl Check Use of Function:device_is_bound Check Use of Function:ieee80211_txq_teardown_flows Check Use of Function:nv_init_ring Check Use of Function:__azx_runtime_resume Check Use of Function:mnt_warn_timestamp_expiry Check Use of Function:pipe_read Check Use of Function:__fsnotify_parent Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147847*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %6, i32 2) #78 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.150840*)*)(%struct.inode.150840* %6) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %64, i64 %66, %struct.inode.150840* %6) #78 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %77, i64 %79, %struct.inode.150840* %6) #78 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %171 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150835*, %struct.inode_operations.150835** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150835, %struct.inode_operations.150835* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*, i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.user_namespace* %0, %struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 br label %202 %203 = phi i32 [ %199, %198 ], [ %201, %200 ] %204 = icmp eq i32 %203, 0 br i1 %204, label %205, label %261 %206 = shl i32 %139, 1 %207 = and i32 %206, 4 %208 = select i1 %152, i32 %207, i32 4 %209 = or i32 %208, 2 %210 = lshr i32 %139, 2 %211 = and i32 %210, 2 %212 = or i32 %208, %211 %213 = and i32 %139, 48 %214 = icmp eq i32 %213, 48 br i1 %214, label %215, label %217 %218 = and i32 %139, 16 %219 = icmp eq i32 %218, 0 br i1 %219, label %222, label %220 %223 = and i32 %139, 32 %224 = icmp eq i32 %223, 0 %225 = select i1 %224, i32 %212, i32 %209 br label %226 %227 = phi i32 [ %216, %215 ], [ %221, %220 ], [ %225, %222 ] %228 = shl i32 %139, 2 %229 = and i32 %228, 4 %230 = or i32 %227, %229 %231 = icmp eq i32 %230, 0 br i1 %231, label %261, label %232 %233 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %234 = bitcast %struct.inode.150840* %233 to i8* %235 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %233, i64 0, i32 8 %236 = load %struct.super_block.150826*, %struct.super_block.150826** %235, align 8 %237 = getelementptr inbounds %struct.super_block.150826, %struct.super_block.150826* %236, i64 0, i32 44, i32 0 %238 = load volatile i64, i64* %237, align 8 %239 = icmp eq i64 %238, 0 br i1 %239, label %261, label %240 %241 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %233, i64 0, i32 0 %242 = load i16, i16* %241, align 8 %243 = and i16 %242, -4096 %244 = icmp eq i16 %243, 16384 br i1 %244, label %245, label %251 %246 = or i32 %230, 1073741824 %247 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 16384 %250 = icmp eq i32 %249, 0 br i1 %250, label %258, label %251 %252 = phi i32 [ %246, %245 ], [ %230, %240 ] %253 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 3 %254 = load %struct.dentry.150830*, %struct.dentry.150830** %253, align 8 %255 = icmp eq %struct.dentry.150830* %254, %1 br i1 %255, label %258, label %256 %257 = tail call i32 bitcast (i32 (%struct.dentry.161957*, i32, i8*, i32)* @__fsnotify_parent to i32 (%struct.dentry.150830*, i32, i8*, i32)*)(%struct.dentry.150830* %1, i32 %252, i8* %234, i32 2) #78 ------------- Good: 203 Bad: 1 Ignored: 198 Check Use of Function:__vfs_removexattr Check Use of Function:security_set_bools Check Use of Function:cfg80211_rx_unprot_mlme_mgmt Check Use of Function:sta_info_get Check Use of Function:attach_recursive_mnt Check Use of Function:__tty_hangup Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl 4 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl 4 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup 1 pty_close ------------- Path:  Function:pty_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %13 %9 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, 1 br i1 %11, label %12, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 16 %24 = bitcast i64* %23 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 2, i8* %24) #6, !srcloc !7 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %25, i32 1, i32 1, i8* null) #78 %26 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 1, i8* null) #78 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 0 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 4 store i8 0, i8* %29, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %30, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 24 %32 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %33 = icmp eq %struct.tty_struct* %32, null br i1 %33, label %59, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %32, i64 0, i32 16 %36 = bitcast i64* %35 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %36, i32 4, i8* %36) #6, !srcloc !7 %37 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %38 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %37, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %38, i32 1, i32 1, i8* null) #78 %39 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %40 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %39, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %40, i32 1, i32 1, i8* null) #78 %41 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %42 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %41, i64 0, i32 11 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 1 br i1 %44, label %45, label %59 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 4, i8* %24) #6, !srcloc !7 %46 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %47 = load %struct.tty_driver*, %struct.tty_driver** @ptm_driver, align 8 %48 = icmp eq %struct.tty_driver* %46, %47 br i1 %48, label %49, label %57 tail call void @mutex_lock(%struct.mutex* nonnull @devpts_mutex) #78 %50 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %51 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %50, i64 0, i32 30 %52 = load i8*, i8** %51, align 8 %53 = icmp eq i8* %52, null br i1 %53, label %56, label %54 tail call void @mutex_unlock(%struct.mutex* nonnull @devpts_mutex) #78 br label %57 %58 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 tail call void @tty_vhangup(%struct.tty_struct* %58) #78 Function:tty_vhangup tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup 1 pty_close ------------- Path:  Function:pty_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %13 %9 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, 1 br i1 %11, label %12, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 16 %24 = bitcast i64* %23 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 2, i8* %24) #6, !srcloc !7 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %25, i32 1, i32 1, i8* null) #78 %26 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 1, i8* null) #78 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 0 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 4 store i8 0, i8* %29, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %30, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 24 %32 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %33 = icmp eq %struct.tty_struct* %32, null br i1 %33, label %59, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %32, i64 0, i32 16 %36 = bitcast i64* %35 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %36, i32 4, i8* %36) #6, !srcloc !7 %37 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %38 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %37, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %38, i32 1, i32 1, i8* null) #78 %39 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %40 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %39, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %40, i32 1, i32 1, i8* null) #78 %41 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %42 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %41, i64 0, i32 11 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 1 br i1 %44, label %45, label %59 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 4, i8* %24) #6, !srcloc !7 %46 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %47 = load %struct.tty_driver*, %struct.tty_driver** @ptm_driver, align 8 %48 = icmp eq %struct.tty_driver* %46, %47 br i1 %48, label %49, label %57 tail call void @mutex_lock(%struct.mutex* nonnull @devpts_mutex) #78 %50 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %51 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %50, i64 0, i32 30 %52 = load i8*, i8** %51, align 8 %53 = icmp eq i8* %52, null br i1 %53, label %56, label %54 tail call void @mutex_unlock(%struct.mutex* nonnull @devpts_mutex) #78 br label %57 %58 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 tail call void @tty_vhangup(%struct.tty_struct* %58) #78 Function:tty_vhangup tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 0) #78 ------------- Good: 4 Bad: 6 Ignored: 12 Check Use of Function:bdev_del_partition Check Use of Function:mqueue_create Check Use of Function:__do_loopback Check Use of Function:intel_modeset_driver_remove Check Use of Function:__audit_inode_child Check Use of Function:ida_alloc_range Check Use of Function:acpi_ut_create_internal_object_dbg Check Use of Function:ieee80211_free_keys_iface Check Use of Function:reconfigure_super Check Use of Function:wiphy_free Check Use of Function:kfree_skb_reason Use: =BAD PATH= Call Stack: 0 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %481, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.868117*, i32)*)(%struct.sk_buff.868117* %0, i32 %33) #78 %35 = icmp eq i8* %34, null br i1 %35, label %481, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %481 [ i16 8, label %40 i16 -8826, label %53 ] %54 = load i8*, i8** %11, align 8 %55 = load i16, i16* %13, align 4 %56 = zext i16 %55 to i64 %57 = getelementptr i8, i8* %54, i64 %56 %58 = bitcast i8* %57 to %struct.ipv6hdr* %59 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2361 %60 = load i8, i8* %59, align 1 %61 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2366 %62 = bitcast i8* %61 to i16* %63 = load i16, i16* %62, align 2 %64 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2372 %65 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2376 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %69 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2388 %70 = bitcast i8* %69 to i32* %71 = load i32, i32* %70, align 4 %72 = icmp eq i8 %60, 1 br i1 %72, label %73, label %79 %74 = bitcast i8* %57 to i16* %75 = load i16, i16* %74, align 2 %77 = lshr i16 %76, 4 %78 = trunc i16 %77 to i8 br label %79 %80 = phi i8 [ %78, %73 ], [ %60, %53 ] %81 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 15 %82 = load i32, i32* %81, align 4 %83 = and i32 %82, 8 %84 = icmp eq i32 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 4, i32 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = and i64 %87, -2 %89 = inttoptr i64 %88 to %struct.dst_entry.867883* %90 = icmp eq i64 %88, 0 br i1 %90, label %477, label %91 %92 = getelementptr inbounds i8, i8* %57, i64 24 %93 = getelementptr inbounds %struct.dst_entry.867883, %struct.dst_entry.867883* %89, i64 0, i32 1 %94 = load %struct.dst_ops.867865*, %struct.dst_ops.867865** %93, align 8 %95 = getelementptr inbounds %struct.dst_ops.867865, %struct.dst_ops.867865* %94, i64 0, i32 14 %96 = load %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)*, %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)** %95, align 8 %97 = tail call %struct.neighbour.867864* %96(%struct.dst_entry.867883* nonnull %89, %struct.sk_buff.868117* null, i8* %92) #78 %98 = icmp ugt %struct.neighbour.867864* %97, inttoptr (i64 -4096 to %struct.neighbour.867864*) %99 = icmp eq %struct.neighbour.867864* %97, null %100 = or i1 %98, %99 br i1 %100, label %477, label %101 %102 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %97, i64 0, i32 26 %103 = bitcast [0 x i8]* %102 to %struct.in6_addr* %104 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %103) #78 %105 = and i32 %104, 1 %106 = icmp eq i32 %105, 0 br i1 %106, label %116, label %107 %108 = getelementptr %struct.in6_addr, %struct.in6_addr* %103, i64 0, i32 0, i32 0, i64 2 %109 = load i32, i32* %108, align 4 %110 = and i32 %109, -3 %111 = icmp eq i32 %110, -27394048 br i1 %111, label %112, label %116 %113 = bitcast [0 x i8]* %102 to [4 x i32]* %114 = getelementptr [4 x i32], [4 x i32]* %113, i64 0, i64 3 %115 = load i32, i32* %114, align 4 br label %116 %117 = phi i32 [ %115, %112 ], [ %67, %101 ], [ %67, %107 ] %118 = phi i1 [ false, %112 ], [ true, %101 ], [ true, %107 ] %119 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %97, i64 0, i32 6 %120 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %119, i64 0, i32 0, i32 0 %121 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32 -1, i32* %120) #6, !srcloc !8 %122 = icmp eq i32 %121, 1 br i1 %122, label %128, label %123 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.867864*)*)(%struct.neighbour.867864* nonnull %97) #78 br label %129 br i1 %118, label %477, label %130 %131 = phi i32 [ %67, %79 ], [ %117, %129 ] %132 = icmp eq i32 %131, 0 br i1 %132, label %133, label %195 %134 = getelementptr inbounds i8, i8* %57, i64 24 %135 = bitcast i8* %134 to i16* %136 = load i16, i16* %135, align 4 %137 = icmp eq i16 %136, 544 br i1 %137, label %138, label %143 %139 = getelementptr i8, i8* %134, i64 2 %140 = bitcast i8* %139 to i32* %141 = load i32, i32* %140, align 2 %142 = icmp eq i32 %141, 0 br i1 %142, label %143, label %195 %144 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 4, i32 0, i32 0 %145 = load i64, i64* %144, align 8 %146 = and i64 %145, -2 %147 = inttoptr i64 %146 to %struct.dst_entry.867883* %148 = icmp eq i64 %146, 0 br i1 %148, label %477, label %149 %150 = getelementptr inbounds %struct.dst_entry.867883, %struct.dst_entry.867883* %147, i64 0, i32 1 %151 = load %struct.dst_ops.867865*, %struct.dst_ops.867865** %150, align 8 %152 = getelementptr inbounds %struct.dst_ops.867865, %struct.dst_ops.867865* %151, i64 0, i32 14 %153 = load %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)*, %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)** %152, align 8 %154 = tail call %struct.neighbour.867864* %153(%struct.dst_entry.867883* nonnull %147, %struct.sk_buff.868117* null, i8* %134) #78 %155 = icmp ugt %struct.neighbour.867864* %154, inttoptr (i64 -4096 to %struct.neighbour.867864*) %156 = icmp eq %struct.neighbour.867864* %154, null %157 = or i1 %155, %156 br i1 %157, label %477, label %158 %159 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %154, i64 0, i32 26 %160 = bitcast [0 x i8]* %159 to %struct.in6_addr* %161 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %160) #78 %162 = and i32 %161, 65535 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %173 %165 = load i8*, i8** %11, align 8 %166 = load i16, i16* %13, align 4 %167 = zext i16 %166 to i64 %168 = getelementptr i8, i8* %165, i64 %167 %169 = getelementptr inbounds i8, i8* %168, i64 24 %170 = bitcast i8* %169 to %struct.in6_addr* %171 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %170) #78 %172 = and i32 %171, 65535 br label %173 %174 = phi %struct.in6_addr* [ %170, %164 ], [ %160, %158 ] %175 = phi i32 [ %172, %164 ], [ %162, %158 ] %176 = trunc i32 %175 to i8 %177 = icmp sgt i8 %176, -1 br i1 %177, label %181, label %178 %179 = getelementptr %struct.in6_addr, %struct.in6_addr* %174, i64 0, i32 0, i32 0, i64 3 %180 = load i32, i32* %179, align 4 br label %181 %182 = phi i32 [ %180, %178 ], [ 0, %173 ] %183 = phi i1 [ false, %178 ], [ true, %173 ] %184 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %154, i64 0, i32 6 %185 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %184, i64 0, i32 0, i32 0 %186 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %185, i32 -1, i32* %185) #6, !srcloc !8 %187 = icmp eq i32 %186, 1 br i1 %187, label %193, label %188 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.867864*)*)(%struct.neighbour.867864* nonnull %154) #78 br label %194 br i1 %183, label %477, label %195 %196 = phi i32 [ %141, %138 ], [ %182, %194 ], [ %131, %130 ] %197 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2344 %198 = bitcast i8* %197 to i32* %199 = load i32, i32* %198, align 8 %200 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2424 %201 = bitcast i8* %200 to i32* %202 = load i32, i32* %201, align 8 %203 = and i8 %80, 30 %204 = bitcast i8* %64 to i32* %205 = load i32, i32* %204, align 4 %206 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2272 %207 = bitcast i8* %206 to %struct.net.867996** %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %199, i32* %208, align 8 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %202, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %203, i8* %211, align 4 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %212, align 1 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 %215 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %196, i32* %215, align 4 %216 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %205, i32* %216, align 8 %217 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %218 = bitcast %struct.kuid_t* %217 to %struct.raw_hdlc_proto* %219 = bitcast %struct.kuid_t* %217 to i16* store i16 0, i16* %219, align 8 %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %218, i64 0, i32 1 store i16 0, i16* %220, align 2 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 10 store i32 0, i32* %221, align 8 %222 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2312 %223 = bitcast i8* %222 to %struct.dst_cache* %224 = call %struct.rtable.867947* bitcast (%struct.rtable.778344* (%struct.dst_cache*, i32*)* @dst_cache_get_ip4 to %struct.rtable.867947* (%struct.dst_cache*, i32*)*)(%struct.dst_cache* %223, i32* %216) #78 %225 = icmp eq %struct.rtable.867947* %224, null br i1 %225, label %226, label %235 %227 = load %struct.net.867996*, %struct.net.867996** %207, align 8 %228 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %227, %struct.flowi4* nonnull %3, %struct.sock.867890* null) #78 %229 = icmp ugt %struct.rtable.867947* %228, inttoptr (i64 -4096 to %struct.rtable.867947*) br i1 %229, label %230, label %232 %233 = getelementptr inbounds %struct.rtable.867947, %struct.rtable.867947* %228, i64 0, i32 0 %234 = load i32, i32* %216, align 8 call void bitcast (void (%struct.dst_cache*, %struct.dst_entry.778843*, i32)* @dst_cache_set_ip4 to void (%struct.dst_cache*, %struct.dst_entry.867883*, i32)*)(%struct.dst_cache* %223, %struct.dst_entry.867883* %233, i32 %234) #78 br label %235 %236 = phi %struct.rtable.867947* [ %224, %195 ], [ %228, %232 ] %237 = getelementptr inbounds %struct.rtable.867947, %struct.rtable.867947* %236, i64 0, i32 3 %238 = load i16, i16* %237, align 8 %239 = icmp eq i16 %238, 1 %240 = getelementptr inbounds %struct.rtable.867947, %struct.rtable.867947* %236, i64 0, i32 0 br i1 %239, label %243, label %241 call void bitcast (void (%struct.dst_entry.763984*)* @dst_release to void (%struct.dst_entry.867883*)*)(%struct.dst_entry.867883* %240) #78 %242 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 36, i32 17, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %242, i64* %242) #6, !srcloc !7 br label %462 %463 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 4, i32 0, i32 0 %464 = load i64, i64* %463, align 8 %465 = and i64 %464, -2 %466 = icmp eq i64 %465, 0 br i1 %466, label %477, label %467 %468 = inttoptr i64 %465 to %struct.dst_entry.867883* %469 = getelementptr inbounds %struct.dst_entry.867883, %struct.dst_entry.867883* %468, i64 0, i32 1 %470 = load %struct.dst_ops.867865*, %struct.dst_ops.867865** %469, align 8 %471 = icmp eq %struct.dst_ops.867865* %470, null br i1 %471, label %477, label %472 %473 = getelementptr inbounds %struct.dst_ops.867865, %struct.dst_ops.867865* %470, i64 0, i32 10 %474 = load void (%struct.sk_buff.868117*)*, void (%struct.sk_buff.868117*)** %473, align 8 %475 = icmp eq void (%struct.sk_buff.868117*)* %474, null br i1 %475, label %477, label %476 call void %474(%struct.sk_buff.868117* %0) #78 br label %477 %478 = phi %struct.sk_buff.868117* [ %0, %247 ], [ %0, %252 ], [ %0, %274 ], [ %407, %448 ], [ %0, %308 ], [ %0, %462 ], [ %0, %467 ], [ %0, %472 ], [ %0, %476 ], [ %0, %85 ], [ %0, %91 ], [ %0, %129 ], [ %0, %143 ], [ %0, %149 ], [ %0, %194 ] call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.868117*, i32)*)(%struct.sk_buff.868117* %478, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %481, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.868117*, i32)*)(%struct.sk_buff.868117* %0, i32 %33) #78 %35 = icmp eq i8* %34, null br i1 %35, label %481, label %36 %482 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 36, i32 5, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %482, i64* %482) #6, !srcloc !7 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.868117*, i32)*)(%struct.sk_buff.868117* %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_gc 1 unix_release_sock 2 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 %123 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %124 = icmp eq %struct.sk_buff* %123, null br i1 %124, label %125, label %113 %126 = getelementptr inbounds %struct.path, %struct.path* %3, i64 0, i32 1 %127 = load %struct.dentry*, %struct.dentry** %126, align 8 %128 = icmp eq %struct.dentry* %127, null br i1 %128, label %130, label %129 %131 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %132 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %131, i64 0, i32 0, i32 0 %133 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %132, i32 -1, i32* %132) #6, !srcloc !7 %134 = icmp eq i32 %133, 1 br i1 %134, label %140, label %135 %136 = add i32 %133, -1 %137 = or i32 %136, %133 %138 = icmp sgt i32 %137, -1 br i1 %138, label %141, label %139, !prof !13, !misexpect !5 %142 = load i32, i32* @unix_tot_inflight, align 4 %143 = icmp eq i32 %142, 0 br i1 %143, label %145, label %144 call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_gc 1 unix_release_sock 2 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 %123 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %124 = icmp eq %struct.sk_buff* %123, null br i1 %124, label %125, label %113 %126 = getelementptr inbounds %struct.path, %struct.path* %3, i64 0, i32 1 %127 = load %struct.dentry*, %struct.dentry** %126, align 8 %128 = icmp eq %struct.dentry* %127, null br i1 %128, label %130, label %129 %131 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %132 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %131, i64 0, i32 0, i32 0 %133 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %132, i32 -1, i32* %132) #6, !srcloc !7 %134 = icmp eq i32 %133, 1 br i1 %134, label %140, label %135 %136 = add i32 %133, -1 %137 = or i32 %136, %133 %138 = icmp sgt i32 %137, -1 br i1 %138, label %141, label %139, !prof !13, !misexpect !5 %142 = load i32, i32* @unix_tot_inflight, align 4 %143 = icmp eq i32 %142, 0 br i1 %143, label %145, label %144 call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_gc 1 unix_release_sock 2 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 %123 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %124 = icmp eq %struct.sk_buff* %123, null br i1 %124, label %125, label %113 %126 = getelementptr inbounds %struct.path, %struct.path* %3, i64 0, i32 1 %127 = load %struct.dentry*, %struct.dentry** %126, align 8 %128 = icmp eq %struct.dentry* %127, null br i1 %128, label %130, label %129 %131 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %132 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %131, i64 0, i32 0, i32 0 %133 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %132, i32 -1, i32* %132) #6, !srcloc !7 %134 = icmp eq i32 %133, 1 br i1 %134, label %140, label %135 %136 = add i32 %133, -1 %137 = or i32 %136, %133 %138 = icmp sgt i32 %137, -1 br i1 %138, label %141, label %139, !prof !13, !misexpect !5 %142 = load i32, i32* @unix_tot_inflight, align 4 %143 = icmp eq i32 %142, 0 br i1 %143, label %145, label %144 call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_gc 1 wait_for_unix_gc 2 unix_dgram_sendmsg ------------- Path:  Function:unix_dgram_sendmsg %4 = alloca i32, align 4 %5 = alloca %struct.scm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %9 = load %struct.net*, %struct.net** %8, align 8 %10 = bitcast %struct.msghdr* %1 to %struct.sockaddr_un** %11 = load %struct.sockaddr_un*, %struct.sockaddr_un** %10, align 8 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast %struct.scm_cookie* %5 to i8* tail call void @wait_for_unix_gc() #78 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load volatile i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %8 %5 = load volatile i8, i8* @gc_in_progress, align 1, !range !4 %6 = icmp eq i8 %5, 0 br i1 %6, label %7, label %8 tail call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_gc 1 wait_for_unix_gc 2 unix_dgram_sendmsg 3 unix_seqpacket_sendmsg ------------- Path:  Function:unix_seqpacket_sendmsg %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 53 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %13, label %9, !prof !4, !misexpect !5 %14 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 %16 = icmp eq i8 %15, 1 br i1 %16, label %17, label %24 %18 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %22, label %21 %23 = tail call i32 @unix_dgram_sendmsg(%struct.socket* %0, %struct.msghdr* %1, i64 %2) #78 Function:unix_dgram_sendmsg %4 = alloca i32, align 4 %5 = alloca %struct.scm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %9 = load %struct.net*, %struct.net** %8, align 8 %10 = bitcast %struct.msghdr* %1 to %struct.sockaddr_un** %11 = load %struct.sockaddr_un*, %struct.sockaddr_un** %10, align 8 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast %struct.scm_cookie* %5 to i8* tail call void @wait_for_unix_gc() #78 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load volatile i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %8 %5 = load volatile i8, i8* @gc_in_progress, align 1, !range !4 %6 = icmp eq i8 %5, 0 br i1 %6, label %7, label %8 tail call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_gc 1 wait_for_unix_gc 2 unix_stream_sendmsg ------------- Path:  Function:unix_stream_sendmsg %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca %struct.scm_cookie, align 8 %7 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %8 = load %struct.sock*, %struct.sock** %7, align 8 %9 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %10 = bitcast %struct.scm_cookie* %6 to i8* tail call void @wait_for_unix_gc() #78 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load volatile i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %8 %5 = load volatile i8, i8* @gc_in_progress, align 1, !range !4 %6 = icmp eq i8 %5, 0 br i1 %6, label %7, label %8 tail call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 nf_hook_slow 1 __ip6_local_out ------------- Path:  Function:__ip6_local_out %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = add i32 %6, -40 %8 = icmp sgt i32 %7, 65535 %9 = trunc i32 %7 to i16 %10 = select i1 %8, i16 0, i16 %9 %12 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds i8, i8* %17, i64 4 %19 = bitcast i8* %18 to i16* store i16 %11, i16* %19, align 4 %20 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 3, i64 14 %21 = bitcast i8* %20 to i16* store i16 6, i16* %21, align 2 %22 = icmp eq %struct.sk_buff.763154* %2, null br i1 %22, label %46, label %23, !prof !4, !misexpect !5 %24 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 33 store i16 -8826, i16* %24, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 4, i32 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -2 %28 = inttoptr i64 %27 to i64* %29 = load i64, i64* %28, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds ([13 x [5 x %struct.static_key]], [13 x [5 x %struct.static_key]]* @nf_hooks_needed, i64 0, i64 10, i64 3), i32 2, i8* blockaddress(@__ip6_local_out, %30)) #6 to label %46 [label %30], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %31 = getelementptr %struct.net.762977, %struct.net.762977* %0, i64 0, i32 36, i32 4, i64 3 %32 = load volatile %struct.nf_hook_entries.762956*, %struct.nf_hook_entries.762956** %31, align 8 %33 = icmp eq %struct.nf_hook_entries.762956* %32, null br i1 %33, label %44, label %34 %35 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %36 = bitcast %struct.nf_hook_state.762954* %4 to i64* store i64 2563, i64* %36, align 8 %37 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 store %struct.net_device.763141* null, %struct.net_device.763141** %37, align 8 %38 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %39 = bitcast %struct.net_device.763141** %38 to i64* store i64 %29, i64* %39, align 8 %40 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 4 store %struct.sock.762871* %1, %struct.sock.762871** %40, align 8 %41 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 store %struct.net.762977* %0, %struct.net.762977** %41, align 8 %42 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 store i32 (%struct.net.762977*, %struct.sock.762871*, %struct.sk_buff.763154*)* @dst_output.68437, i32 (%struct.net.762977*, %struct.sock.762871*, %struct.sk_buff.763154*)** %42, align 8 %43 = call i32 bitcast (i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, %struct.nf_hook_entries.806847*, i32)* @nf_hook_slow to i32 (%struct.sk_buff.763154*, %struct.nf_hook_state.762954*, %struct.nf_hook_entries.762956*, i32)*)(%struct.sk_buff.763154* nonnull %2, %struct.nf_hook_state.762954* nonnull %4, %struct.nf_hook_entries.762956* nonnull %32, i32 0) #78 Function:nf_hook_slow %5 = getelementptr inbounds %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = zext i16 %6 to i32 %8 = icmp ugt i32 %7, %3 br i1 %8, label %9, label %33 %10 = zext i32 %3 to i64 br label %11 %12 = phi i64 [ %10, %9 ], [ %29, %28 ] %13 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 0 %14 = load i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)*, i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)** %13, align 8 %15 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 1 %16 = load i8*, i8** %15, align 8 %17 = tail call i32 %14(i8* %16, %struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1) #78 %18 = trunc i32 %17 to i8 switch i8 %18, label %33 [ i8 1, label %28 i8 0, label %19 i8 3, label %24 ] tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.806982*, i32)*)(%struct.sk_buff.806982* %0, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 nf_hook_slow 1 __ip_local_out ------------- Path:  Function:__ip_local_out %4 = alloca %struct.nf_hook_state.841147, align 8 %5 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 40 %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 35 %8 = load i16, i16* %7, align 4 %9 = zext i16 %8 to i64 %10 = getelementptr i8, i8* %6, i64 %9 %11 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i16 %15 = getelementptr inbounds i8, i8* %10, i64 2 %16 = bitcast i8* %15 to i16* store i16 %14, i16* %16, align 2 %17 = getelementptr inbounds i8, i8* %10, i64 10 %18 = bitcast i8* %17 to i16* store i16 0, i16* %18, align 2 %19 = load i8, i8* %10, align 4 %20 = and i8 %19, 15 %21 = zext i8 %20 to i32 %22 = tail call { i32, i8*, i32 } asm " movl ($1), $0\0A subl $$4, $2\0A jbe 2f\0A addl 4($1), $0\0A adcl 8($1), $0\0A adcl 12($1), $0\0A1: adcl 16($1), $0\0A lea 4($1), $1\0A decl $2\0A jne\091b\0A adcl $$0, $0\0A movl $0, $2\0A shrl $$16, $0\0A addw ${2:w}, ${0:w}\0A adcl $$0, $0\0A notl $0\0A2:", "=r,=r,=r,1,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 %21) #6, !srcloc !4 %23 = extractvalue { i32, i8*, i32 } %22, 0 %24 = trunc i32 %23 to i16 store i16 %24, i16* %18, align 2 %25 = icmp eq %struct.sk_buff.841525* %2, null br i1 %25, label %50, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 33 store i16 8, i16* %27, align 8 %28 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 4, i32 0, i32 0 %29 = load i64, i64* %28, align 8 %30 = and i64 %29, -2 %31 = inttoptr i64 %30 to i64* %32 = load i64, i64* %31, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds ([13 x [5 x %struct.static_key]], [13 x [5 x %struct.static_key]]* @nf_hooks_needed, i64 0, i64 2, i64 3), i32 2, i8* blockaddress(@__ip_local_out, %33)) #6 to label %50 [label %33], !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %34 = getelementptr %struct.net.841211, %struct.net.841211* %0, i64 0, i32 36, i32 3, i64 3 %35 = load volatile %struct.nf_hook_entries.841149*, %struct.nf_hook_entries.841149** %34, align 8 %36 = icmp eq %struct.nf_hook_entries.841149* %35, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 0 %39 = bitcast %struct.nf_hook_state.841147* %4 to i64* store i64 515, i64* %39, align 8 %40 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 2 store %struct.net_device.841632* null, %struct.net_device.841632** %40, align 8 %41 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 3 %42 = bitcast %struct.net_device.841632** %41 to i64* store i64 %32, i64* %42, align 8 %43 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 4 store %struct.sock.841515* %1, %struct.sock.841515** %43, align 8 %44 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 5 store %struct.net.841211* %0, %struct.net.841211** %44, align 8 %45 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 6 %46 = bitcast {}** %45 to i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)** store i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)* @dst_output, i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)** %46, align 8 %47 = call i32 bitcast (i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, %struct.nf_hook_entries.806847*, i32)* @nf_hook_slow to i32 (%struct.sk_buff.841525*, %struct.nf_hook_state.841147*, %struct.nf_hook_entries.841149*, i32)*)(%struct.sk_buff.841525* nonnull %2, %struct.nf_hook_state.841147* nonnull %4, %struct.nf_hook_entries.841149* nonnull %35, i32 0) #78 Function:nf_hook_slow %5 = getelementptr inbounds %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = zext i16 %6 to i32 %8 = icmp ugt i32 %7, %3 br i1 %8, label %9, label %33 %10 = zext i32 %3 to i64 br label %11 %12 = phi i64 [ %10, %9 ], [ %29, %28 ] %13 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 0 %14 = load i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)*, i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)** %13, align 8 %15 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 1 %16 = load i8*, i8** %15, align 8 %17 = tail call i32 %14(i8* %16, %struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1) #78 %18 = trunc i32 %17 to i8 switch i8 %18, label %33 [ i8 1, label %28 i8 0, label %19 i8 3, label %24 ] tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.806982*, i32)*)(%struct.sk_buff.806982* %0, i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 __netif_receive_skb_core 1 __netif_receive_skb_list_core 2 __netif_receive_skb_list 3 netif_receive_skb_list_internal 4 busy_poll_stop 5 napi_busy_loop 6 tcp_recvmsg 7 inet6_recvmsg 8 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %614 = phi %struct.sk_buff.763154* [ %584, %579 ], [ %590, %609 ] %615 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %614, i64 0, i32 33 %616 = load i16, i16* %615, align 8 br i1 %582, label %691, label %617, !prof !10, !misexpect !13 %692 = phi %struct.sk_buff.763154* [ %614, %613 ], [ %688, %687 ] %693 = phi i64 [ %580, %613 ], [ %690, %687 ] %694 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 12 %695 = inttoptr i64 %693 to %struct.packet_type* %696 = getelementptr inbounds %struct.list_head, %struct.list_head* %694, i64 0, i32 0 %697 = load volatile %struct.list_head*, %struct.list_head** %696, align 8 %698 = getelementptr %struct.list_head, %struct.list_head* %697, i64 -4, i32 1 %699 = getelementptr inbounds %struct.list_head*, %struct.list_head** %698, i64 7 %700 = bitcast %struct.list_head** %699 to %struct.list_head* %701 = icmp eq %struct.list_head* %694, %700 br i1 %701, label %760, label %702 %703 = icmp eq %struct.sk_buff.763154* %692, null %704 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %692, i64 0, i32 40 %705 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %692, i64 0, i32 39 %706 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %692, i64 0, i32 43 %707 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %706, i64 0, i32 0, i32 0 %708 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %692, i64 0, i32 0, i32 0, i32 2, i32 0 br label %709 %710 = phi %struct.list_head* [ %700, %702 ], [ %756, %750 ] %711 = phi %struct.list_head** [ %698, %702 ], [ %754, %750 ] %712 = phi %struct.packet_type* [ %695, %702 ], [ %751, %750 ] %713 = bitcast %struct.list_head** %711 to %struct.packet_type* %714 = bitcast %struct.list_head** %711 to i16* %715 = load i16, i16* %714, align 8 %716 = icmp eq i16 %715, %616 br i1 %716, label %717, label %750 %718 = icmp eq %struct.packet_type* %712, null br i1 %718, label %750, label %719 br i1 %703, label %736, label %720 %721 = load i8*, i8** %704, align 8 %722 = load i32, i32* %705, align 4 %723 = zext i32 %722 to i64 %724 = getelementptr i8, i8* %721, i64 %723 %725 = load i8, i8* %724, align 8 %726 = and i8 %725, 1 %727 = icmp eq i8 %726, 0 br i1 %727, label %736, label %728 %729 = getelementptr inbounds i8, i8* %724, i64 40 %730 = bitcast i8* %729 to %struct.ubuf_info.763182** %731 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %730, align 8 %732 = icmp eq %struct.ubuf_info.763182* %731, null br i1 %732, label %736, label %733, !prof !12, !misexpect !13 %734 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %692, i32 2592) #78 %735 = icmp eq i32 %734, 0 br i1 %735, label %736, label %750, !prof !12, !misexpect !11 %737 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %707, i32 1, i32* %707) #6, !srcloc !14 %738 = icmp eq i32 %737, 0 br i1 %738, label %743, label %739, !prof !10, !misexpect !11 %740 = add i32 %737, 1 %741 = or i32 %740, %737 %742 = icmp sgt i32 %741, -1 br i1 %742, label %745, label %743, !prof !12, !misexpect !11 %744 = phi i32 [ 2, %736 ], [ 1, %739 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %706, i32 %744) #78 br label %745 %746 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %712, i64 0, i32 3 %747 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %746, align 8 %748 = load %struct.net_device.763141*, %struct.net_device.763141** %708, align 8 %749 = call i32 %747(%struct.sk_buff.763154* %692, %struct.net_device.763141* %748, %struct.packet_type* nonnull %712, %struct.net_device.763141* %39) #78 br label %750 %751 = phi %struct.packet_type* [ %712, %709 ], [ %713, %717 ], [ %713, %733 ], [ %713, %745 ] %752 = getelementptr inbounds %struct.list_head, %struct.list_head* %710, i64 0, i32 0 %753 = load volatile %struct.list_head*, %struct.list_head** %752, align 8 %754 = getelementptr %struct.list_head, %struct.list_head* %753, i64 -4, i32 1 %755 = getelementptr inbounds %struct.list_head*, %struct.list_head** %754, i64 7 %756 = bitcast %struct.list_head** %755 to %struct.list_head* %757 = icmp eq %struct.list_head* %694, %756 br i1 %757, label %758, label %709 %759 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 br label %760 %761 = phi %struct.sk_buff.763154* [ %692, %691 ], [ %759, %758 ] %762 = phi %struct.packet_type* [ %695, %691 ], [ %751, %758 ] %763 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %761, i64 0, i32 0, i32 0, i32 2, i32 0 %764 = load %struct.net_device.763141*, %struct.net_device.763141** %763, align 8 %765 = icmp eq %struct.net_device.763141* %764, %39 br i1 %765, label %829, label %766, !prof !12, !misexpect !11 %767 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %764, i64 0, i32 12 %768 = getelementptr inbounds %struct.list_head, %struct.list_head* %767, i64 0, i32 0 %769 = load volatile %struct.list_head*, %struct.list_head** %768, align 8 %770 = getelementptr %struct.list_head, %struct.list_head* %769, i64 -4, i32 1 %771 = getelementptr inbounds %struct.list_head*, %struct.list_head** %770, i64 7 %772 = bitcast %struct.list_head** %771 to %struct.list_head* %773 = icmp eq %struct.list_head* %767, %772 br i1 %773, label %829, label %774 %775 = icmp eq %struct.sk_buff.763154* %761, null %776 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %761, i64 0, i32 40 %777 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %761, i64 0, i32 39 %778 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %761, i64 0, i32 43 %779 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %778, i64 0, i32 0, i32 0 br label %780 %781 = phi %struct.list_head* [ %772, %774 ], [ %827, %821 ] %782 = phi %struct.list_head** [ %770, %774 ], [ %825, %821 ] %783 = phi %struct.packet_type* [ %762, %774 ], [ %822, %821 ] %784 = bitcast %struct.list_head** %782 to %struct.packet_type* %785 = bitcast %struct.list_head** %782 to i16* %786 = load i16, i16* %785, align 8 %787 = icmp eq i16 %786, %616 br i1 %787, label %788, label %821 %789 = icmp eq %struct.packet_type* %783, null br i1 %789, label %821, label %790 br i1 %775, label %807, label %791 %792 = load i8*, i8** %776, align 8 %793 = load i32, i32* %777, align 4 %794 = zext i32 %793 to i64 %795 = getelementptr i8, i8* %792, i64 %794 %796 = load i8, i8* %795, align 8 %797 = and i8 %796, 1 %798 = icmp eq i8 %797, 0 br i1 %798, label %807, label %799 %800 = getelementptr inbounds i8, i8* %795, i64 40 %801 = bitcast i8* %800 to %struct.ubuf_info.763182** %802 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %801, align 8 %803 = icmp eq %struct.ubuf_info.763182* %802, null br i1 %803, label %807, label %804, !prof !12, !misexpect !13 %805 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %761, i32 2592) #78 %806 = icmp eq i32 %805, 0 br i1 %806, label %807, label %821, !prof !12, !misexpect !11 %808 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %779, i32 1, i32* %779) #6, !srcloc !14 %809 = icmp eq i32 %808, 0 br i1 %809, label %814, label %810, !prof !10, !misexpect !11 %811 = add i32 %808, 1 %812 = or i32 %811, %808 %813 = icmp sgt i32 %812, -1 br i1 %813, label %816, label %814, !prof !12, !misexpect !11 %815 = phi i32 [ 2, %807 ], [ 1, %810 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %778, i32 %815) #78 br label %816 %817 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %783, i64 0, i32 3 %818 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %817, align 8 %819 = load %struct.net_device.763141*, %struct.net_device.763141** %763, align 8 %820 = call i32 %818(%struct.sk_buff.763154* %761, %struct.net_device.763141* %819, %struct.packet_type* nonnull %783, %struct.net_device.763141* %39) #78 br label %821 %822 = phi %struct.packet_type* [ %783, %780 ], [ %784, %788 ], [ %784, %804 ], [ %784, %816 ] %823 = getelementptr inbounds %struct.list_head, %struct.list_head* %781, i64 0, i32 0 %824 = load volatile %struct.list_head*, %struct.list_head** %823, align 8 %825 = getelementptr %struct.list_head, %struct.list_head* %824, i64 -4, i32 1 %826 = getelementptr inbounds %struct.list_head*, %struct.list_head** %825, i64 7 %827 = bitcast %struct.list_head** %826 to %struct.list_head* %828 = icmp eq %struct.list_head* %767, %827 br i1 %828, label %829, label %780 %830 = phi %struct.packet_type* [ %762, %760 ], [ %762, %766 ], [ %822, %821 ] %831 = ptrtoint %struct.packet_type* %830 to i64 %832 = icmp eq %struct.packet_type* %830, null br i1 %832, label %856, label %833 %834 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %835 = icmp eq %struct.sk_buff.763154* %834, null br i1 %835, label %854, label %836 %837 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %834, i64 0, i32 40 %838 = load i8*, i8** %837, align 8 %839 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %834, i64 0, i32 39 %840 = load i32, i32* %839, align 4 %841 = zext i32 %840 to i64 %842 = getelementptr i8, i8* %838, i64 %841 %843 = load i8, i8* %842, align 8 %844 = and i8 %843, 1 %845 = icmp eq i8 %844, 0 br i1 %845, label %854, label %846 %847 = getelementptr inbounds i8, i8* %842, i64 40 %848 = bitcast i8* %847 to %struct.ubuf_info.763182** %849 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %848, align 8 %850 = icmp eq %struct.ubuf_info.763182* %849, null br i1 %850, label %854, label %851, !prof !12, !misexpect !13 %852 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %834, i32 2592) #78 %853 = icmp eq i32 %852, 0 br i1 %853, label %854, label %856, !prof !12, !misexpect !11 %857 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %858 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %857, i64 0, i32 0, i32 0, i32 2, i32 0 %859 = load %struct.net_device.763141*, %struct.net_device.763141** %858, align 8 br i1 %583, label %860, label %863 %864 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %859, i64 0, i32 39, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %864, i64* %864) #6, !srcloc !21 br label %865 %866 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %866, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __netif_receive_skb_core 1 __netif_receive_skb_list_core 2 __netif_receive_skb_list 3 netif_receive_skb_list_internal 4 busy_poll_stop 5 napi_busy_loop 6 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %614 = phi %struct.sk_buff.763154* [ %584, %579 ], [ %590, %609 ] %615 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %614, i64 0, i32 33 %616 = load i16, i16* %615, align 8 br i1 %582, label %691, label %617, !prof !10, !misexpect !13 %692 = phi %struct.sk_buff.763154* [ %614, %613 ], [ %688, %687 ] %693 = phi i64 [ %580, %613 ], [ %690, %687 ] %694 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 12 %695 = inttoptr i64 %693 to %struct.packet_type* %696 = getelementptr inbounds %struct.list_head, %struct.list_head* %694, i64 0, i32 0 %697 = load volatile %struct.list_head*, %struct.list_head** %696, align 8 %698 = getelementptr %struct.list_head, %struct.list_head* %697, i64 -4, i32 1 %699 = getelementptr inbounds %struct.list_head*, %struct.list_head** %698, i64 7 %700 = bitcast %struct.list_head** %699 to %struct.list_head* %701 = icmp eq %struct.list_head* %694, %700 br i1 %701, label %760, label %702 %703 = icmp eq %struct.sk_buff.763154* %692, null %704 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %692, i64 0, i32 40 %705 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %692, i64 0, i32 39 %706 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %692, i64 0, i32 43 %707 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %706, i64 0, i32 0, i32 0 %708 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %692, i64 0, i32 0, i32 0, i32 2, i32 0 br label %709 %710 = phi %struct.list_head* [ %700, %702 ], [ %756, %750 ] %711 = phi %struct.list_head** [ %698, %702 ], [ %754, %750 ] %712 = phi %struct.packet_type* [ %695, %702 ], [ %751, %750 ] %713 = bitcast %struct.list_head** %711 to %struct.packet_type* %714 = bitcast %struct.list_head** %711 to i16* %715 = load i16, i16* %714, align 8 %716 = icmp eq i16 %715, %616 br i1 %716, label %717, label %750 %718 = icmp eq %struct.packet_type* %712, null br i1 %718, label %750, label %719 br i1 %703, label %736, label %720 %721 = load i8*, i8** %704, align 8 %722 = load i32, i32* %705, align 4 %723 = zext i32 %722 to i64 %724 = getelementptr i8, i8* %721, i64 %723 %725 = load i8, i8* %724, align 8 %726 = and i8 %725, 1 %727 = icmp eq i8 %726, 0 br i1 %727, label %736, label %728 %729 = getelementptr inbounds i8, i8* %724, i64 40 %730 = bitcast i8* %729 to %struct.ubuf_info.763182** %731 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %730, align 8 %732 = icmp eq %struct.ubuf_info.763182* %731, null br i1 %732, label %736, label %733, !prof !12, !misexpect !13 %734 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %692, i32 2592) #78 %735 = icmp eq i32 %734, 0 br i1 %735, label %736, label %750, !prof !12, !misexpect !11 %737 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %707, i32 1, i32* %707) #6, !srcloc !14 %738 = icmp eq i32 %737, 0 br i1 %738, label %743, label %739, !prof !10, !misexpect !11 %740 = add i32 %737, 1 %741 = or i32 %740, %737 %742 = icmp sgt i32 %741, -1 br i1 %742, label %745, label %743, !prof !12, !misexpect !11 %744 = phi i32 [ 2, %736 ], [ 1, %739 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %706, i32 %744) #78 br label %745 %746 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %712, i64 0, i32 3 %747 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %746, align 8 %748 = load %struct.net_device.763141*, %struct.net_device.763141** %708, align 8 %749 = call i32 %747(%struct.sk_buff.763154* %692, %struct.net_device.763141* %748, %struct.packet_type* nonnull %712, %struct.net_device.763141* %39) #78 br label %750 %751 = phi %struct.packet_type* [ %712, %709 ], [ %713, %717 ], [ %713, %733 ], [ %713, %745 ] %752 = getelementptr inbounds %struct.list_head, %struct.list_head* %710, i64 0, i32 0 %753 = load volatile %struct.list_head*, %struct.list_head** %752, align 8 %754 = getelementptr %struct.list_head, %struct.list_head* %753, i64 -4, i32 1 %755 = getelementptr inbounds %struct.list_head*, %struct.list_head** %754, i64 7 %756 = bitcast %struct.list_head** %755 to %struct.list_head* %757 = icmp eq %struct.list_head* %694, %756 br i1 %757, label %758, label %709 %759 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 br label %760 %761 = phi %struct.sk_buff.763154* [ %692, %691 ], [ %759, %758 ] %762 = phi %struct.packet_type* [ %695, %691 ], [ %751, %758 ] %763 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %761, i64 0, i32 0, i32 0, i32 2, i32 0 %764 = load %struct.net_device.763141*, %struct.net_device.763141** %763, align 8 %765 = icmp eq %struct.net_device.763141* %764, %39 br i1 %765, label %829, label %766, !prof !12, !misexpect !11 %767 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %764, i64 0, i32 12 %768 = getelementptr inbounds %struct.list_head, %struct.list_head* %767, i64 0, i32 0 %769 = load volatile %struct.list_head*, %struct.list_head** %768, align 8 %770 = getelementptr %struct.list_head, %struct.list_head* %769, i64 -4, i32 1 %771 = getelementptr inbounds %struct.list_head*, %struct.list_head** %770, i64 7 %772 = bitcast %struct.list_head** %771 to %struct.list_head* %773 = icmp eq %struct.list_head* %767, %772 br i1 %773, label %829, label %774 %775 = icmp eq %struct.sk_buff.763154* %761, null %776 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %761, i64 0, i32 40 %777 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %761, i64 0, i32 39 %778 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %761, i64 0, i32 43 %779 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %778, i64 0, i32 0, i32 0 br label %780 %781 = phi %struct.list_head* [ %772, %774 ], [ %827, %821 ] %782 = phi %struct.list_head** [ %770, %774 ], [ %825, %821 ] %783 = phi %struct.packet_type* [ %762, %774 ], [ %822, %821 ] %784 = bitcast %struct.list_head** %782 to %struct.packet_type* %785 = bitcast %struct.list_head** %782 to i16* %786 = load i16, i16* %785, align 8 %787 = icmp eq i16 %786, %616 br i1 %787, label %788, label %821 %789 = icmp eq %struct.packet_type* %783, null br i1 %789, label %821, label %790 br i1 %775, label %807, label %791 %792 = load i8*, i8** %776, align 8 %793 = load i32, i32* %777, align 4 %794 = zext i32 %793 to i64 %795 = getelementptr i8, i8* %792, i64 %794 %796 = load i8, i8* %795, align 8 %797 = and i8 %796, 1 %798 = icmp eq i8 %797, 0 br i1 %798, label %807, label %799 %800 = getelementptr inbounds i8, i8* %795, i64 40 %801 = bitcast i8* %800 to %struct.ubuf_info.763182** %802 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %801, align 8 %803 = icmp eq %struct.ubuf_info.763182* %802, null br i1 %803, label %807, label %804, !prof !12, !misexpect !13 %805 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %761, i32 2592) #78 %806 = icmp eq i32 %805, 0 br i1 %806, label %807, label %821, !prof !12, !misexpect !11 %808 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %779, i32 1, i32* %779) #6, !srcloc !14 %809 = icmp eq i32 %808, 0 br i1 %809, label %814, label %810, !prof !10, !misexpect !11 %811 = add i32 %808, 1 %812 = or i32 %811, %808 %813 = icmp sgt i32 %812, -1 br i1 %813, label %816, label %814, !prof !12, !misexpect !11 %815 = phi i32 [ 2, %807 ], [ 1, %810 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %778, i32 %815) #78 br label %816 %817 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %783, i64 0, i32 3 %818 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %817, align 8 %819 = load %struct.net_device.763141*, %struct.net_device.763141** %763, align 8 %820 = call i32 %818(%struct.sk_buff.763154* %761, %struct.net_device.763141* %819, %struct.packet_type* nonnull %783, %struct.net_device.763141* %39) #78 br label %821 %822 = phi %struct.packet_type* [ %783, %780 ], [ %784, %788 ], [ %784, %804 ], [ %784, %816 ] %823 = getelementptr inbounds %struct.list_head, %struct.list_head* %781, i64 0, i32 0 %824 = load volatile %struct.list_head*, %struct.list_head** %823, align 8 %825 = getelementptr %struct.list_head, %struct.list_head* %824, i64 -4, i32 1 %826 = getelementptr inbounds %struct.list_head*, %struct.list_head** %825, i64 7 %827 = bitcast %struct.list_head** %826 to %struct.list_head* %828 = icmp eq %struct.list_head* %767, %827 br i1 %828, label %829, label %780 %830 = phi %struct.packet_type* [ %762, %760 ], [ %762, %766 ], [ %822, %821 ] %831 = ptrtoint %struct.packet_type* %830 to i64 %832 = icmp eq %struct.packet_type* %830, null br i1 %832, label %856, label %833 %834 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %835 = icmp eq %struct.sk_buff.763154* %834, null br i1 %835, label %854, label %836 %837 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %834, i64 0, i32 40 %838 = load i8*, i8** %837, align 8 %839 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %834, i64 0, i32 39 %840 = load i32, i32* %839, align 4 %841 = zext i32 %840 to i64 %842 = getelementptr i8, i8* %838, i64 %841 %843 = load i8, i8* %842, align 8 %844 = and i8 %843, 1 %845 = icmp eq i8 %844, 0 br i1 %845, label %854, label %846 %847 = getelementptr inbounds i8, i8* %842, i64 40 %848 = bitcast i8* %847 to %struct.ubuf_info.763182** %849 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %848, align 8 %850 = icmp eq %struct.ubuf_info.763182* %849, null br i1 %850, label %854, label %851, !prof !12, !misexpect !13 %852 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %834, i32 2592) #78 %853 = icmp eq i32 %852, 0 br i1 %853, label %854, label %856, !prof !12, !misexpect !11 %857 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %858 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %857, i64 0, i32 0, i32 0, i32 2, i32 0 %859 = load %struct.net_device.763141*, %struct.net_device.763141** %858, align 8 br i1 %583, label %860, label %863 %864 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %859, i64 0, i32 39, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %864, i64* %864) #6, !srcloc !21 br label %865 %866 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %866, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 netif_receive_generic_xdp 1 __netif_receive_skb_core 2 __netif_receive_skb_list_core 3 __netif_receive_skb_list 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 %84 = call fastcc i32 @netif_receive_generic_xdp(%struct.sk_buff.763154* %77, %struct.xdp_buff.763021* nonnull %6, %struct.bpf_prog.762827* nonnull %81) #78 Function:netif_receive_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 18 %5 = load i16, i16* %4, align 2 %6 = and i16 %5, 8192 %7 = icmp eq i16 %6, 0 br i1 %7, label %8, label %100 %9 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 12 %10 = load i8, i8* %9, align 2 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %29, label %13 %14 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %15 = load i8*, i8** %14, align 8 %16 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr i8, i8* %15, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %29, label %25 %26 = ptrtoint i8* %15 to i64 %27 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %28 = load i32, i32* %27, align 4 br label %47 %48 = phi i32 [ %31, %33 ], [ %28, %25 ], [ 0, %37 ] %49 = phi i64 [ %36, %33 ], [ %26, %25 ], [ %43, %37 ] %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %51 = bitcast i8** %50 to i64* %52 = load i64, i64* %51, align 8 %53 = sub i64 %52, %49 %54 = trunc i64 %53 to i32 %55 = sub i32 256, %54 %56 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %57 = load i32, i32* %56, align 8 %58 = add i32 %48, %57 %59 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %60 = load i32, i32* %59, align 4 %61 = sub i32 %58, %60 %62 = icmp sgt i32 %55, 0 %63 = sub i32 319, %54 %64 = and i32 %63, -64 %65 = select i1 %62, i32 %64, i32 0 %66 = icmp sgt i32 %61, 0 %67 = add i32 %61, 128 %68 = select i1 %66, i32 %67, i32 0 %69 = tail call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i32, i32)* @pskb_expand_head to i32 (%struct.sk_buff.763154*, i32, i32, i32)*)(%struct.sk_buff.763154* %0, i32 %65, i32 %68, i32 2592) #78 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %98 %72 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %73 = load i32, i32* %72, align 4 %74 = icmp eq i32 %73, 0 br i1 %74, label %78, label %75 %76 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %0, i32 %73) #78 %77 = icmp eq i8* %76, null br i1 %77, label %98, label %78 %99 = phi i32 [ %79, %78 ], [ %79, %81 ], [ %79, %84 ], [ %79, %97 ], [ 1, %47 ], [ 1, %75 ] tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 netif_receive_generic_xdp 1 __netif_receive_skb_core 2 __netif_receive_skb_list_core 3 __netif_receive_skb_list 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 %84 = call fastcc i32 @netif_receive_generic_xdp(%struct.sk_buff.763154* %77, %struct.xdp_buff.763021* nonnull %6, %struct.bpf_prog.762827* nonnull %81) #78 Function:netif_receive_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 18 %5 = load i16, i16* %4, align 2 %6 = and i16 %5, 8192 %7 = icmp eq i16 %6, 0 br i1 %7, label %8, label %100 %9 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 12 %10 = load i8, i8* %9, align 2 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %29, label %13 %14 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %15 = load i8*, i8** %14, align 8 %16 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr i8, i8* %15, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %29, label %25 %26 = ptrtoint i8* %15 to i64 %27 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %28 = load i32, i32* %27, align 4 br label %47 %48 = phi i32 [ %31, %33 ], [ %28, %25 ], [ 0, %37 ] %49 = phi i64 [ %36, %33 ], [ %26, %25 ], [ %43, %37 ] %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %51 = bitcast i8** %50 to i64* %52 = load i64, i64* %51, align 8 %53 = sub i64 %52, %49 %54 = trunc i64 %53 to i32 %55 = sub i32 256, %54 %56 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %57 = load i32, i32* %56, align 8 %58 = add i32 %48, %57 %59 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %60 = load i32, i32* %59, align 4 %61 = sub i32 %58, %60 %62 = icmp sgt i32 %55, 0 %63 = sub i32 319, %54 %64 = and i32 %63, -64 %65 = select i1 %62, i32 %64, i32 0 %66 = icmp sgt i32 %61, 0 %67 = add i32 %61, 128 %68 = select i1 %66, i32 %67, i32 0 %69 = tail call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i32, i32)* @pskb_expand_head to i32 (%struct.sk_buff.763154*, i32, i32, i32)*)(%struct.sk_buff.763154* %0, i32 %65, i32 %68, i32 2592) #78 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %98 %72 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %73 = load i32, i32* %72, align 4 %74 = icmp eq i32 %73, 0 br i1 %74, label %78, label %75 %76 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %0, i32 %73) #78 %77 = icmp eq i8* %76, null br i1 %77, label %98, label %78 %99 = phi i32 [ %79, %78 ], [ %79, %81 ], [ %79, %84 ], [ %79, %97 ], [ 1, %47 ], [ 1, %75 ] tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 napi_gro_complete 1 busy_poll_stop 2 napi_busy_loop 3 tcp_recvmsg 4 inet6_recvmsg 5 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %125 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head* %126 = bitcast %struct.sk_buff.763154* %116 to %struct.list_head** %127 = load %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 0, i32 1 %129 = bitcast %struct.list_head** %128 to %struct.sk_buff.763154** store %struct.sk_buff.763154* %118, %struct.sk_buff.763154** %129, align 8 %130 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head** store volatile %struct.list_head* %127, %struct.list_head** %130, align 8 %131 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 0 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %131, align 8 tail call fastcc void @napi_gro_complete(%struct.napi_struct.763158* %0, %struct.sk_buff.763154* %116) #78 Function:napi_gro_complete %3 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 33 %4 = load i16, i16* %3, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 3, i64 20 %6 = bitcast i8* %5 to i16* %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 1 br i1 %8, label %9, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @offload_base, i64 0, i32 0), align 8 %20 = icmp eq %struct.list_head* %19, @offload_base br i1 %20, label %46, label %21 %22 = phi %struct.list_head* [ %44, %42 ], [ %19, %18 ] %23 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %24 = bitcast %struct.list_head* %23 to i16* %25 = load i16, i16* %24, align 8 %26 = icmp eq i16 %25, %4 br i1 %26, label %27, label %42 %28 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -1, i32 1 %29 = bitcast %struct.list_head** %28 to i32 (%struct.sk_buff.763154*, i32)** %30 = load i32 (%struct.sk_buff.763154*, i32)*, i32 (%struct.sk_buff.763154*, i32)** %29, align 8 %31 = icmp eq i32 (%struct.sk_buff.763154*, i32)* %30, null br i1 %31, label %42, label %32 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, @offload_base br i1 %45, label %46, label %21 %47 = phi i1 [ false, %34 ], [ false, %38 ], [ false, %40 ], [ true, %18 ], [ true, %42 ] %48 = phi i32 [ %35, %34 ], [ %39, %38 ], [ %41, %40 ], [ -2, %18 ], [ -2, %42 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 %49 = icmp eq i32 %48, 0 br i1 %49, label %53, label %50 br i1 %47, label %51, label %52, !prof !8, !misexpect !9 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.1.63505, i64 0, i64 0), i32 5887, i32 2305, i64 12) #6, !srcloc !10 br label %52 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %1, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 napi_gro_complete 1 busy_poll_stop 2 napi_busy_loop 3 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %125 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head* %126 = bitcast %struct.sk_buff.763154* %116 to %struct.list_head** %127 = load %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 0, i32 1 %129 = bitcast %struct.list_head** %128 to %struct.sk_buff.763154** store %struct.sk_buff.763154* %118, %struct.sk_buff.763154** %129, align 8 %130 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head** store volatile %struct.list_head* %127, %struct.list_head** %130, align 8 %131 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 0 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %131, align 8 tail call fastcc void @napi_gro_complete(%struct.napi_struct.763158* %0, %struct.sk_buff.763154* %116) #78 Function:napi_gro_complete %3 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 33 %4 = load i16, i16* %3, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 3, i64 20 %6 = bitcast i8* %5 to i16* %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 1 br i1 %8, label %9, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @offload_base, i64 0, i32 0), align 8 %20 = icmp eq %struct.list_head* %19, @offload_base br i1 %20, label %46, label %21 %22 = phi %struct.list_head* [ %44, %42 ], [ %19, %18 ] %23 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %24 = bitcast %struct.list_head* %23 to i16* %25 = load i16, i16* %24, align 8 %26 = icmp eq i16 %25, %4 br i1 %26, label %27, label %42 %28 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -1, i32 1 %29 = bitcast %struct.list_head** %28 to i32 (%struct.sk_buff.763154*, i32)** %30 = load i32 (%struct.sk_buff.763154*, i32)*, i32 (%struct.sk_buff.763154*, i32)** %29, align 8 %31 = icmp eq i32 (%struct.sk_buff.763154*, i32)* %30, null br i1 %31, label %42, label %32 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, @offload_base br i1 %45, label %46, label %21 %47 = phi i1 [ false, %34 ], [ false, %38 ], [ false, %40 ], [ true, %18 ], [ true, %42 ] %48 = phi i32 [ %35, %34 ], [ %39, %38 ], [ %41, %40 ], [ -2, %18 ], [ -2, %42 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 %49 = icmp eq i32 %48, 0 br i1 %49, label %53, label %50 br i1 %47, label %51, label %52, !prof !8, !misexpect !9 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.1.63505, i64 0, i64 0), i32 5887, i32 2305, i64 12) #6, !srcloc !10 br label %52 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %1, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 nf_queue 1 nf_hook_slow 2 __ip6_local_out ------------- Path:  Function:__ip6_local_out %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = add i32 %6, -40 %8 = icmp sgt i32 %7, 65535 %9 = trunc i32 %7 to i16 %10 = select i1 %8, i16 0, i16 %9 %12 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds i8, i8* %17, i64 4 %19 = bitcast i8* %18 to i16* store i16 %11, i16* %19, align 4 %20 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 3, i64 14 %21 = bitcast i8* %20 to i16* store i16 6, i16* %21, align 2 %22 = icmp eq %struct.sk_buff.763154* %2, null br i1 %22, label %46, label %23, !prof !4, !misexpect !5 %24 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 33 store i16 -8826, i16* %24, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 4, i32 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -2 %28 = inttoptr i64 %27 to i64* %29 = load i64, i64* %28, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds ([13 x [5 x %struct.static_key]], [13 x [5 x %struct.static_key]]* @nf_hooks_needed, i64 0, i64 10, i64 3), i32 2, i8* blockaddress(@__ip6_local_out, %30)) #6 to label %46 [label %30], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %31 = getelementptr %struct.net.762977, %struct.net.762977* %0, i64 0, i32 36, i32 4, i64 3 %32 = load volatile %struct.nf_hook_entries.762956*, %struct.nf_hook_entries.762956** %31, align 8 %33 = icmp eq %struct.nf_hook_entries.762956* %32, null br i1 %33, label %44, label %34 %35 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %36 = bitcast %struct.nf_hook_state.762954* %4 to i64* store i64 2563, i64* %36, align 8 %37 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 store %struct.net_device.763141* null, %struct.net_device.763141** %37, align 8 %38 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %39 = bitcast %struct.net_device.763141** %38 to i64* store i64 %29, i64* %39, align 8 %40 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 4 store %struct.sock.762871* %1, %struct.sock.762871** %40, align 8 %41 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 store %struct.net.762977* %0, %struct.net.762977** %41, align 8 %42 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 store i32 (%struct.net.762977*, %struct.sock.762871*, %struct.sk_buff.763154*)* @dst_output.68437, i32 (%struct.net.762977*, %struct.sock.762871*, %struct.sk_buff.763154*)** %42, align 8 %43 = call i32 bitcast (i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, %struct.nf_hook_entries.806847*, i32)* @nf_hook_slow to i32 (%struct.sk_buff.763154*, %struct.nf_hook_state.762954*, %struct.nf_hook_entries.762956*, i32)*)(%struct.sk_buff.763154* nonnull %2, %struct.nf_hook_state.762954* nonnull %4, %struct.nf_hook_entries.762956* nonnull %32, i32 0) #78 Function:nf_hook_slow %5 = getelementptr inbounds %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = zext i16 %6 to i32 %8 = icmp ugt i32 %7, %3 br i1 %8, label %9, label %33 %10 = zext i32 %3 to i64 br label %11 %12 = phi i64 [ %10, %9 ], [ %29, %28 ] %13 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 0 %14 = load i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)*, i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)** %13, align 8 %15 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 1 %16 = load i8*, i8** %15, align 8 %17 = tail call i32 %14(i8* %16, %struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1) #78 %18 = trunc i32 %17 to i8 switch i8 %18, label %33 [ i8 1, label %28 i8 0, label %19 i8 3, label %24 ] %25 = trunc i64 %12 to i32 %26 = tail call i32 bitcast (i32 (%struct.sk_buff.273360*, %struct.nf_hook_state*, i32, i32)* @nf_queue to i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, i32, i32)*)(%struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1, i32 %25, i32 %17) #78 Function:nf_queue %5 = alloca [6 x i8], align 2 %6 = lshr i32 %3, 16 %7 = getelementptr inbounds [6 x i8], [6 x i8]* %5, i64 0, i64 0 %8 = load volatile %struct.nf_queue_handler*, %struct.nf_queue_handler** @nf_queue_handler, align 8 %9 = icmp eq %struct.nf_queue_handler* %8, null br i1 %9, label %231, label %10 %11 = getelementptr inbounds %struct.nf_hook_state, %struct.nf_hook_state* %1, i64 0, i32 1 %12 = load i8, i8* %11, align 1 %13 = icmp eq i8 %12, 10 %14 = select i1 %13, i64 124, i64 88 %15 = icmp eq i8 %12, 2 %16 = select i1 %15, i64 104, i64 %14 %17 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 4, i32 0, i32 1 %18 = load void (%struct.sk_buff.273360*)*, void (%struct.sk_buff.273360*)** %17, align 8 %19 = icmp eq void (%struct.sk_buff.273360*)* %18, @sock_pfree br i1 %19, label %20, label %58 %21 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 1, i32 0 %22 = load %struct.sock.273622*, %struct.sock.273622** %21, align 8 %23 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 4 %24 = load volatile i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = shl nuw i32 1, %25 %27 = and i32 %26, -4161 %28 = icmp eq i32 %27, 0 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 13, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = and i64 %31, 8388608 %33 = icmp eq i64 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 19 %36 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %35, i64 0, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %49, label %39 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 %41, i32* %36, i32 %40) #6, !srcloc !4 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !5, !misexpect !6 %47 = extractvalue { i8, i32 } %42, 1 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %39 %50 = phi i32 [ 0, %34 ], [ %40, %39 ], [ 0, %46 ] %51 = add i32 %50, 1 %52 = or i32 %51, %50 %53 = icmp sgt i32 %52, -1 br i1 %53, label %55, label %54, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %35, i32 0) #78 br label %55 %56 = icmp eq i32 %50, 0 br i1 %56, label %230, label %57 br label %236 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.273360*, i32)*)(%struct.sk_buff.273360* %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 nf_queue 1 nf_hook_slow 2 __ip_local_out ------------- Path:  Function:__ip_local_out %4 = alloca %struct.nf_hook_state.841147, align 8 %5 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 40 %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 35 %8 = load i16, i16* %7, align 4 %9 = zext i16 %8 to i64 %10 = getelementptr i8, i8* %6, i64 %9 %11 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i16 %15 = getelementptr inbounds i8, i8* %10, i64 2 %16 = bitcast i8* %15 to i16* store i16 %14, i16* %16, align 2 %17 = getelementptr inbounds i8, i8* %10, i64 10 %18 = bitcast i8* %17 to i16* store i16 0, i16* %18, align 2 %19 = load i8, i8* %10, align 4 %20 = and i8 %19, 15 %21 = zext i8 %20 to i32 %22 = tail call { i32, i8*, i32 } asm " movl ($1), $0\0A subl $$4, $2\0A jbe 2f\0A addl 4($1), $0\0A adcl 8($1), $0\0A adcl 12($1), $0\0A1: adcl 16($1), $0\0A lea 4($1), $1\0A decl $2\0A jne\091b\0A adcl $$0, $0\0A movl $0, $2\0A shrl $$16, $0\0A addw ${2:w}, ${0:w}\0A adcl $$0, $0\0A notl $0\0A2:", "=r,=r,=r,1,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 %21) #6, !srcloc !4 %23 = extractvalue { i32, i8*, i32 } %22, 0 %24 = trunc i32 %23 to i16 store i16 %24, i16* %18, align 2 %25 = icmp eq %struct.sk_buff.841525* %2, null br i1 %25, label %50, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 33 store i16 8, i16* %27, align 8 %28 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 4, i32 0, i32 0 %29 = load i64, i64* %28, align 8 %30 = and i64 %29, -2 %31 = inttoptr i64 %30 to i64* %32 = load i64, i64* %31, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds ([13 x [5 x %struct.static_key]], [13 x [5 x %struct.static_key]]* @nf_hooks_needed, i64 0, i64 2, i64 3), i32 2, i8* blockaddress(@__ip_local_out, %33)) #6 to label %50 [label %33], !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %34 = getelementptr %struct.net.841211, %struct.net.841211* %0, i64 0, i32 36, i32 3, i64 3 %35 = load volatile %struct.nf_hook_entries.841149*, %struct.nf_hook_entries.841149** %34, align 8 %36 = icmp eq %struct.nf_hook_entries.841149* %35, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 0 %39 = bitcast %struct.nf_hook_state.841147* %4 to i64* store i64 515, i64* %39, align 8 %40 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 2 store %struct.net_device.841632* null, %struct.net_device.841632** %40, align 8 %41 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 3 %42 = bitcast %struct.net_device.841632** %41 to i64* store i64 %32, i64* %42, align 8 %43 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 4 store %struct.sock.841515* %1, %struct.sock.841515** %43, align 8 %44 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 5 store %struct.net.841211* %0, %struct.net.841211** %44, align 8 %45 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 6 %46 = bitcast {}** %45 to i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)** store i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)* @dst_output, i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)** %46, align 8 %47 = call i32 bitcast (i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, %struct.nf_hook_entries.806847*, i32)* @nf_hook_slow to i32 (%struct.sk_buff.841525*, %struct.nf_hook_state.841147*, %struct.nf_hook_entries.841149*, i32)*)(%struct.sk_buff.841525* nonnull %2, %struct.nf_hook_state.841147* nonnull %4, %struct.nf_hook_entries.841149* nonnull %35, i32 0) #78 Function:nf_hook_slow %5 = getelementptr inbounds %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = zext i16 %6 to i32 %8 = icmp ugt i32 %7, %3 br i1 %8, label %9, label %33 %10 = zext i32 %3 to i64 br label %11 %12 = phi i64 [ %10, %9 ], [ %29, %28 ] %13 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 0 %14 = load i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)*, i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)** %13, align 8 %15 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 1 %16 = load i8*, i8** %15, align 8 %17 = tail call i32 %14(i8* %16, %struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1) #78 %18 = trunc i32 %17 to i8 switch i8 %18, label %33 [ i8 1, label %28 i8 0, label %19 i8 3, label %24 ] %25 = trunc i64 %12 to i32 %26 = tail call i32 bitcast (i32 (%struct.sk_buff.273360*, %struct.nf_hook_state*, i32, i32)* @nf_queue to i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, i32, i32)*)(%struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1, i32 %25, i32 %17) #78 Function:nf_queue %5 = alloca [6 x i8], align 2 %6 = lshr i32 %3, 16 %7 = getelementptr inbounds [6 x i8], [6 x i8]* %5, i64 0, i64 0 %8 = load volatile %struct.nf_queue_handler*, %struct.nf_queue_handler** @nf_queue_handler, align 8 %9 = icmp eq %struct.nf_queue_handler* %8, null br i1 %9, label %231, label %10 %11 = getelementptr inbounds %struct.nf_hook_state, %struct.nf_hook_state* %1, i64 0, i32 1 %12 = load i8, i8* %11, align 1 %13 = icmp eq i8 %12, 10 %14 = select i1 %13, i64 124, i64 88 %15 = icmp eq i8 %12, 2 %16 = select i1 %15, i64 104, i64 %14 %17 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 4, i32 0, i32 1 %18 = load void (%struct.sk_buff.273360*)*, void (%struct.sk_buff.273360*)** %17, align 8 %19 = icmp eq void (%struct.sk_buff.273360*)* %18, @sock_pfree br i1 %19, label %20, label %58 %21 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 1, i32 0 %22 = load %struct.sock.273622*, %struct.sock.273622** %21, align 8 %23 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 4 %24 = load volatile i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = shl nuw i32 1, %25 %27 = and i32 %26, -4161 %28 = icmp eq i32 %27, 0 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 13, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = and i64 %31, 8388608 %33 = icmp eq i64 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 19 %36 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %35, i64 0, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %49, label %39 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 %41, i32* %36, i32 %40) #6, !srcloc !4 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !5, !misexpect !6 %47 = extractvalue { i8, i32 } %42, 1 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %39 %50 = phi i32 [ 0, %34 ], [ %40, %39 ], [ 0, %46 ] %51 = add i32 %50, 1 %52 = or i32 %51, %50 %53 = icmp sgt i32 %52, -1 br i1 %53, label %55, label %54, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %35, i32 0) #78 br label %55 %56 = icmp eq i32 %50, 0 br i1 %56, label %230, label %57 br label %236 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.273360*, i32)*)(%struct.sk_buff.273360* %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __skb_tstamp_tx 1 __dev_queue_xmit 2 dev_queue_xmit 3 netlink_deliver_tap 4 netlink_sendskb 5 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #78 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #78 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #78 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 48 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #78 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #78 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 48 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.763154*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #78 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.763154* %0, %struct.net_device.763141* null) #78 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.763141*, %struct.net_device.763141** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 %26 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 1, i32 0 %27 = load %struct.sock.762871*, %struct.sock.762871** %26, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, %struct.sk_buff.756266*, %struct.anon.1*, %struct.sock.756300*, i32)* @__skb_tstamp_tx to void (%struct.sk_buff.763154*, %struct.sk_buff.763154*, %struct.anon.1*, %struct.sock.762871*, i32)*)(%struct.sk_buff.763154* %0, %struct.sk_buff.763154* null, %struct.anon.1* null, %struct.sock.762871* %27, i32 1) #78 Function:__skb_tstamp_tx %6 = icmp eq %struct.sock.756300* %3, null br i1 %6, label %164, label %7 %8 = icmp eq %struct.anon.1* %2, null %9 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 65 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, 16384 %12 = icmp eq i16 %11, 0 %13 = and i1 %8, %12 br i1 %13, label %14, label %25 %26 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 65 %27 = and i16 %10, 2048 %28 = icmp ne i16 %27, 0 %29 = load volatile i32, i32* @sysctl_tstamp_allow_data, align 4 %30 = icmp ne i32 %29, 0 %31 = or i1 %30, %28 br i1 %31, label %44, label %32, !prof !4, !misexpect !5 br i1 %28, label %45, label %65 %66 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #79 %67 = icmp eq %struct.sk_buff.756266* %66, null br i1 %67, label %164, label %100 %101 = phi %struct.sk_buff.756266* [ %62, %68 ], [ %66, %65 ] %102 = phi i8 [ %63, %68 ], [ 0, %65 ] br i1 %8, label %114, label %103 %115 = tail call i64 @ktime_get_with_offset(i32 0) #78 %116 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 2, i32 0 store i64 %115, i64* %116, align 8 br label %117 %118 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 0 %119 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i32* store i32 42, i32* %120, align 4 %121 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 28 store i8 4, i8* %121, align 4 %122 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 32 %123 = bitcast i8* %122 to i32* store i32 %4, i32* %123, align 4 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 44 store i8 %102, i8* %124, align 4 %125 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 0, i32 0, i32 2, i32 0 %126 = load %struct.net_device.756253*, %struct.net_device.756253** %125, align 8 %127 = icmp eq %struct.net_device.756253* %126, null br i1 %127, label %131, label %128 %129 = getelementptr inbounds %struct.net_device.756253, %struct.net_device.756253* %126, i64 0, i32 17 %130 = load i32, i32* %129, align 16 br label %131 %132 = phi i32 [ %130, %128 ], [ 0, %117 ] %133 = bitcast i8* %118 to i32* store i32 %132, i32* %133, align 4 %134 = load i16, i16* %26, align 8 %135 = trunc i16 %134 to i8 %136 = icmp sgt i8 %135, -1 br i1 %136, label %160, label %137 %138 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 40 %139 = load i8*, i8** %138, align 8 %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 39 %141 = load i32, i32* %140, align 4 %142 = zext i32 %141 to i64 %143 = getelementptr i8, i8* %139, i64 %142 %144 = getelementptr inbounds i8, i8* %143, i64 28 %145 = bitcast i8* %144 to i32* %146 = load i32, i32* %145, align 4 %147 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 36 %148 = bitcast i8* %147 to i32* store i32 %146, i32* %148, align 4 %149 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 48 %150 = load i16, i16* %149, align 4 %151 = icmp eq i16 %150, 6 br i1 %151, label %152, label %160 %153 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 47 %154 = load i16, i16* %153, align 2 %155 = icmp eq i16 %154, 1 br i1 %155, label %156, label %160 %157 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 68, i32 0 %158 = load volatile i32, i32* %157, align 4 %159 = sub i32 %146, %158 store i32 %159, i32* %148, align 4 br label %160 %161 = tail call i32 @sock_queue_err_skb(%struct.sock.756300* nonnull %3, %struct.sk_buff.756266* nonnull %101) #78 %162 = icmp eq i32 %161, 0 br i1 %162, label %164, label %163 tail call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %101, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_vlan_untag 1 __netif_receive_skb_core 2 __netif_receive_skb_list_core 3 __netif_receive_skb_list 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 %30 = icmp eq i8* %29, null br i1 %30, label %177, label %31, !prof !6, !misexpect !5 %178 = phi %struct.sk_buff.756266* [ null, %15 ], [ %18, %27 ], [ null, %14 ], [ null, %122 ], [ %18, %25 ] tail call void @kfree_skb_reason(%struct.sk_buff.756266* %178, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_vlan_untag 1 __netif_receive_skb_core 2 __netif_receive_skb_list_core 3 __netif_receive_skb_list 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 %30 = icmp eq i8* %29, null br i1 %30, label %177, label %31, !prof !6, !misexpect !5 %178 = phi %struct.sk_buff.756266* [ null, %15 ], [ %18, %27 ], [ null, %14 ], [ null, %122 ], [ %18, %25 ] tail call void @kfree_skb_reason(%struct.sk_buff.756266* %178, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 tcp_recvmsg 9 inet6_recvmsg 10 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 %131 = icmp eq i8* %130, null br i1 %131, label %146, label %132 tail call void @kfree_skb_reason(%struct.sk_buff.756266* %118, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 %131 = icmp eq i8* %130, null br i1 %131, label %146, label %132 tail call void @kfree_skb_reason(%struct.sk_buff.756266* %118, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 %131 = icmp eq i8* %130, null br i1 %131, label %146, label %132 tail call void @kfree_skb_reason(%struct.sk_buff.756266* %118, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 %131 = icmp eq i8* %130, null br i1 %131, label %146, label %132 tail call void @kfree_skb_reason(%struct.sk_buff.756266* %118, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 cn_rx_skb ------------- Path:  Function:cn_rx_skb %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %3 = load i32, i32* %2, align 8 %4 = icmp ugt i32 %3, 15 br i1 %4, label %5, label %87 %6 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.nlmsghdr** %8 = load %struct.nlmsghdr*, %struct.nlmsghdr** %7, align 8 %9 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 4 %11 = add i32 %10, -16 %12 = icmp slt i32 %11, 20 br i1 %12, label %87, label %13 %14 = icmp ult i32 %3, %10 %15 = icmp sgt i32 %11, 16384 %16 = or i1 %14, %15 br i1 %16, label %87, label %17 %18 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22, !prof !5, !misexpect !6 %23 = add i32 %20, 1 %24 = or i32 %23, %20 %25 = icmp sgt i32 %24, -1 br i1 %25, label %28, label %26, !prof !7, !misexpect !6 %27 = phi i32 [ 2, %17 ], [ 1, %22 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 %27) #78 br label %28 %29 = load %struct.nlmsghdr*, %struct.nlmsghdr** %7, align 8 %30 = getelementptr %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 1 %31 = bitcast %struct.nlmsghdr* %30 to %struct.cn_msg* %32 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 3 %33 = bitcast [48 x i8]* %32 to %struct.netlink_skb_parms* %34 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 0, i32 0 %35 = load i32, i32* %34, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 2 %38 = bitcast %struct.nlmsghdr* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = zext i16 %39 to i64 %41 = add nuw nsw i64 %40, 36 %42 = icmp ugt i64 %41, %36 br i1 %42, label %86, label %43 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 cn_rx_skb ------------- Path:  Function:cn_rx_skb %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %3 = load i32, i32* %2, align 8 %4 = icmp ugt i32 %3, 15 br i1 %4, label %5, label %87 %6 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.nlmsghdr** %8 = load %struct.nlmsghdr*, %struct.nlmsghdr** %7, align 8 %9 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 4 %11 = add i32 %10, -16 %12 = icmp slt i32 %11, 20 br i1 %12, label %87, label %13 %14 = icmp ult i32 %3, %10 %15 = icmp sgt i32 %11, 16384 %16 = or i1 %14, %15 br i1 %16, label %87, label %17 %18 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22, !prof !5, !misexpect !6 %23 = add i32 %20, 1 %24 = or i32 %23, %20 %25 = icmp sgt i32 %24, -1 br i1 %25, label %28, label %26, !prof !7, !misexpect !6 %27 = phi i32 [ 2, %17 ], [ 1, %22 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 %27) #78 br label %28 %29 = load %struct.nlmsghdr*, %struct.nlmsghdr** %7, align 8 %30 = getelementptr %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 1 %31 = bitcast %struct.nlmsghdr* %30 to %struct.cn_msg* %32 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 3 %33 = bitcast [48 x i8]* %32 to %struct.netlink_skb_parms* %34 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 0, i32 0 %35 = load i32, i32* %34, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 2 %38 = bitcast %struct.nlmsghdr* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = zext i16 %39 to i64 %41 = add nuw nsw i64 %40, 36 %42 = icmp ugt i64 %41, %36 br i1 %42, label %86, label %43 %44 = load %struct.cn_queue_dev*, %struct.cn_queue_dev** @cdev.4, align 8 %45 = getelementptr inbounds %struct.cn_queue_dev, %struct.cn_queue_dev* %44, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* %45) #78 %46 = load %struct.cn_queue_dev*, %struct.cn_queue_dev** @cdev.4, align 8 %47 = getelementptr inbounds %struct.cn_queue_dev, %struct.cn_queue_dev* %46, i64 0, i32 2, i32 0 %48 = bitcast %struct.list_head** %47 to %struct.cn_callback_entry** %49 = load %struct.cn_callback_entry*, %struct.cn_callback_entry** %48, align 8 %50 = getelementptr inbounds %struct.cn_callback_entry, %struct.cn_callback_entry* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.cn_queue_dev, %struct.cn_queue_dev* %46, i64 0, i32 2 %52 = icmp eq %struct.list_head* %50, %51 br i1 %52, label %78, label %53 %54 = bitcast %struct.nlmsghdr* %30 to %struct.util_est* br label %55 %56 = phi %struct.cn_callback_entry* [ %49, %53 ], [ %73, %71 ] %57 = getelementptr inbounds %struct.cn_callback_entry, %struct.cn_callback_entry* %56, i64 0, i32 3, i32 1 %58 = tail call i32 @cn_cb_equal(%struct.util_est* %57, %struct.util_est* %54) #78 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = bitcast %struct.cn_callback_entry* %56 to %struct.cn_callback_entry** %73 = load %struct.cn_callback_entry*, %struct.cn_callback_entry** %72, align 8 %74 = getelementptr inbounds %struct.cn_callback_entry, %struct.cn_callback_entry* %73, i64 0, i32 0 %75 = load %struct.cn_queue_dev*, %struct.cn_queue_dev** @cdev.4, align 8 %76 = getelementptr inbounds %struct.cn_queue_dev, %struct.cn_queue_dev* %75, i64 0, i32 2 %77 = icmp eq %struct.list_head* %74, %76 br i1 %77, label %78, label %55 %79 = phi %struct.cn_callback_entry* [ %56, %65 ], [ %56, %66 ], [ %56, %70 ], [ null, %43 ], [ null, %71 ] %80 = load %struct.cn_queue_dev*, %struct.cn_queue_dev** @cdev.4, align 8 %81 = getelementptr inbounds %struct.cn_queue_dev, %struct.cn_queue_dev* %80, i64 0, i32 3, i32 0, i32 0 tail call void @_raw_spin_unlock_bh(%struct.raw_spinlock* %81) #78 %82 = icmp eq %struct.cn_callback_entry* %79, null br i1 %82, label %86, label %83 %84 = getelementptr inbounds %struct.cn_callback_entry, %struct.cn_callback_entry* %79, i64 0, i32 4 %85 = load void (%struct.cn_msg*, %struct.netlink_skb_parms*)*, void (%struct.cn_msg*, %struct.netlink_skb_parms*)** %84, align 8 tail call void %85(%struct.cn_msg* %31, %struct.netlink_skb_parms* %33) #78 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 neigh_destroy 1 __neigh_event_send 2 __ip_do_redirect 3 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.836545*, %struct.sk_buff.836958*)*)(%struct.neighbour.836545* %181, %struct.sk_buff.836958* null) #78 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #78 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %14 = and i32 %6, 5 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %77 %78 = and i32 %6, 4 %79 = icmp eq i32 %78, 0 br i1 %79, label %126, label %80 %81 = and i8 %5, 27 %82 = icmp eq i8 %81, 0 br i1 %82, label %98, label %83 %84 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 9 %85 = tail call i32 @del_timer(%struct.timer_list* %84) #78 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %87 %88 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 6 %89 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %88, i64 0, i32 0, i32 0 %90 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %89, i32 -1, i32* %89) #6, !srcloc !4 %91 = icmp eq i32 %90, 1 br i1 %91, label %97, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @neigh_destroy(%struct.neighbour* %0) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 neigh_destroy 1 __neigh_update 2 neigh_update 3 ndisc_update 4 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.903079, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.903079* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %58 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.902571*, %struct.inet6_dev.902571** %58, align 16 %60 = icmp eq %struct.inet6_dev.902571* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.905443*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.902651*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.902651* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #78 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %79 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %102 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.902525** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %109 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.902548*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %122 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121) #78 %123 = icmp eq %struct.neighbour.902458* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121, i1 zeroext true) #78 %126 = icmp ugt %struct.neighbour.902458* %125, inttoptr (i64 -4096 to %struct.neighbour.902458*) %127 = icmp eq %struct.neighbour.902458* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.902458* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.905443*, %struct.neighbour.904925*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.902651*, %struct.neighbour.902458*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.902651* %131, %struct.neighbour.902458* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #78 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.904925*, i8*, i8, i32, i32)*)(%struct.neighbour.904925* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #78 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #78 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 %35 = icmp sgt i32 %3, -1 %36 = xor i1 %35, true %37 = icmp ult i8 %26, 64 %38 = or i1 %37, %36 br i1 %38, label %39, label %398 br i1 %35, label %53, label %40 %54 = phi i32 [ 0, %39 ], [ 0, %40 ], [ 1, %48 ] %55 = phi i1 [ false, %39 ], [ false, %40 ], [ true, %48 ] %56 = and i32 %3, 268435456 %57 = icmp eq i32 %56, 0 br i1 %57, label %60, label %58 %61 = zext i8 %2 to i32 %62 = and i32 %61, 222 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %102 %103 = getelementptr inbounds %struct.net_device, %struct.net_device* %24, i64 0, i32 51 %104 = load i8, i8* %103, align 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %108 %109 = icmp eq i8* %1, null %110 = and i8 %26, -34 %111 = icmp eq i8 %110, 0 br i1 %109, label %119, label %112 br i1 %111, label %126, label %113 %114 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %115 = zext i8 %104 to i64 %116 = tail call i32 @bcmp(i8* nonnull %1, i8* %114, i64 %115) %117 = icmp eq i32 %116, 0 %118 = select i1 %117, i8* %114, i8* %1 br label %126 %127 = phi i8* [ %1, %112 ], [ %125, %124 ], [ %107, %106 ], [ %118, %113 ] %128 = and i32 %61, 194 %129 = icmp eq i32 %128, 0 br i1 %129, label %133, label %130 %134 = and i32 %3, 4 %135 = zext i8 %26 to i32 %136 = and i32 %135, 222 %137 = icmp eq i32 %136, 0 br i1 %137, label %156, label %138 %139 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %140 = icmp ne i8* %127, %139 %141 = and i32 %3, 1 %142 = icmp eq i32 %141, 0 %143 = and i1 %142, %140 br i1 %143, label %144, label %150 %151 = icmp eq i8* %127, %139 %152 = icmp eq i8 %2, 4 %153 = and i1 %152, %151 %154 = and i1 %35, %153 %155 = select i1 %154, i8 %26, i8 %2 br label %156 %157 = phi i8 [ %2, %133 ], [ 4, %144 ], [ %155, %150 ] %158 = phi i8* [ %127, %133 ], [ %139, %144 ], [ %127, %150 ] %159 = phi i32 [ %134, %133 ], [ 0, %144 ], [ %134, %150 ] %160 = zext i8 %157 to i32 %161 = icmp eq i8 %157, %26 %162 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %163 = icmp eq i8* %158, %162 %164 = and i1 %161, %163 br i1 %164, label %168, label %165 br i1 %161, label %227, label %169 %228 = phi i32 [ %54, %168 ], [ 1, %226 ] br i1 %163, label %274, label %229 %230 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %230) #78 %231 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 0, i32 0, i32 0 %232 = load i32, i32* %231, align 4 %233 = add i32 %232, 1 store i32 %233, i32* %231, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %234 = load i8, i8* %103, align 1 %235 = zext i8 %234 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %236 = load i32, i32* %231, align 4 %237 = add i32 %236, 1 store i32 %237, i32* %231, align 4 %238 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %239 = bitcast %struct.spinlock* %238 to i8* store volatile i8 0, i8* %239, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %240 = load %struct.net_device*, %struct.net_device** %23, align 8 %241 = getelementptr inbounds %struct.net_device, %struct.net_device* %240, i64 0, i32 44 %242 = load %struct.header_ops*, %struct.header_ops** %241, align 16 %243 = icmp eq %struct.header_ops* %242, null br i1 %243, label %261, label %244 %262 = and i32 %160, 194 %263 = icmp eq i32 %262, 0 br i1 %263, label %264, label %274 %265 = load volatile i64, i64* @jiffies, align 64 %266 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %267 = load %struct.neigh_parms*, %struct.neigh_parms** %266, align 8 %268 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %267, i64 0, i32 10, i64 5 %269 = load i32, i32* %268, align 4 %270 = shl i32 %269, 1 %271 = sext i32 %270 to i64 %272 = sub i64 %265, %271 %273 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 3 store i64 %272, i64* %273, align 8 br label %274 %275 = phi i32 [ %228, %227 ], [ 1, %261 ], [ 1, %264 ] br i1 %161, label %385, label %276 %277 = and i32 %160, 194 %278 = icmp eq i32 %277, 0 %279 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 22 %280 = load %struct.neigh_ops*, %struct.neigh_ops** %279, align 8 %281 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %280, i64 0, i32 3 %282 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %280, i64 0, i32 4 %283 = select i1 %278, i32 (%struct.neighbour*, %struct.sk_buff*)** %281, i32 (%struct.neighbour*, %struct.sk_buff*)** %282 %284 = bitcast i32 (%struct.neighbour*, %struct.sk_buff*)** %283 to i64* %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 21 %287 = bitcast i32 (%struct.neighbour*, %struct.sk_buff*)** %286 to i64* store i64 %285, i64* %287, align 8 br i1 %137, label %288, label %385 %289 = load i8, i8* %25, align 1 %290 = and i8 %289, -34 %291 = icmp eq i8 %290, 0 br i1 %291, label %358, label %292 %293 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %294 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %293, i64 0, i32 0 %295 = bitcast %struct.sk_buff_head* %293 to %struct.sk_buff* %296 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %297 %298 = load %struct.sk_buff*, %struct.sk_buff** %294, align 8 %299 = icmp eq %struct.sk_buff* %298, %295 %300 = icmp eq %struct.sk_buff* %298, null %301 = or i1 %299, %300 br i1 %301, label %358, label %302 %303 = load i32, i32* %296, align 8 %304 = add i32 %303, -1 store volatile i32 %304, i32* %296, align 8 %305 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 0, i32 0, i32 0 %306 = load %struct.sk_buff*, %struct.sk_buff** %305, align 8 %307 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 0, i32 0, i32 1 %308 = load %struct.sk_buff*, %struct.sk_buff** %307, align 8 %309 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %306, i64 0, i32 0, i32 0, i32 1 %310 = bitcast %struct.sk_buff* %298 to i8* store volatile %struct.sk_buff* %308, %struct.sk_buff** %309, align 8 %311 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %308, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %306, %struct.sk_buff** %311, align 8 %312 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 4, i32 0, i32 0 %313 = load i64, i64* %312, align 8 %314 = and i64 %313, -2 %315 = inttoptr i64 %314 to %struct.dst_entry* tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %22) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %316 = icmp eq i64 %314, 0 br i1 %316, label %336, label %317 %318 = getelementptr inbounds %struct.dst_entry, %struct.dst_entry* %315, i64 0, i32 8 %319 = load i16, i16* %318, align 2 %320 = icmp eq i16 %319, 2 br i1 %320, label %336, label %321 %322 = getelementptr inbounds %struct.dst_entry, %struct.dst_entry* %315, i64 0, i32 1 %323 = load %struct.dst_ops*, %struct.dst_ops** %322, align 8 %324 = getelementptr inbounds %struct.dst_ops, %struct.dst_ops* %323, i64 0, i32 14 %325 = load %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)*, %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)** %324, align 8 %326 = icmp eq %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)* %325, null br i1 %326, label %327, label %328, !prof !14, !misexpect !11 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.16.63751, i64 0, i64 0), i32 409, i32 2307, i64 12) #6, !srcloc !20 br label %332 %333 = phi %struct.neighbour* [ %331, %328 ], [ null, %327 ] %334 = icmp eq %struct.neighbour* %333, null %335 = select i1 %334, %struct.neighbour* %0, %struct.neighbour* %333 br label %336 %337 = phi %struct.neighbour* [ null, %317 ], [ null, %302 ], [ %333, %332 ] %338 = phi %struct.neighbour* [ %0, %317 ], [ %0, %302 ], [ %335, %332 ] %339 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %338, i64 0, i32 21 %340 = load i32 (%struct.neighbour*, %struct.sk_buff*)*, i32 (%struct.neighbour*, %struct.sk_buff*)** %339, align 8 %341 = tail call i32 %340(%struct.neighbour* %338, %struct.sk_buff* nonnull %298) #78 %342 = icmp eq %struct.neighbour* %337, null br i1 %342, label %354, label %343 %344 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %337, i64 0, i32 6 %345 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %344, i64 0, i32 0, i32 0 %346 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %345, i32 -1, i32* %345) #6, !srcloc !9 %347 = icmp eq i32 %346, 1 br i1 %347, label %353, label %348 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @neigh_destroy(%struct.neighbour* nonnull %337) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 neigh_destroy 1 ___neigh_create 2 __neigh_create 3 ip6_neigh_lookup 4 ip6_dst_neigh_lookup ------------- Path:  Function:ip6_dst_neigh_lookup %4 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %5 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %6 = bitcast %struct.lwtunnel_state.902525** %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 2 %9 = icmp eq i32 %8, 0 %10 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %4, i64 0, i32 5 %11 = and i32 %7, 16777216 %12 = icmp eq i32 %11, 0 %13 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %4, i64 0, i32 3, i32 0 %14 = select i1 %12, %struct.in6_addr* bitcast ({ { [16 x i8] } }* @in6addr_any to %struct.in6_addr*), %struct.in6_addr* %13 %15 = select i1 %9, %struct.in6_addr* %14, %struct.in6_addr* %10 %16 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 0 %17 = load %struct.net_device.902651*, %struct.net_device.902651** %16, align 8 %18 = tail call %struct.neighbour.902458* @ip6_neigh_lookup(%struct.in6_addr* %15, %struct.net_device.902651* %17, %struct.sk_buff.902664* %1, i8* %2) #78 Function:ip6_neigh_lookup %5 = bitcast %struct.in6_addr* %0 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.in6_addr, %struct.in6_addr* %0, i64 0, i32 0, i32 0, i64 2 %8 = bitcast i32* %7 to i64* %9 = load i64, i64* %8, align 8 %10 = or i64 %9, %6 %11 = icmp eq i64 %10, 0 br i1 %11, label %14, label %12 %13 = bitcast %struct.in6_addr* %0 to i8* br label %24 %25 = phi i8* [ %23, %16 ], [ %13, %12 ], [ %3, %14 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = load volatile %struct.neigh_hash_table.902453*, %struct.neigh_hash_table.902453** getelementptr inbounds (%struct.neigh_table.902454, %struct.neigh_table.902454* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i64 0, i32 29), align 8 %27 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 0 %28 = bitcast i8* %25 to i32* %29 = load i32, i32* %28, align 4 %30 = ptrtoint %struct.net_device.902651* %1 to i64 %31 = lshr i64 %30, 32 %32 = xor i64 %31, %30 %33 = trunc i64 %32 to i32 %34 = xor i32 %29, %33 %35 = load i32, i32* %27, align 4 %36 = mul i32 %34, %35 %37 = getelementptr i8, i8* %25, i64 4 %38 = bitcast i8* %37 to i32* %39 = load i32, i32* %38, align 4 %40 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 1 %41 = load i32, i32* %40, align 4 %42 = mul i32 %41, %39 %43 = add i32 %42, %36 %44 = getelementptr i8, i8* %25, i64 8 %45 = bitcast i8* %44 to i32* %46 = load i32, i32* %45, align 4 %47 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 2 %48 = load i32, i32* %47, align 4 %49 = mul i32 %48, %46 %50 = add i32 %43, %49 %51 = getelementptr i8, i8* %25, i64 12 %52 = bitcast i8* %51 to i32* %53 = load i32, i32* %52, align 4 %54 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 3 %55 = load i32, i32* %54, align 4 %56 = mul i32 %55, %53 %57 = add i32 %50, %56 %58 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 1 %59 = load i32, i32* %58, align 8 %60 = sub i32 32, %59 %61 = lshr i32 %57, %60 %62 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 0 %63 = load %struct.neighbour.902458**, %struct.neighbour.902458*** %62, align 8 %64 = zext i32 %61 to i64 %65 = getelementptr %struct.neighbour.902458*, %struct.neighbour.902458** %63, i64 %64 %66 = load volatile %struct.neighbour.902458*, %struct.neighbour.902458** %65, align 8 %67 = icmp eq %struct.neighbour.902458* %66, null br i1 %67, label %121, label %68 %69 = phi %struct.neighbour.902458* [ %96, %94 ], [ %66, %24 ] %70 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 25 %71 = load %struct.net_device.902651*, %struct.net_device.902651** %70, align 8 %72 = icmp eq %struct.net_device.902651* %71, %1 br i1 %72, label %73, label %94 %74 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 0 %75 = bitcast i8* %74 to i32* %76 = load i32, i32* %75, align 4 %77 = xor i32 %76, %29 %78 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 4 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 4 %81 = xor i32 %80, %39 %82 = or i32 %81, %77 %83 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 8 %84 = bitcast i8* %83 to i32* %85 = load i32, i32* %84, align 4 %86 = xor i32 %85, %46 %87 = or i32 %82, %86 %88 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 12 %89 = bitcast i8* %88 to i32* %90 = load i32, i32* %89, align 4 %91 = xor i32 %90, %53 %92 = or i32 %87, %91 %93 = icmp eq i32 %92, 0 br i1 %93, label %98, label %94 %95 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 0 %96 = load volatile %struct.neighbour.902458*, %struct.neighbour.902458** %95, align 8 %97 = icmp eq %struct.neighbour.902458* %96, null br i1 %97, label %121, label %68 tail call fastcc void @local_bh_enable.67548() #78 br label %124 %125 = tail call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %25, %struct.net_device.902651* %1, i1 zeroext true) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) %331 = icmp eq i32 %330, 0 br i1 %331, label %332, label %344 br i1 %5, label %333, label %382 %334 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 6 %335 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %334, i64 0, i32 0, i32 0 %336 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %335, i32 1, i32* %335) #6, !srcloc !9 %337 = icmp eq i32 %336, 0 br i1 %337, label %338, label %339, !prof !10, !misexpect !11 %340 = add i32 %336, 1 %341 = or i32 %340, %336 %342 = icmp sgt i32 %341, -1 br i1 %342, label %382, label %343, !prof !12, !misexpect !11 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %334, i32 1) #78 br label %382 %383 = phi %struct.neighbour* [ %324, %332 ], [ inttoptr (i64 -22 to %struct.neighbour*), %302 ], [ %324, %338 ], [ %324, %339 ], [ %324, %343 ] tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %243) #78 br label %384 %385 = phi %struct.neighbour* [ %207, %205 ], [ %219, %217 ], [ %233, %231 ], [ %383, %382 ] br i1 %4, label %388, label %386 %387 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 24, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %387, i32* %387) #6, !srcloc !15 br label %388 %389 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 6 %390 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %389, i64 0, i32 0, i32 0 %391 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %390, i32 -1, i32* %390) #6, !srcloc !28 %392 = icmp eq i32 %391, 1 br i1 %392, label %398, label %393 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !29 tail call void @neigh_destroy(%struct.neighbour* nonnull %173) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 neigh_destroy 1 ___neigh_create 2 __neigh_create 3 ipv4_neigh_lookup ------------- Path:  Function:ipv4_neigh_lookup %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %7 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 0, i32 0 %8 = load %struct.net_device.837070*, %struct.net_device.837070** %7, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 1, i32 2 %10 = bitcast i64* %9 to i8* %11 = load i8, i8* %10, align 8 switch i8 %11, label %138 [ i8 2, label %12 i8 10, label %58 ], !prof !6 %13 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %6, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %14 = load i32, i32* %13, align 4 %15 = bitcast i32* %5 to i8* store i32 %14, i32* %5, align 4 %16 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %8, i64 0, i32 14 %17 = load i32, i32* %16, align 64 %18 = and i32 %17, 24 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 %14, i32 0 %21 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %22 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 2, i64 0 %23 = ptrtoint %struct.net_device.837070* %8 to i64 %24 = lshr i64 %23, 32 %25 = xor i64 %24, %23 %26 = trunc i64 %25 to i32 %27 = xor i32 %20, %26 %28 = load i32, i32* %22, align 4 %29 = mul i32 %27, %28 %30 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = sub i32 32, %31 %33 = lshr i32 %29, %32 %34 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 0 %35 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %34, align 8 %36 = zext i32 %33 to i64 %37 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %35, i64 %36 %38 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %37, align 8 %39 = icmp eq %struct.neighbour.836545* %38, null br i1 %39, label %54, label %40 %41 = phi %struct.neighbour.836545* [ %52, %50 ], [ %38, %12 ] %42 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 25 %43 = load %struct.net_device.837070*, %struct.net_device.837070** %42, align 8 %44 = icmp eq %struct.net_device.837070* %43, %8 br i1 %44, label %45, label %50 %46 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 26, i64 0 %47 = bitcast i8* %46 to i32* %48 = load i32, i32* %47, align 8 %49 = icmp eq i32 %48, %20 br i1 %49, label %56, label %50 %51 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 0 %52 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %51, align 8 %53 = icmp eq %struct.neighbour.836545* %52, null br i1 %53, label %54, label %40 %55 = call %struct.neighbour.836545* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.836545* (%struct.neigh_table.836542*, i8*, %struct.net_device.837070*, i1)*)(%struct.neigh_table.836542* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i8* nonnull %15, %struct.net_device.837070* %8, i1 zeroext false) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) %331 = icmp eq i32 %330, 0 br i1 %331, label %332, label %344 br i1 %5, label %333, label %382 %334 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 6 %335 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %334, i64 0, i32 0, i32 0 %336 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %335, i32 1, i32* %335) #6, !srcloc !9 %337 = icmp eq i32 %336, 0 br i1 %337, label %338, label %339, !prof !10, !misexpect !11 %340 = add i32 %336, 1 %341 = or i32 %340, %336 %342 = icmp sgt i32 %341, -1 br i1 %342, label %382, label %343, !prof !12, !misexpect !11 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %334, i32 1) #78 br label %382 %383 = phi %struct.neighbour* [ %324, %332 ], [ inttoptr (i64 -22 to %struct.neighbour*), %302 ], [ %324, %338 ], [ %324, %339 ], [ %324, %343 ] tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %243) #78 br label %384 %385 = phi %struct.neighbour* [ %207, %205 ], [ %219, %217 ], [ %233, %231 ], [ %383, %382 ] br i1 %4, label %388, label %386 %387 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 24, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %387, i32* %387) #6, !srcloc !15 br label %388 %389 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 6 %390 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %389, i64 0, i32 0, i32 0 %391 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %390, i32 -1, i32* %390) #6, !srcloc !28 %392 = icmp eq i32 %391, 1 br i1 %392, label %398, label %393 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !29 tail call void @neigh_destroy(%struct.neighbour* nonnull %173) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 neigh_destroy 1 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %481, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.868117*, i32)*)(%struct.sk_buff.868117* %0, i32 %33) #78 %35 = icmp eq i8* %34, null br i1 %35, label %481, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %481 [ i16 8, label %40 i16 -8826, label %53 ] %54 = load i8*, i8** %11, align 8 %55 = load i16, i16* %13, align 4 %56 = zext i16 %55 to i64 %57 = getelementptr i8, i8* %54, i64 %56 %58 = bitcast i8* %57 to %struct.ipv6hdr* %59 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2361 %60 = load i8, i8* %59, align 1 %61 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2366 %62 = bitcast i8* %61 to i16* %63 = load i16, i16* %62, align 2 %64 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2372 %65 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2376 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %69 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 0, i64 2388 %70 = bitcast i8* %69 to i32* %71 = load i32, i32* %70, align 4 %72 = icmp eq i8 %60, 1 br i1 %72, label %73, label %79 %74 = bitcast i8* %57 to i16* %75 = load i16, i16* %74, align 2 %77 = lshr i16 %76, 4 %78 = trunc i16 %77 to i8 br label %79 %80 = phi i8 [ %78, %73 ], [ %60, %53 ] %81 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %1, i64 0, i32 15 %82 = load i32, i32* %81, align 4 %83 = and i32 %82, 8 %84 = icmp eq i32 %83, 0 br i1 %84, label %130, label %85 %86 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 4, i32 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = and i64 %87, -2 %89 = inttoptr i64 %88 to %struct.dst_entry.867883* %90 = icmp eq i64 %88, 0 br i1 %90, label %477, label %91 %92 = getelementptr inbounds i8, i8* %57, i64 24 %93 = getelementptr inbounds %struct.dst_entry.867883, %struct.dst_entry.867883* %89, i64 0, i32 1 %94 = load %struct.dst_ops.867865*, %struct.dst_ops.867865** %93, align 8 %95 = getelementptr inbounds %struct.dst_ops.867865, %struct.dst_ops.867865* %94, i64 0, i32 14 %96 = load %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)*, %struct.neighbour.867864* (%struct.dst_entry.867883*, %struct.sk_buff.868117*, i8*)** %95, align 8 %97 = tail call %struct.neighbour.867864* %96(%struct.dst_entry.867883* nonnull %89, %struct.sk_buff.868117* null, i8* %92) #78 %98 = icmp ugt %struct.neighbour.867864* %97, inttoptr (i64 -4096 to %struct.neighbour.867864*) %99 = icmp eq %struct.neighbour.867864* %97, null %100 = or i1 %98, %99 br i1 %100, label %477, label %101 %102 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %97, i64 0, i32 26 %103 = bitcast [0 x i8]* %102 to %struct.in6_addr* %104 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %103) #78 %105 = and i32 %104, 1 %106 = icmp eq i32 %105, 0 br i1 %106, label %116, label %107 %108 = getelementptr %struct.in6_addr, %struct.in6_addr* %103, i64 0, i32 0, i32 0, i64 2 %109 = load i32, i32* %108, align 4 %110 = and i32 %109, -3 %111 = icmp eq i32 %110, -27394048 br i1 %111, label %112, label %116 %113 = bitcast [0 x i8]* %102 to [4 x i32]* %114 = getelementptr [4 x i32], [4 x i32]* %113, i64 0, i64 3 %115 = load i32, i32* %114, align 4 br label %116 %117 = phi i32 [ %115, %112 ], [ %67, %101 ], [ %67, %107 ] %118 = phi i1 [ false, %112 ], [ true, %101 ], [ true, %107 ] %119 = getelementptr inbounds %struct.neighbour.867864, %struct.neighbour.867864* %97, i64 0, i32 6 %120 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %119, i64 0, i32 0, i32 0 %121 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32 -1, i32* %120) #6, !srcloc !8 %122 = icmp eq i32 %121, 1 br i1 %122, label %128, label %123 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.867864*)*)(%struct.neighbour.867864* nonnull %97) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 neigh_destroy 1 fib_detect_death 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 neigh_destroy 1 fib_detect_death 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 neigh_destroy 1 fib_detect_death 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 neigh_destroy 1 fib_detect_death 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 __neigh_update 1 neigh_update 2 ndisc_update 3 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.903079, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.903079* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %58 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.902571*, %struct.inet6_dev.902571** %58, align 16 %60 = icmp eq %struct.inet6_dev.902571* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.905443*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.902651*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.902651* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #78 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %79 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %102 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.902525** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %109 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.902548*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %122 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121) #78 %123 = icmp eq %struct.neighbour.902458* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121, i1 zeroext true) #78 %126 = icmp ugt %struct.neighbour.902458* %125, inttoptr (i64 -4096 to %struct.neighbour.902458*) %127 = icmp eq %struct.neighbour.902458* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.902458* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.905443*, %struct.neighbour.904925*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.902651*, %struct.neighbour.902458*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.902651* %131, %struct.neighbour.902458* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #78 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.904925*, i8*, i8, i32, i32)*)(%struct.neighbour.904925* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #78 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #78 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 %35 = icmp sgt i32 %3, -1 %36 = xor i1 %35, true %37 = icmp ult i8 %26, 64 %38 = or i1 %37, %36 br i1 %38, label %39, label %398 br i1 %35, label %53, label %40 %54 = phi i32 [ 0, %39 ], [ 0, %40 ], [ 1, %48 ] %55 = phi i1 [ false, %39 ], [ false, %40 ], [ true, %48 ] %56 = and i32 %3, 268435456 %57 = icmp eq i32 %56, 0 br i1 %57, label %60, label %58 %61 = zext i8 %2 to i32 %62 = and i32 %61, 222 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %102 %103 = getelementptr inbounds %struct.net_device, %struct.net_device* %24, i64 0, i32 51 %104 = load i8, i8* %103, align 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %108 %109 = icmp eq i8* %1, null %110 = and i8 %26, -34 %111 = icmp eq i8 %110, 0 br i1 %109, label %119, label %112 br i1 %111, label %126, label %113 %114 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %115 = zext i8 %104 to i64 %116 = tail call i32 @bcmp(i8* nonnull %1, i8* %114, i64 %115) %117 = icmp eq i32 %116, 0 %118 = select i1 %117, i8* %114, i8* %1 br label %126 %127 = phi i8* [ %1, %112 ], [ %125, %124 ], [ %107, %106 ], [ %118, %113 ] %128 = and i32 %61, 194 %129 = icmp eq i32 %128, 0 br i1 %129, label %133, label %130 %134 = and i32 %3, 4 %135 = zext i8 %26 to i32 %136 = and i32 %135, 222 %137 = icmp eq i32 %136, 0 br i1 %137, label %156, label %138 %139 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %140 = icmp ne i8* %127, %139 %141 = and i32 %3, 1 %142 = icmp eq i32 %141, 0 %143 = and i1 %142, %140 br i1 %143, label %144, label %150 %151 = icmp eq i8* %127, %139 %152 = icmp eq i8 %2, 4 %153 = and i1 %152, %151 %154 = and i1 %35, %153 %155 = select i1 %154, i8 %26, i8 %2 br label %156 %157 = phi i8 [ %2, %133 ], [ 4, %144 ], [ %155, %150 ] %158 = phi i8* [ %127, %133 ], [ %139, %144 ], [ %127, %150 ] %159 = phi i32 [ %134, %133 ], [ 0, %144 ], [ %134, %150 ] %160 = zext i8 %157 to i32 %161 = icmp eq i8 %157, %26 %162 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %163 = icmp eq i8* %158, %162 %164 = and i1 %161, %163 br i1 %164, label %168, label %165 br i1 %161, label %227, label %169 %228 = phi i32 [ %54, %168 ], [ 1, %226 ] br i1 %163, label %274, label %229 %230 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %230) #78 %231 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 0, i32 0, i32 0 %232 = load i32, i32* %231, align 4 %233 = add i32 %232, 1 store i32 %233, i32* %231, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %234 = load i8, i8* %103, align 1 %235 = zext i8 %234 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %236 = load i32, i32* %231, align 4 %237 = add i32 %236, 1 store i32 %237, i32* %231, align 4 %238 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %239 = bitcast %struct.spinlock* %238 to i8* store volatile i8 0, i8* %239, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %240 = load %struct.net_device*, %struct.net_device** %23, align 8 %241 = getelementptr inbounds %struct.net_device, %struct.net_device* %240, i64 0, i32 44 %242 = load %struct.header_ops*, %struct.header_ops** %241, align 16 %243 = icmp eq %struct.header_ops* %242, null br i1 %243, label %261, label %244 %262 = and i32 %160, 194 %263 = icmp eq i32 %262, 0 br i1 %263, label %264, label %274 %265 = load volatile i64, i64* @jiffies, align 64 %266 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %267 = load %struct.neigh_parms*, %struct.neigh_parms** %266, align 8 %268 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %267, i64 0, i32 10, i64 5 %269 = load i32, i32* %268, align 4 %270 = shl i32 %269, 1 %271 = sext i32 %270 to i64 %272 = sub i64 %265, %271 %273 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 3 store i64 %272, i64* %273, align 8 br label %274 %275 = phi i32 [ %228, %227 ], [ 1, %261 ], [ 1, %264 ] br i1 %161, label %385, label %276 %277 = and i32 %160, 194 %278 = icmp eq i32 %277, 0 %279 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 22 %280 = load %struct.neigh_ops*, %struct.neigh_ops** %279, align 8 %281 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %280, i64 0, i32 3 %282 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %280, i64 0, i32 4 %283 = select i1 %278, i32 (%struct.neighbour*, %struct.sk_buff*)** %281, i32 (%struct.neighbour*, %struct.sk_buff*)** %282 %284 = bitcast i32 (%struct.neighbour*, %struct.sk_buff*)** %283 to i64* %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 21 %287 = bitcast i32 (%struct.neighbour*, %struct.sk_buff*)** %286 to i64* store i64 %285, i64* %287, align 8 br i1 %137, label %288, label %385 %289 = load i8, i8* %25, align 1 %290 = and i8 %289, -34 %291 = icmp eq i8 %290, 0 br i1 %291, label %358, label %292 %293 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %294 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %293, i64 0, i32 0 %295 = bitcast %struct.sk_buff_head* %293 to %struct.sk_buff* %296 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %297 %298 = load %struct.sk_buff*, %struct.sk_buff** %294, align 8 %299 = icmp eq %struct.sk_buff* %298, %295 %300 = icmp eq %struct.sk_buff* %298, null %301 = or i1 %299, %300 br i1 %301, label %358, label %302 %303 = load i32, i32* %296, align 8 %304 = add i32 %303, -1 store volatile i32 %304, i32* %296, align 8 %305 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 0, i32 0, i32 0 %306 = load %struct.sk_buff*, %struct.sk_buff** %305, align 8 %307 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 0, i32 0, i32 1 %308 = load %struct.sk_buff*, %struct.sk_buff** %307, align 8 %309 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %306, i64 0, i32 0, i32 0, i32 1 %310 = bitcast %struct.sk_buff* %298 to i8* store volatile %struct.sk_buff* %308, %struct.sk_buff** %309, align 8 %311 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %308, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %306, %struct.sk_buff** %311, align 8 %312 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 4, i32 0, i32 0 %313 = load i64, i64* %312, align 8 %314 = and i64 %313, -2 %315 = inttoptr i64 %314 to %struct.dst_entry* tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %22) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %316 = icmp eq i64 %314, 0 br i1 %316, label %336, label %317 %318 = getelementptr inbounds %struct.dst_entry, %struct.dst_entry* %315, i64 0, i32 8 %319 = load i16, i16* %318, align 2 %320 = icmp eq i16 %319, 2 br i1 %320, label %336, label %321 %322 = getelementptr inbounds %struct.dst_entry, %struct.dst_entry* %315, i64 0, i32 1 %323 = load %struct.dst_ops*, %struct.dst_ops** %322, align 8 %324 = getelementptr inbounds %struct.dst_ops, %struct.dst_ops* %323, i64 0, i32 14 %325 = load %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)*, %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)** %324, align 8 %326 = icmp eq %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)* %325, null br i1 %326, label %327, label %328, !prof !14, !misexpect !11 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.16.63751, i64 0, i64 0), i32 409, i32 2307, i64 12) #6, !srcloc !20 br label %332 %333 = phi %struct.neighbour* [ %331, %328 ], [ null, %327 ] %334 = icmp eq %struct.neighbour* %333, null %335 = select i1 %334, %struct.neighbour* %0, %struct.neighbour* %333 br label %336 %337 = phi %struct.neighbour* [ null, %317 ], [ null, %302 ], [ %333, %332 ] %338 = phi %struct.neighbour* [ %0, %317 ], [ %0, %302 ], [ %335, %332 ] %339 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %338, i64 0, i32 21 %340 = load i32 (%struct.neighbour*, %struct.sk_buff*)*, i32 (%struct.neighbour*, %struct.sk_buff*)** %339, align 8 %341 = tail call i32 %340(%struct.neighbour* %338, %struct.sk_buff* nonnull %298) #78 %342 = icmp eq %struct.neighbour* %337, null br i1 %342, label %354, label %343 %344 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %337, i64 0, i32 6 %345 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %344, i64 0, i32 0, i32 0 %346 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %345, i32 -1, i32* %345) #6, !srcloc !9 %347 = icmp eq i32 %346, 1 br i1 %347, label %353, label %348 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @neigh_destroy(%struct.neighbour* nonnull %337) #78 br label %354 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void @rcu_read_unlock_strict() #78 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %355 = load i8, i8* %25, align 1 %356 = and i8 %355, -34 %357 = icmp eq i8 %356, 0 br i1 %357, label %358, label %297 %359 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %360 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %359, i64 0, i32 0 %361 = load %struct.sk_buff*, %struct.sk_buff** %360, align 8 %362 = bitcast %struct.sk_buff_head* %359 to %struct.sk_buff* %363 = icmp eq %struct.sk_buff* %361, %362 %364 = icmp eq %struct.sk_buff* %361, null %365 = or i1 %363, %364 br i1 %365, label %383, label %366 %367 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %368 %369 = phi %struct.sk_buff* [ %361, %366 ], [ %379, %368 ] %370 = load i32, i32* %367, align 8 %371 = add i32 %370, -1 store volatile i32 %371, i32* %367, align 8 %372 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 0 %373 = load %struct.sk_buff*, %struct.sk_buff** %372, align 8 %374 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 1 %375 = load %struct.sk_buff*, %struct.sk_buff** %374, align 8 %376 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %373, i64 0, i32 0, i32 0, i32 1 %377 = bitcast %struct.sk_buff* %369 to i8* store volatile %struct.sk_buff* %375, %struct.sk_buff** %376, align 8 %378 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %375, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %373, %struct.sk_buff** %378, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %369, i32 0) #78 %369 = phi %struct.sk_buff* [ %361, %366 ], [ %379, %368 ] %370 = load i32, i32* %367, align 8 %371 = add i32 %370, -1 store volatile i32 %371, i32* %367, align 8 %372 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 0 %373 = load %struct.sk_buff*, %struct.sk_buff** %372, align 8 %374 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 1 %375 = load %struct.sk_buff*, %struct.sk_buff** %374, align 8 %376 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %373, i64 0, i32 0, i32 0, i32 1 %377 = bitcast %struct.sk_buff* %369 to i8* store volatile %struct.sk_buff* %375, %struct.sk_buff** %376, align 8 %378 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %375, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %373, %struct.sk_buff** %378, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %369, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __neigh_event_send 1 __ip_do_redirect 2 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.836545*, %struct.sk_buff.836958*)*)(%struct.neighbour.836545* %181, %struct.sk_buff.836958* null) #78 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #78 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %14 = and i32 %6, 5 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %77 %17 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %18 = load %struct.neigh_parms*, %struct.neigh_parms** %17, align 8 %19 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %18, i64 0, i32 10, i64 0 %20 = load i32, i32* %19, align 4 %21 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %18, i64 0, i32 10, i64 2 %22 = load i32, i32* %21, align 4 %23 = sub i32 0, %22 %24 = icmp eq i32 %20, %23 br i1 %24, label %74, label %25 store i8 32, i8* %4, align 1 %75 = load volatile i64, i64* @jiffies, align 64 %76 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 4 store i64 %75, i64* %76, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %3) #78 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %66 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 21 %67 = load i16, i16* %66, align 4 %68 = zext i16 %67 to i32 %69 = add nuw nsw i32 %68, %57 %70 = and i32 %69, 131056 %71 = add nuw nsw i32 %70, 16 %72 = zext i32 %71 to i64 %73 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 22 %74 = load i16, i16* %73, align 2 %75 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 44 %76 = load %struct.header_ops*, %struct.header_ops** %75, align 16 %77 = icmp eq %struct.header_ops* %76, null %78 = select i1 %77, i32 0, i32 %57 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 %79 = zext i16 %74 to i64 %80 = add i64 %79, %2 %81 = add i64 %80, %72 %82 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.273360* (%struct.sock.273622*, i64, i32, i32)* @sock_wmalloc to %struct.sk_buff* (%struct.sock*, i64, i32, i32)*)(%struct.sock* %6, i64 %81, i32 0, i32 3264) #78 %83 = icmp eq %struct.sk_buff* %82, null br i1 %83, label %246, label %84 %85 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %82, i64 0, i32 41 %86 = load i8*, i8** %85, align 8 %87 = getelementptr i8, i8* %86, i64 %72 store i8* %87, i8** %85, align 8 %88 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %82, i64 0, i32 38 %89 = load i32, i32* %88, align 8 %90 = add i32 %89, %71 store i32 %90, i32* %88, align 8 %91 = ptrtoint i8* %87 to i64 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %82, i64 0, i32 40 %93 = bitcast i8** %92 to i64* %94 = load i64, i64* %93, align 8 %95 = sub i64 %91, %94 %96 = trunc i64 %95 to i16 %97 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %82, i64 0, i32 35 store i16 %96, i16* %97, align 4 %98 = icmp eq i32 %78, 0 br i1 %98, label %109, label %99 %110 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %82, i32 %26) #78 br i1 %30, label %111, label %112, !prof !8, !misexpect !6 %113 = tail call i64 @_copy_from_iter(i8* %110, i64 %28, %struct.iov_iter* %29) #78 br label %114 %115 = phi i64 [ %113, %112 ], [ 0, %111 ] %116 = icmp eq i64 %115, %28 br i1 %116, label %31, label %117, !prof !5, !misexpect !10 tail call void @iov_iter_revert(%struct.iov_iter* %29, i64 %115) #78 br label %243 %244 = phi %struct.sk_buff* [ %32, %241 ], [ %82, %117 ] %245 = phi i32 [ %242, %241 ], [ -14, %117 ] call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* %244, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_stream_connect ------------- Path:  Function:unix_stream_connect %5 = alloca i32, align 4 %6 = bitcast %struct.sys_desc_table* %1 to %struct.sockaddr_un* %7 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %8 = load %struct.sock*, %struct.sock** %7, align 8 %9 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %12 = sext i32 %2 to i64 %13 = add i32 %2, -3 %14 = icmp ugt i32 %13, 107 %15 = icmp eq %struct.sys_desc_table* %1, null %16 = or i1 %15, %14 br i1 %16, label %36, label %17 store i32 -22, i32* %5, align 4 br label %321 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* null, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_stream_connect ------------- Path:  Function:unix_stream_connect %5 = alloca i32, align 4 %6 = bitcast %struct.sys_desc_table* %1 to %struct.sockaddr_un* %7 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %8 = load %struct.sock*, %struct.sock** %7, align 8 %9 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %12 = sext i32 %2 to i64 %13 = add i32 %2, -3 %14 = icmp ugt i32 %13, 107 %15 = icmp eq %struct.sys_desc_table* %1, null %16 = or i1 %15, %14 br i1 %16, label %36, label %17 store i32 -22, i32* %5, align 4 br label %321 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* null, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_release_sock 1 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_release_sock 1 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_release_sock 1 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_release_sock 1 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %42, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_release_sock 1 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %42, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 unix_release_sock 1 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %42, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __neigh_event_send 1 __ip_do_redirect 2 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.836545*, %struct.sk_buff.836958*)*)(%struct.neighbour.836545* %181, %struct.sk_buff.836958* null) #78 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #78 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %14 = and i32 %6, 5 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %77 %78 = and i32 %6, 4 %79 = icmp eq i32 %78, 0 br i1 %79, label %126, label %80 %81 = and i8 %5, 27 %82 = icmp eq i8 %81, 0 br i1 %82, label %98, label %83 store i8 8, i8* %4, align 1 %99 = load volatile i64, i64* @jiffies, align 64 %100 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 4 store i64 %99, i64* %100, align 8 %101 = load volatile i64, i64* @jiffies, align 64 %102 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %103 = load %struct.neigh_parms*, %struct.neigh_parms** %102, align 8 %104 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %103, i64 0, i32 10, i64 6 %105 = load i32, i32* %104, align 4 %106 = sext i32 %105 to i64 %107 = add i64 %101, %106 %108 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 6 %109 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %108, i64 0, i32 0, i32 0 %110 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32 1, i32* %109) #6, !srcloc !8 %111 = icmp eq i32 %110, 0 br i1 %111, label %116, label %112, !prof !9, !misexpect !6 %113 = add i32 %110, 1 %114 = or i32 %113, %110 %115 = icmp sgt i32 %114, -1 br i1 %115, label %118, label %116, !prof !5, !misexpect !6 %117 = phi i32 [ 2, %98 ], [ 1, %112 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %108, i32 %117) #78 br label %118 %119 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 9 %120 = tail call i32 @mod_timer(%struct.timer_list* %119, i64 %107) #78 %121 = icmp eq i32 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load i8, i8* %4, align 1 %124 = zext i8 %123 to i32 %125 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.15.63750, i64 0, i64 0), i32 %124) #79 tail call void @dump_stack() #79 br label %126 %127 = phi i1 [ true, %122 ], [ true, %118 ], [ false, %70 ], [ false, %66 ], [ true, %77 ] %128 = load i8, i8* %4, align 1 %129 = icmp eq i8 %128, 1 br i1 %129, label %130, label %226 %131 = icmp eq %struct.sk_buff* %1, null br i1 %131, label %226, label %132 %133 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 7 %134 = load i32, i32* %133, align 4 %135 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 42 %136 = load i32, i32* %135, align 8 %137 = add i32 %136, %134 %138 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %139 = load %struct.neigh_parms*, %struct.neigh_parms** %138, align 8 %140 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %139, i64 0, i32 10, i64 8 %141 = load i32, i32* %140, align 4 %142 = icmp ugt i32 %137, %141 br i1 %142, label %143, label %179 %144 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %145 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %144, i64 0, i32 0 %146 = bitcast %struct.sk_buff_head* %144 to %struct.sk_buff* %147 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %148 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 br label %149 %150 = load %struct.sk_buff*, %struct.sk_buff** %145, align 8 %151 = icmp eq %struct.sk_buff* %150, %146 %152 = icmp eq %struct.sk_buff* %150, null %153 = or i1 %151, %152 br i1 %153, label %179, label %154 %155 = load i32, i32* %147, align 8 %156 = add i32 %155, -1 store volatile i32 %156, i32* %147, align 8 %157 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 0 %158 = load %struct.sk_buff*, %struct.sk_buff** %157, align 8 %159 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 1 %160 = load %struct.sk_buff*, %struct.sk_buff** %159, align 8 %161 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %158, i64 0, i32 0, i32 0, i32 1 %162 = bitcast %struct.sk_buff* %150 to i8* store volatile %struct.sk_buff* %160, %struct.sk_buff** %161, align 8 %163 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %160, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %158, %struct.sk_buff** %163, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 42 %165 = load i32, i32* %164, align 8 %166 = load i32, i32* %133, align 4 %167 = sub i32 %166, %165 store i32 %167, i32* %133, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %150, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __neigh_event_send 1 __ip_do_redirect 2 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.836545*, %struct.sk_buff.836958*)*)(%struct.neighbour.836545* %181, %struct.sk_buff.836958* null) #78 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #78 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %269 = and i32 %6, 4 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %249 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %3) #78 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 neigh_invalidate 1 __neigh_update 2 neigh_update 3 ndisc_update 4 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.903079, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.903079* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %58 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.902571*, %struct.inet6_dev.902571** %58, align 16 %60 = icmp eq %struct.inet6_dev.902571* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.905443*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.902651*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.902651* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #78 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %79 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %102 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.902525** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %109 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.902548*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %122 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121) #78 %123 = icmp eq %struct.neighbour.902458* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121, i1 zeroext true) #78 %126 = icmp ugt %struct.neighbour.902458* %125, inttoptr (i64 -4096 to %struct.neighbour.902458*) %127 = icmp eq %struct.neighbour.902458* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.902458* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.905443*, %struct.neighbour.904925*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.902651*, %struct.neighbour.902458*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.902651* %131, %struct.neighbour.902458* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #78 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.904925*, i8*, i8, i32, i32)*)(%struct.neighbour.904925* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #78 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #78 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 %35 = icmp sgt i32 %3, -1 %36 = xor i1 %35, true %37 = icmp ult i8 %26, 64 %38 = or i1 %37, %36 br i1 %38, label %39, label %398 br i1 %35, label %53, label %40 %54 = phi i32 [ 0, %39 ], [ 0, %40 ], [ 1, %48 ] %55 = phi i1 [ false, %39 ], [ false, %40 ], [ true, %48 ] %56 = and i32 %3, 268435456 %57 = icmp eq i32 %56, 0 br i1 %57, label %60, label %58 %61 = zext i8 %2 to i32 %62 = and i32 %61, 222 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %102 %65 = and i8 %26, 27 %66 = icmp eq i8 %65, 0 br i1 %66, label %82, label %67 %83 = zext i8 %26 to i32 %84 = and i32 %83, 194 %85 = icmp eq i32 %84, 0 br i1 %85, label %94, label %86 store i8 %2, i8* %25, align 1 %95 = and i32 %83, 222 %96 = and i32 %83, 17 %97 = icmp eq i32 %96, 0 %98 = and i32 %61, 32 %99 = icmp eq i32 %98, 0 %100 = or i1 %99, %97 br i1 %100, label %398, label %101 tail call fastcc void @neigh_invalidate(%struct.neighbour* %0) #79 Function:neigh_invalidate %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %3 = load %struct.neigh_table*, %struct.neigh_table** %2, align 8 %4 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %3, i64 0, i32 28 %5 = load %struct.neigh_statistics*, %struct.neigh_statistics** %4, align 8 %6 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %5, i64 0, i32 3 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64* %6) #6, !srcloc !4 %7 = load volatile i64, i64* @jiffies, align 64 %8 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 4 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 32 br i1 %11, label %12, label %40 %13 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %14 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %13, i64 0, i32 0 %15 = bitcast %struct.sk_buff_head* %13 to %struct.sk_buff* %16 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %17 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 %18 = bitcast %struct.rwlock_t* %17 to i8* %19 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 22 br label %20 %21 = load %struct.sk_buff*, %struct.sk_buff** %14, align 8 %22 = icmp eq %struct.sk_buff* %21, %15 %23 = icmp eq %struct.sk_buff* %21, null %24 = or i1 %22, %23 br i1 %24, label %40, label %25 %41 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %42 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %41, i64 0, i32 0 %43 = load %struct.sk_buff*, %struct.sk_buff** %42, align 8 %44 = bitcast %struct.sk_buff_head* %41 to %struct.sk_buff* %45 = icmp eq %struct.sk_buff* %43, %44 %46 = icmp eq %struct.sk_buff* %43, null %47 = or i1 %45, %46 br i1 %47, label %65, label %48 %49 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %50 %51 = phi %struct.sk_buff* [ %43, %48 ], [ %61, %50 ] %52 = load i32, i32* %49, align 8 %53 = add i32 %52, -1 store volatile i32 %53, i32* %49, align 8 %54 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %51, i64 0, i32 0, i32 0, i32 0 %55 = load %struct.sk_buff*, %struct.sk_buff** %54, align 8 %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %51, i64 0, i32 0, i32 0, i32 1 %57 = load %struct.sk_buff*, %struct.sk_buff** %56, align 8 %58 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %55, i64 0, i32 0, i32 0, i32 1 %59 = bitcast %struct.sk_buff* %51 to i8* store volatile %struct.sk_buff* %57, %struct.sk_buff** %58, align 8 %60 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %57, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %55, %struct.sk_buff** %60, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %51, i32 0) #78 %51 = phi %struct.sk_buff* [ %43, %48 ], [ %61, %50 ] %52 = load i32, i32* %49, align 8 %53 = add i32 %52, -1 store volatile i32 %53, i32* %49, align 8 %54 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %51, i64 0, i32 0, i32 0, i32 0 %55 = load %struct.sk_buff*, %struct.sk_buff** %54, align 8 %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %51, i64 0, i32 0, i32 0, i32 1 %57 = load %struct.sk_buff*, %struct.sk_buff** %56, align 8 %58 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %55, i64 0, i32 0, i32 0, i32 1 %59 = bitcast %struct.sk_buff* %51 to i8* store volatile %struct.sk_buff* %57, %struct.sk_buff** %58, align 8 %60 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %57, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %55, %struct.sk_buff** %60, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %51, i32 0) #78 ------------- Good: 2294 Bad: 50 Ignored: 5359 Check Use of Function:perf_event_namespaces Check Use of Function:netlbl_unlabel_genl_init Check Use of Function:set_page_dirty_lock Check Use of Function:mntput_no_expire Check Use of Function:acpi_evaluate_ej0 Check Use of Function:xt_compat_lock Check Use of Function:rpc_pipe_ioctl Check Use of Function:jbd2_journal_flush Check Use of Function:compat_table_info Check Use of Function:netdev_info Check Use of Function:acpi_setup_sb_notify_handler Check Use of Function:i915_gem_driver_unregister Check Use of Function:xt_table_unlock Check Use of Function:intel_ring_begin Check Use of Function:ieee80211_auth.73053 Check Use of Function:filename_lookup Check Use of Function:sd_pr_release Check Use of Function:security_perf_event_open Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __ia32_sys_perf_event_open ------------- Path:  Function:__ia32_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = trunc i64 %3 to i32 %10 = bitcast %struct.perf_event_attr* %6 to i8* %11 = icmp ult i64 %4, 16 br i1 %11, label %12, label %1087 %13 = inttoptr i64 %0 to %struct.perf_event_attr* %14 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %13, %struct.perf_event_attr* nonnull %6) #78 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %37 = tail call i64 @_copy_from_user(i8* %3, i8* %19, i64 %22) #78 %38 = icmp eq i64 %37, 0 br i1 %38, label %40, label %155 %41 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 1 store i32 %15, i32* %41, align 4 %42 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 6 %43 = load i64, i64* %42, align 8 %44 = icmp ult i64 %43, 274877906944 br i1 %44, label %45, label %155 %46 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 18 %47 = load i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 br i1 %48, label %49, label %155 %50 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 20 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %155 %54 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 4 %55 = load i64, i64* %54, align 8 %56 = icmp ult i64 %55, 33554432 br i1 %56, label %57, label %155 %58 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 5 %59 = load i64, i64* %58, align 8 %60 = icmp ult i64 %59, 16 br i1 %60, label %61, label %155 %62 = and i64 %55, 2048 %63 = icmp eq i64 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 11 %66 = load i64, i64* %65, align 8 %67 = add i64 %66, -8 %68 = icmp ugt i64 %67, 262135 br i1 %68, label %155, label %69 %70 = and i64 %66, 7 %71 = icmp eq i64 %70, 0 br i1 %71, label %72, label %77 %78 = phi i64 [ %66, %69 ], [ %76, %72 ] %79 = and i64 %78, 6 %80 = icmp eq i64 %79, 0 br i1 %80, label %93, label %81 %82 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %83 = icmp sgt i32 %82, 1 br i1 %83, label %84, label %88 %89 = tail call i32 @security_perf_event_open(%struct.perf_event_attr* %1, i32 2) #78 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __x64_sys_perf_event_open ------------- Path:  Function:__x64_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = trunc i64 %3 to i32 %10 = bitcast %struct.perf_event_attr* %6 to i8* %11 = icmp ult i64 %4, 16 br i1 %11, label %12, label %1087 %13 = inttoptr i64 %0 to %struct.perf_event_attr* %14 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %13, %struct.perf_event_attr* nonnull %6) #78 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %37 = tail call i64 @_copy_from_user(i8* %3, i8* %19, i64 %22) #78 %38 = icmp eq i64 %37, 0 br i1 %38, label %40, label %155 %41 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 1 store i32 %15, i32* %41, align 4 %42 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 6 %43 = load i64, i64* %42, align 8 %44 = icmp ult i64 %43, 274877906944 br i1 %44, label %45, label %155 %46 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 18 %47 = load i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 br i1 %48, label %49, label %155 %50 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 20 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %155 %54 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 4 %55 = load i64, i64* %54, align 8 %56 = icmp ult i64 %55, 33554432 br i1 %56, label %57, label %155 %58 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 5 %59 = load i64, i64* %58, align 8 %60 = icmp ult i64 %59, 16 br i1 %60, label %61, label %155 %62 = and i64 %55, 2048 %63 = icmp eq i64 %62, 0 br i1 %63, label %93, label %64 %65 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %1, i64 0, i32 11 %66 = load i64, i64* %65, align 8 %67 = add i64 %66, -8 %68 = icmp ugt i64 %67, 262135 br i1 %68, label %155, label %69 %70 = and i64 %66, 7 %71 = icmp eq i64 %70, 0 br i1 %71, label %72, label %77 %78 = phi i64 [ %66, %69 ], [ %76, %72 ] %79 = and i64 %78, 6 %80 = icmp eq i64 %79, 0 br i1 %80, label %93, label %81 %82 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %83 = icmp sgt i32 %82, 1 br i1 %83, label %84, label %88 %89 = tail call i32 @security_perf_event_open(%struct.perf_event_attr* %1, i32 2) #78 ------------- Good: 13 Bad: 2 Ignored: 4 Check Use of Function:intel_user_framebuffer_dirty Check Use of Function:set_cred_ucounts Check Use of Function:__tcf_qdisc_find Check Use of Function:fd_install Check Use of Function:cfg80211_chandef_dfs_required Check Use of Function:down_read_interruptible Check Use of Function:pps_cdev_ioctl Use: =BAD PATH= Call Stack: 0 pps_cdev_compat_ioctl ------------- Path:  Function:pps_cdev_compat_ioctl %4 = alloca %struct.pps_fdata_compat, align 4 %5 = alloca %struct.pps_fdata, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.pps_device** %8 = load %struct.pps_device*, %struct.pps_device** %7, align 8 %9 = inttoptr i64 %2 to i8* %10 = and i32 %1, -1073676289 %11 = or i32 %10, 524288 %12 = icmp eq i32 %11, -1073188700 br i1 %12, label %13, label %54 %55 = tail call i64 @pps_cdev_ioctl(%struct.file* %0, i32 %11, i64 %2) #79 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:pps_cdev_compat_ioctl Check Use of Function:autofs_dev_ioctl_compat Check Use of Function:walk_component Check Use of Function:__ext4_new_inode Check Use of Function:e1000_clean_rx_ring.52607 Check Use of Function:change_mnt_propagation Check Use of Function:vfs_mkdir Check Use of Function:filename_create Check Use of Function:security_task_fix_setuid Check Use of Function:__ext4_error_inode Use: =BAD PATH= Call Stack: 0 ext4_rename2 ------------- Path:  Function:ext4_rename2 %7 = alloca %struct.ext4_filename, align 8 %8 = alloca %struct.ext4_filename, align 8 %9 = alloca %struct.ext4_renament, align 8 %10 = alloca %struct.ext4_renament, align 8 %11 = alloca %struct.ext4_filename, align 8 %12 = alloca %struct.ext4_dir_entry_2*, align 8 %13 = alloca %struct.ext4_filename, align 8 %14 = alloca %struct.ext4_dir_entry_2*, align 8 %15 = alloca i32, align 4 %16 = alloca %struct.ext4_filename, align 8 %17 = alloca %struct.ext4_filename, align 8 %18 = alloca %struct.ext4_filename, align 8 %19 = alloca %struct.ext4_renament, align 8 %20 = alloca %struct.ext4_renament, align 8 %21 = alloca %struct.ext4_renament, align 8 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %23 = load %struct.super_block*, %struct.super_block** %22, align 8 %24 = getelementptr inbounds %struct.super_block, %struct.super_block* %23, i64 0, i32 28 %25 = bitcast i8** %24 to %struct.ext4_sb_info** %26 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %25, align 16 %27 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %26, i64 0, i32 48 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 2 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %1221, !prof !4, !misexpect !5 %32 = icmp ult i32 %5, 8 br i1 %32, label %33, label %1221 %34 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 16384 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %1221 %39 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 16384 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %1221 %44 = and i32 %5, 2 %45 = icmp eq i32 %44, 0 br i1 %45, label %502, label %46 %503 = bitcast %struct.ext4_renament* %20 to i8* %504 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 0 store %struct.inode* %1, %struct.inode** %504, align 8 %505 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 1 store %struct.dentry* %2, %struct.dentry** %505, align 8 %506 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 2 %507 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %508 = bitcast %struct.inode** %507 to i64* %509 = load i64, i64* %508, align 8 %510 = bitcast %struct.inode** %506 to i64* store i64 %509, i64* %510, align 8 %511 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 3 store i8 0, i8* %511, align 8 %512 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 4 %513 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 5 %514 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 6 %515 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %20, i64 0, i32 8 %516 = bitcast %struct.ext4_renament* %21 to i8* %517 = bitcast i32* %512 to i8* %518 = bitcast %struct.buffer_head** %515 to i8* %519 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 0 store %struct.inode* %3, %struct.inode** %519, align 8 %520 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 1 store %struct.dentry* %4, %struct.dentry** %520, align 8 %521 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 2 %522 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %523 = load %struct.inode*, %struct.inode** %522, align 8 store %struct.inode* %523, %struct.inode** %521, align 8 %524 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 3 store i8 0, i8* %524, align 8 %525 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 4 %526 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 5 %527 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 6 %528 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 7 %529 = getelementptr inbounds %struct.ext4_renament, %struct.ext4_renament* %21, i64 0, i32 8 %530 = icmp eq %struct.inode* %523, null %531 = inttoptr i64 %509 to i8* %532 = inttoptr i64 %509 to %struct.inode* %533 = bitcast i32* %525 to i8* %534 = bitcast %struct.buffer_head** %529 to i8* br i1 %530, label %540, label %535 %536 = getelementptr inbounds %struct.inode, %struct.inode* %523, i64 0, i32 12, i32 0 %537 = load i32, i32* %536, align 8 %538 = icmp eq i32 %537, 0 br i1 %538, label %539, label %540 tail call void (%struct.inode*, i8*, i32, i64, i32, i8*, ...) @__ext4_error_inode(%struct.inode* nonnull %523, i8* getelementptr inbounds ([12 x i8], [12 x i8]* @__func__.ext4_rename, i64 0, i64 0), i32 3803, i64 0, i32 0, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.47.19432, i64 0, i64 0)) #78 ------------- Good: 386 Bad: 1 Ignored: 122 Check Use of Function:vfs_link Check Use of Function:d_exchange Check Use of Function:init_symlink Check Use of Function:drm_modeset_lock Check Use of Function:free_compound_page Check Use of Function:dir_add Check Use of Function:ext4fs_dirhash Check Use of Function:get_seccomp_filter Check Use of Function:init_utimes Check Use of Function:invoke_tx_handlers_early Check Use of Function:drm_modeset_acquire_init Check Use of Function:parse_monolithic_mount_data Check Use of Function:proc_ns_file Check Use of Function:regulatory_init Check Use of Function:init_link Check Use of Function:__setup_rt_frame Check Use of Function:tcf_proto_destroy Check Use of Function:io_acct_cancel_pending_work Check Use of Function:ext4_fc_track_create Check Use of Function:io_queue_async_work Check Use of Function:sg_ioctl Check Use of Function:filename_parentat Check Use of Function:lock_rename Check Use of Function:d_alloc_name Check Use of Function:ieee80211_reenable_keys Check Use of Function:__lookup_hash Check Use of Function:write_iter_null Check Use of Function:i915_gem_ww_ctx_backoff Check Use of Function:umount_tree Check Use of Function:vfs_rename Check Use of Function:pci_bus_read_config_byte Use: =BAD PATH= Call Stack: 0 pci_read_config_byte 1 subordinate_bus_number_show ------------- Path:  Function:subordinate_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.318968* store i8 0, i8* %4, align 1 %7 = call i32 @pci_read_config_byte(%struct.pci_dev.318968* %6, i32 26, i8* nonnull %4) #78 Function:pci_read_config_byte %4 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 44 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 3 br i1 %6, label %7, label %8 %9 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 1 %10 = load %struct.pci_bus.318970*, %struct.pci_bus.318970** %9, align 8 %11 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = tail call i32 @pci_bus_read_config_byte(%struct.pci_bus.318970* %10, i32 %12, i32 %1, i8* %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_read_config_byte 1 secondary_bus_number_show ------------- Path:  Function:secondary_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.318968* store i8 0, i8* %4, align 1 %7 = call i32 @pci_read_config_byte(%struct.pci_dev.318968* %6, i32 25, i8* nonnull %4) #78 Function:pci_read_config_byte %4 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 44 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 3 br i1 %6, label %7, label %8 %9 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 1 %10 = load %struct.pci_bus.318970*, %struct.pci_bus.318970** %9, align 8 %11 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = tail call i32 @pci_bus_read_config_byte(%struct.pci_bus.318970* %10, i32 %12, i32 %1, i8* %2) #78 ------------- Good: 220 Bad: 2 Ignored: 456 Check Use of Function:efivar_validate Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.719470* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.719371** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.719371**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.719371* %14 = getelementptr inbounds %struct.task_struct.719371, %struct.task_struct.719371* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %77 = icmp eq i64 %2, 2084 br i1 %77, label %78, label %134 %79 = getelementptr inbounds i8, i8* %1, i64 2080 %80 = bitcast i8* %79 to i32* %81 = load i32, i32* %80, align 1 %82 = getelementptr inbounds i8, i8* %1, i64 1024 %83 = bitcast i8* %82 to i64* %84 = load i64, i64* %83, align 1 %85 = getelementptr inbounds i8, i8* %1, i64 1032 %86 = bitcast i8* %85 to i64* %87 = load i64, i64* %86, align 1 %88 = bitcast i8* %1 to i16* %89 = getelementptr inbounds i8, i8* %1, i64 1040 %90 = bitcast i8* %89 to i64* %91 = load i64, i64* %90, align 1 %92 = getelementptr inbounds i8, i8* %1, i64 1048 %93 = bitcast %struct.efivar_entry.719470* %0 to i8* %94 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %93, i64 1024) #6 %95 = icmp eq i32 %94, 0 br i1 %95, label %96, label %111 %97 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1 %98 = bitcast %struct.uuid_t* %97 to i64* %99 = load i64, i64* %98, align 1 %100 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %101 = bitcast i8* %100 to i64* %102 = load i64, i64* %101, align 1 %103 = bitcast { i64, i64 }* %4 to i8* %104 = bitcast { i64, i64 }* %5 to i8* %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %84, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %87, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %99, i64* %107, align 8 %108 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %102, i64* %108, align 8 %109 = call i32 @bcmp(i8* nonnull dereferenceable(16) %103, i8* nonnull dereferenceable(16) %104, i64 16) #6 %110 = icmp eq i32 %109, 0 br i1 %110, label %113, label %111 %114 = icmp eq i64 %91, 0 %115 = icmp eq i32 %81, 0 %116 = or i1 %115, %114 br i1 %116, label %117, label %119 %120 = icmp ult i32 %81, 128 br i1 %120, label %121, label %123 %122 = tail call zeroext i1 @efivar_validate(i64 %84, i64 %87, i16* nonnull %88, i8* %92, i64 %91) #79 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.719470* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.719371** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.719371**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.719371* %14 = getelementptr inbounds %struct.task_struct.719371, %struct.task_struct.719371* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.719470* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %54 %40 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1 %41 = bitcast %struct.uuid_t* %40 to i64* %42 = load i64, i64* %41, align 1 %43 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 1 %46 = bitcast { i64, i64 }* %6 to i8* %47 = bitcast { i64, i64 }* %7 to i8* %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %26, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %29, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %42, i64* %50, align 8 %51 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %45, i64* %51, align 8 %52 = call i32 @bcmp(i8* nonnull dereferenceable(16) %46, i8* nonnull dereferenceable(16) %47, i64 16) #6 %53 = icmp eq i32 %52, 0 br i1 %53, label %56, label %54 %57 = icmp eq i32 %33, 0 %58 = icmp eq i32 %23, 0 %59 = or i1 %58, %57 br i1 %59, label %60, label %62 %63 = icmp ult i32 %23, 128 br i1 %63, label %64, label %66 %65 = tail call zeroext i1 @efivar_validate(i64 %26, i64 %29, i16* nonnull %30, i8* %35, i64 %34) #79 ------------- Good: 3 Bad: 2 Ignored: 1 Check Use of Function:percpu_ref_resurrect Check Use of Function:drm_minor_release Check Use of Function:__break_lease Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236416** %6 = load %struct.nfs_unlinkdata.236416*, %struct.nfs_unlinkdata.236416** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236411* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236419** %7 = load %struct.nfs_renamedata.236419*, %struct.nfs_renamedata.236419** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236411* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.216899*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #78 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236401** %10 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236428** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236428** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236401** %46 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #78 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 2 %19 = bitcast %struct.nfs_fh** %16 to %struct.seqcount_spinlock** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236401** %64 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %63, align 16 store %struct.seqcount_spinlock* %18, %struct.seqcount_spinlock** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page** %22, %struct.page*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %34 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi %struct.page** [ %95, %85 ], [ %22, %65 ] %74 = phi i32 [ %96, %85 ], [ 0, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #78 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %74, 0 br i1 %82, label %83, label %166 %84 = zext i32 %74 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %74, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.136327*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #78 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236401** %187 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 2 %17 = bitcast %struct.nfs_fh** %14 to %struct.seqcount_spinlock** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %33 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236401** %62 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %61, align 16 store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 store i32* null, i32** %18, align 8 %63 = load i32, i32* %20, align 8 store i32 %63, i32* %19, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %64 = load i64, i64* %31, align 8 store i64 %64, i64* %32, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #78 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #78 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %33, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %109, label %70 %110 = phi i32 [ %99, %107 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %111)) #6 to label %125 [label %111], !srcloc !4 %126 = load %struct.super_block*, %struct.super_block** %11, align 8 %127 = getelementptr inbounds %struct.super_block, %struct.super_block* %126, i64 0, i32 28 %128 = bitcast i8** %127 to %struct.nfs_server.236401** %129 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %128, align 16 %130 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %129, i32 %110, %struct.nfs4_exception* nonnull %8) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 2 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %90 [label %76], !srcloc !4 %91 = load %struct.super_block*, %struct.super_block** %13, align 8 %92 = getelementptr inbounds %struct.super_block, %struct.super_block* %91, i64 0, i32 28 %93 = bitcast i8** %92 to %struct.nfs_server.236401** %94 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %93, align 16 %95 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %94, i32 %75, %struct.nfs4_exception* nonnull %7) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_async_inode_return_delegation 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %34 = bitcast i64* %16 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %34, i32 2, i8* %34) #6, !srcloc !5 %35 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 %36 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %35, i64 0, i32 22 %37 = bitcast i64* %36 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %37, i32 32, i8* %37) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 2051, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 _nfs4_do_setattr 3 nfs4_do_setattr 4 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #78 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236429** %24 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236429* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236429* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236429* %31, %struct.nfs4_label* null) #79 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236401** %15 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236429* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236428* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 2 %27 = bitcast %struct.nfs_fh** %24 to %struct.seqcount_spinlock** %28 = bitcast %struct.nfs_setattrargs* %8 to i8* store %struct.seqcount_spinlock* %26, %struct.seqcount_spinlock** %27, align 8 %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %30 = bitcast %struct.nfs4_stateid_struct* %29 to i8* %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %32, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %34 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %34, i32** %33, align 8 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %35, align 8 %36 = bitcast %struct.nfs_setattrres* %9 to i8* %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 %38 = bitcast %struct.nfs_setattrres* %9 to i8* store %struct.nfs_fattr* %2, %struct.nfs_fattr** %37, align 8 %39 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %39, align 8 %40 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %40, align 8 %41 = bitcast %struct.nfs4_exception* %10 to i8* %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236428* %22, %struct.nfs4_state.236428** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %29, %struct.nfs4_stateid_struct** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = and i32 %49, 6145 %51 = icmp eq i32 %50, 0 %52 = select i1 %51, i64 256, i64 131328 %53 = and i32 %49, 6 %54 = icmp eq i32 %53, 0 %55 = or i64 %52, 4096 %56 = select i1 %54, i64 %52, i64 %55 %57 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 35, i64 0 %58 = bitcast i32* %57 to i8* %59 = icmp eq %struct.inode* %0, null %60 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 38 %61 = bitcast %struct.seqcount_spinlock* %60 to i64* %62 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 0 %64 = icmp eq %struct.nfs4_state.236428* %22, null %65 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %22, i64 0, i32 13 br label %66 br i1 %59, label %92, label %67 %93 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236429* %4) #79 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236401** %14 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.236417** %6 = load %struct.nfs_renameargs.236417*, %struct.nfs_renameargs.236417** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.236418** %9 = load %struct.nfs_renameres.236418*, %struct.nfs_renameres.236418** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_inode_make_writeable 2 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_inode_return_delegation 1 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.236413** %6 = load %struct.nfs_removeargs.236413*, %struct.nfs_removeargs.236413** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.236415** %9 = load %struct.nfs_removeres.236415*, %struct.nfs_removeres.236415** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.236401** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #78 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %42 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %45 = icmp eq %struct.list_head* %44, %42 br i1 %45, label %46, label %50 %47 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %39, i64 0, i32 3, i32 1 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %42 br i1 %49, label %52, label %50 %51 = tail call i32 @__break_lease(%struct.inode* %0, i32 3, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation_on_close 2 nfs4_put_open_state 3 __nfs4_close 4 nfs4_close_sync 5 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %3, align 8 %5 = icmp eq %struct.nfs4_state.236428* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238111*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236428*, i32)*)(%struct.nfs4_state.236428* nonnull %4, i32 %13) #78 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238111* %0, i32 %1, i32 1) #78 Function:__nfs4_close %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 6 %7 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %6, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32* %7) #6, !srcloc !4 %8 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %9 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %8, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %10 = and i32 %1, 3 switch i32 %10, label %23 [ i32 1, label %11 i32 2, label %15 i32 3, label %19 ] %20 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, -1 store i32 %22, i32* %20, align 4 br label %23 %24 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %62 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 10 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %40 %32 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = load volatile i64, i64* %32, align 8 %36 = and i64 %35, 32 %37 = or i64 %36, %34 %38 = icmp ne i64 %37, 0 %39 = zext i1 %38 to i32 br label %40 %41 = phi i32 [ %39, %31 ], [ 0, %27 ] %42 = phi i32 [ 2, %31 ], [ 3, %27 ] %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 11 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %62 %63 = phi i32 [ %58, %60 ], [ %58, %46 ], [ 0, %23 ], [ %41, %40 ] %64 = phi i32 [ 0, %60 ], [ 1, %46 ], [ 3, %23 ], [ %42, %40 ] %65 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 13 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %64 br i1 %67, label %94, label %68 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %95 = bitcast %struct.spinlock* %8 to i8* store volatile i8 0, i8* %95, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %96 = icmp eq i32 %63, 0 br i1 %96, label %97, label %116 tail call void @nfs4_put_open_state(%struct.nfs4_state.238111* %0) #79 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 br i1 %8, label %9, label %49 %10 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 18 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 1, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 1, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %12, align 8 %18 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 0, i32 1 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 0, i32 0 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 1 store %struct.list_head* %19, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 store volatile %struct.list_head* %21, %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %20, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %25, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @nfs4_inode_return_delegation_on_close(%struct.inode* %3) #78 Function:nfs4_inode_return_delegation_on_close %2 = icmp eq %struct.inode* %0, null br i1 %2, label %63, label %3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 88 %6 = bitcast %struct.seqcount_spinlock* %5 to %struct.nfs_delegation.236475** %7 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %6, align 8 %8 = icmp eq %struct.nfs_delegation.236475* %7, null br i1 %8, label %60, label %9 %61 = phi %struct.nfs_delegation.236475* [ %56, %59 ], [ null, %55 ], [ null, %22 ], [ null, %14 ], [ null, %9 ], [ null, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %62 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* nonnull %0, %struct.nfs_delegation.236475* %61, i32 0) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #78 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236429** %24 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236429* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236429* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236429* %31, %struct.nfs4_label* null) #79 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236401** %15 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236429* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236428* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 2 %27 = bitcast %struct.nfs_fh** %24 to %struct.seqcount_spinlock** %28 = bitcast %struct.nfs_setattrargs* %8 to i8* store %struct.seqcount_spinlock* %26, %struct.seqcount_spinlock** %27, align 8 %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %30 = bitcast %struct.nfs4_stateid_struct* %29 to i8* %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %32, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %34 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %34, i32** %33, align 8 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %35, align 8 %36 = bitcast %struct.nfs_setattrres* %9 to i8* %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 %38 = bitcast %struct.nfs_setattrres* %9 to i8* store %struct.nfs_fattr* %2, %struct.nfs_fattr** %37, align 8 %39 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %39, align 8 %40 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %40, align 8 %41 = bitcast %struct.nfs4_exception* %10 to i8* %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236428* %22, %struct.nfs4_state.236428** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %29, %struct.nfs4_stateid_struct** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = and i32 %49, 6145 %51 = icmp eq i32 %50, 0 %52 = select i1 %51, i64 256, i64 131328 %53 = and i32 %49, 6 %54 = icmp eq i32 %53, 0 %55 = or i64 %52, 4096 %56 = select i1 %54, i64 %52, i64 %55 %57 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 35, i64 0 %58 = bitcast i32* %57 to i8* %59 = icmp eq %struct.inode* %0, null %60 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 38 %61 = bitcast %struct.seqcount_spinlock* %60 to i64* %62 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 0 %64 = icmp eq %struct.nfs4_state.236428* %22, null %65 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %22, i64 0, i32 13 br label %66 br i1 %59, label %92, label %67 %93 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236429* %4) #79 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236401** %14 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.236417** %6 = load %struct.nfs_renameargs.236417*, %struct.nfs_renameargs.236417** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.236418** %9 = load %struct.nfs_renameres.236418*, %struct.nfs_renameres.236418** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.236413** %6 = load %struct.nfs_removeargs.236413*, %struct.nfs_removeargs.236413** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.236415** %9 = load %struct.nfs_removeres.236415*, %struct.nfs_removeres.236415** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.236401** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #78 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %19 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %16, i64 0, i32 3 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %23, label %27 %28 = tail call i32 @__break_lease(%struct.inode* %0, i32 %14, i32 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147847*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %6, i32 2) #78 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.150840*)*)(%struct.inode.150840* %6) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %64, i64 %66, %struct.inode.150840* %6) #78 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %77, i64 %79, %struct.inode.150840* %6) #78 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %171 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %175 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %172, i64 0, i32 3 %176 = getelementptr inbounds %struct.list_head, %struct.list_head* %175, i64 0, i32 0 %177 = load volatile %struct.list_head*, %struct.list_head** %176, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %178 = icmp eq %struct.list_head* %177, %175 br i1 %178, label %179, label %183 %180 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %172, i64 0, i32 3, i32 1 %181 = load volatile %struct.list_head*, %struct.list_head** %180, align 8 %182 = icmp eq %struct.list_head* %181, %175 br i1 %182, label %191, label %183 %184 = tail call i32 bitcast (i32 (%struct.inode*, i32, i32)* @__break_lease to i32 (%struct.inode.150840*, i32, i32)*)(%struct.inode.150840* %6, i32 2049, i32 4) #78 ------------- Good: 83 Bad: 18 Ignored: 69 Check Use of Function:ext4_fc_track_range Check Use of Function:bad_inode_unlink Check Use of Function:acpi_enable_subsystem Check Use of Function:__tcf_block_find Check Use of Function:step_into Check Use of Function:xt_request_find_table_lock Check Use of Function:security_sid_to_context_force Check Use of Function:proc_dostring Use: =BAD PATH= Call Stack: 0 seccomp_actions_logged_handler ------------- Path:  Function:seccomp_actions_logged_handler %6 = alloca %struct.ctl_table, align 8 %7 = alloca [63 x i8], align 16 %8 = alloca i8*, align 8 %9 = alloca [63 x i8], align 16 %10 = alloca %struct.ctl_table, align 8 %11 = icmp eq i32 %1, 0 br i1 %11, label %169, label %12 %170 = getelementptr inbounds [63 x i8], [63 x i8]* %9, i64 0, i64 0 %171 = bitcast %struct.ctl_table* %6 to i8* %172 = load i32, i32* @seccomp_actions_logged, align 4 br label %173 %174 = phi i8** [ getelementptr inbounds ([9 x %struct.anon.116], [9 x %struct.anon.116]* @seccomp_log_names, i64 0, i64 0, i32 1), %169 ], [ %207, %202 ] %175 = phi i8 [ 0, %169 ], [ %205, %202 ] %176 = phi %struct.anon.116* [ getelementptr inbounds ([9 x %struct.anon.116], [9 x %struct.anon.116]* @seccomp_log_names, i64 0, i64 0), %169 ], [ %206, %202 ] %177 = phi i8* [ %170, %169 ], [ %204, %202 ] %178 = phi i64 [ 63, %169 ], [ %203, %202 ] %179 = getelementptr inbounds %struct.anon.116, %struct.anon.116* %176, i64 0, i32 0 %180 = load i32, i32* %179, align 8 %181 = and i32 %180, %172 %182 = icmp eq i32 %181, 0 br i1 %182, label %202, label %183 %184 = and i8 %175, 1 %185 = icmp eq i8 %184, 0 br i1 %185, label %192, label %186 %187 = call i64 @strscpy(i8* %177, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.15.11062, i64 0, i64 0), i64 %178) #78 %188 = icmp slt i64 %187, 0 br i1 %188, label %217, label %189 %190 = getelementptr i8, i8* %177, i64 %187 %191 = sub i64 %178, %187 br label %192 %193 = phi i64 [ %191, %189 ], [ %178, %183 ] %194 = phi i8* [ %190, %189 ], [ %177, %183 ] %195 = phi i8 [ %175, %189 ], [ 1, %183 ] %196 = load i8*, i8** %174, align 8 %197 = call i64 @strscpy(i8* %194, i8* %196, i64 %193) #78 %198 = icmp slt i64 %197, 0 br i1 %198, label %217, label %199 %200 = getelementptr i8, i8* %194, i64 %197 %201 = sub i64 %193, %197 br label %202 %203 = phi i64 [ %201, %199 ], [ %178, %173 ] %204 = phi i8* [ %200, %199 ], [ %177, %173 ] %205 = phi i8 [ %195, %199 ], [ %175, %173 ] %206 = getelementptr %struct.anon.116, %struct.anon.116* %176, i64 1 %207 = getelementptr %struct.anon.116, %struct.anon.116* %176, i64 1, i32 1 %208 = load i8*, i8** %207, align 8 %209 = icmp ne i8* %208, null %210 = icmp ne i64 %203, 0 %211 = and i1 %210, %209 br i1 %211, label %173, label %212 %213 = bitcast %struct.ctl_table* %0 to i8* %214 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %170, i8** %214, align 8 %215 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 63, i32* %215, align 8 %216 = call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 0, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_tcp_congestion_control ------------- Path:  Function:proc_tcp_congestion_control %6 = alloca [16 x i8], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = load i8*, i8** %8, align 8 %10 = getelementptr i8, i8* %9, i64 -1104 %11 = bitcast i8* %10 to %struct.net.872654* %12 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %13 = bitcast %struct.ctl_table* %7 to i8* %14 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %15 = bitcast %struct.ctl_table* %7 to i8* store i8* %12, i8** %14, align 8 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 16, i32* %16, align 8 call void bitcast (void (%struct.net.273693*, i8*)* @tcp_get_default_congestion_control to void (%struct.net.872654*, i8*)*)(%struct.net.872654* %11, i8* nonnull %12) #78 %17 = call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_default_qdisc ------------- Path:  Function:set_default_qdisc %6 = alloca [16 x i8], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %9 = bitcast %struct.ctl_table* %7 to i8* %10 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %11 = bitcast %struct.ctl_table* %7 to i8* store i8* %8, i8** %10, align 8 %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 16, i32* %12, align 8 call void @qdisc_get_default(i8* nonnull %8, i64 16) #78 %13 = call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dostring to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Good: 11 Bad: 3 Ignored: 4 Check Use of Function:ext4_create Check Use of Function:drm_managed_release Use: =BAD PATH= Call Stack: 0 drm_minor_acquire 1 drm_open ------------- Path:  Function:drm_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 1048575 %6 = tail call %struct.drm_minor* @drm_minor_acquire(i32 %5) #78 Function:drm_minor_acquire %2 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @drm_minor_lock, i64 0, i32 0, i32 0)) #78 %3 = zext i32 %0 to i64 %4 = tail call i8* @idr_find(%struct.idr* nonnull @drm_minors_idr, i64 %3) #78 %5 = icmp eq i8* %4, null br i1 %5, label %35, label %6 %7 = getelementptr inbounds i8, i8* %4, i64 16 %8 = bitcast i8* %7 to %struct.drm_device.382396** %9 = load %struct.drm_device.382396*, %struct.drm_device.382396** %8, align 8 %10 = icmp eq %struct.drm_device.382396* %9, null br i1 %10, label %23, label %11 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @drm_minor_lock, i64 0, i32 0, i32 0), i64 %2) #78 %24 = load %struct.drm_device.382396*, %struct.drm_device.382396** %8, align 8 %25 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* nonnull @drm_unplug_srcu) #78 %26 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %24, i64 0, i32 11 %27 = load i8, i8* %26, align 4, !range !8 %28 = icmp eq i8 %27, 0 %29 = icmp ugt i32 %25, 1 br i1 %28, label %32, label %30 br i1 %29, label %31, label %36, !prof !5, !misexpect !6 tail call void @__srcu_read_unlock(%struct.srcu_struct* nonnull @drm_unplug_srcu, i32 %25) #78 %37 = load %struct.drm_device.382396*, %struct.drm_device.382396** %8, align 8 %38 = icmp eq %struct.drm_device.382396* %37, null br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %37, i64 0, i32 1 %41 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0 %42 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !10 %44 = icmp eq i32 %43, 1 br i1 %44, label %50, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %51 = getelementptr %struct.qspinlock, %struct.qspinlock* %40, i64 -1 %52 = bitcast %struct.qspinlock* %51 to %struct.drm_device.382396* %53 = getelementptr %struct.qspinlock, %struct.qspinlock* %40, i64 11 %54 = bitcast %struct.qspinlock* %53 to %struct.drm_driver** %55 = load %struct.drm_driver*, %struct.drm_driver** %54, align 8 %56 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %55, i64 0, i32 5 %57 = load void (%struct.drm_device.382396*)*, void (%struct.drm_device.382396*)** %56, align 8 %58 = icmp eq void (%struct.drm_device.382396*)* %57, null br i1 %58, label %60, label %59 tail call void %57(%struct.drm_device.382396* %52) #78 br label %60 tail call void bitcast (void (%struct.drm_device.408480*)* @drm_managed_release to void (%struct.drm_device.382396*)*)(%struct.drm_device.382396* %52) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_put 1 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.449467** %5 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %5, i64 0, i32 103, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.382396* %9) #78 Function:drm_dev_put %2 = icmp eq %struct.drm_device.382396* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -1 %16 = bitcast %struct.qspinlock* %15 to %struct.drm_device.382396* %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 11 %18 = bitcast %struct.qspinlock* %17 to %struct.drm_driver** %19 = load %struct.drm_driver*, %struct.drm_driver** %18, align 8 %20 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %19, i64 0, i32 5 %21 = load void (%struct.drm_device.382396*)*, void (%struct.drm_device.382396*)** %20, align 8 %22 = icmp eq void (%struct.drm_device.382396*)* %21, null br i1 %22, label %24, label %23 tail call void %21(%struct.drm_device.382396* %16) #78 br label %24 tail call void bitcast (void (%struct.drm_device.408480*)* @drm_managed_release to void (%struct.drm_device.382396*)*)(%struct.drm_device.382396* %16) #78 ------------- Good: 11 Bad: 2 Ignored: 11 Check Use of Function:msdos_lookup Check Use of Function:ramfs_create Check Use of Function:pci_get_slot Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.323246* %9 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.323246* %8, i64 %4, i64 %5, i8* %3) #78 Function:pci_vpd_read %5 = alloca i32, align 4 %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.323246* %0) #78 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %23 = load %struct.pci_bus.323235*, %struct.pci_bus.323235** %13, align 8 %24 = load i32, i32* %14, align 8 %25 = and i32 %24, 248 %26 = tail call %struct.pci_dev.323246* bitcast (%struct.pci_dev.318968* (%struct.pci_bus.318970*, i32)* @pci_get_slot to %struct.pci_dev.323246* (%struct.pci_bus.323235*, i32)*)(%struct.pci_bus.323235* %23, i32 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_write 2 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.323246* %9 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.323246* %8, i64 %4, i64 %5, i8* %3) #78 Function:pci_vpd_write %5 = add i64 %2, %1 %6 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.323246* %0) #78 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %23 = load %struct.pci_bus.323235*, %struct.pci_bus.323235** %13, align 8 %24 = load i32, i32* %14, align 8 %25 = and i32 %24, 248 %26 = tail call %struct.pci_dev.323246* bitcast (%struct.pci_dev.318968* (%struct.pci_bus.318970*, i32)* @pci_get_slot to %struct.pci_dev.323246* (%struct.pci_bus.323235*, i32)*)(%struct.pci_bus.323235* %23, i32 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.323246* %9 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 4 %15 = bitcast %struct.qspinlock* %14 to %struct.pci_bus.323235** %16 = load %struct.pci_bus.323235*, %struct.pci_bus.323235** %15, align 8 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 14, i32 0, i32 0, i32 0 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 248 %20 = tail call %struct.pci_dev.323246* bitcast (%struct.pci_dev.318968* (%struct.pci_bus.318970*, i32)* @pci_get_slot to %struct.pci_dev.323246* (%struct.pci_bus.323235*, i32)*)(%struct.pci_bus.323235* %16, i32 %19) #78 ------------- Use: =BAD PATH= Call Stack: 0 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.323246* %9 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %14 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 4 %15 = bitcast %struct.qspinlock* %14 to %struct.pci_bus.323235** %16 = load %struct.pci_bus.323235*, %struct.pci_bus.323235** %15, align 8 %17 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 14, i32 0, i32 0, i32 0 %18 = load i32, i32* %17, align 8 %19 = and i32 %18, 248 %20 = tail call %struct.pci_dev.323246* bitcast (%struct.pci_dev.318968* (%struct.pci_bus.318970*, i32)* @pci_get_slot to %struct.pci_dev.323246* (%struct.pci_bus.323235*, i32)*)(%struct.pci_bus.323235* %16, i32 %19) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.323246* %9 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.323246* %8, i64 %4, i64 %5, i8* %3) #78 Function:pci_vpd_read %5 = alloca i32, align 4 %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.323246* %0) #78 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.323246* %0, i64 %18, i64 1, i8* nonnull %11) #78 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.323235*, %struct.pci_bus.323235** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.323246* bitcast (%struct.pci_dev.318968* (%struct.pci_bus.318970*, i32)* @pci_get_slot to %struct.pci_dev.323246* (%struct.pci_bus.323235*, i32)*)(%struct.pci_bus.323235* %47, i32 %49) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_write 2 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.323246* %9 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.323246* %8, i64 %4, i64 %5, i8* %3) #78 Function:pci_vpd_write %5 = add i64 %2, %1 %6 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.323246* %0) #78 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.323246* %0, i64 %18, i64 1, i8* nonnull %11) #78 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.323235*, %struct.pci_bus.323235** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.323246* bitcast (%struct.pci_dev.318968* (%struct.pci_bus.318970*, i32)* @pci_get_slot to %struct.pci_dev.323246* (%struct.pci_bus.323235*, i32)*)(%struct.pci_bus.323235* %47, i32 %49) #78 ------------- Good: 23 Bad: 6 Ignored: 21 Check Use of Function:ext4_rmdir Check Use of Function:rate_control_rate_update Check Use of Function:nvram_misc_ioctl Check Use of Function:perf_event_alloc Check Use of Function:current_umask Use: =BAD PATH= Call Stack: 0 nfs4_proc_mkdir ------------- Path:  Function:nfs4_proc_mkdir %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.236401** %9 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %8, align 16 %10 = bitcast %struct.nfs4_exception* %4 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = getelementptr %struct.nfs_server.236401, %struct.nfs_server.236401* %9, i64 0, i32 35, i64 2 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 131072 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %23 %17 = tail call i32 @current_umask() #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_mknod ------------- Path:  Function:nfs4_proc_mknod %5 = alloca %struct.nfs4_exception, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236401** %10 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %9, align 16 %11 = bitcast %struct.nfs4_exception* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %5, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr %struct.nfs_server.236401, %struct.nfs_server.236401* %10, i64 0, i32 35, i64 2 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 131072 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %24 %18 = tail call i32 @current_umask() #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 %12 = bitcast %struct.wait_queue_head* %6 to i64* store i64 0, i64* %12, align 8 store %struct.list_head* %10, %struct.list_head** %11, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %10, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %318 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %32, label %27 %33 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %34 = bitcast %struct.qstr* %33 to %struct.util_est* %35 = getelementptr inbounds %struct.util_est, %struct.util_est* %34, i64 0, i32 1 %36 = load i32, i32* %35, align 4 %37 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %38 = load %struct.super_block*, %struct.super_block** %37, align 8 %39 = getelementptr inbounds %struct.super_block, %struct.super_block* %38, i64 0, i32 28 %40 = bitcast i8** %39 to %struct.nfs_server.214586** %41 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %40, align 16 %42 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %41, i64 0, i32 23 %43 = load i32, i32* %42, align 4 %44 = icmp ugt i32 %36, %43 br i1 %44, label %318, label %45 %46 = and i32 %3, 64 %47 = icmp eq i32 %46, 0 br i1 %47, label %63, label %48 %49 = getelementptr %struct.nfs_server.214586, %struct.nfs_server.214586* %41, i64 0, i32 35, i64 2 %50 = load i32, i32* %49, align 4 %51 = and i32 %50, 131072 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %58 %54 = call i32 @current_umask() #78 ------------- Good: 15 Bad: 3 Ignored: 6 Check Use of Function:lock_mount Check Use of Function:perf_install_in_context Check Use of Function:hung_up_tty_ioctl Check Use of Function:autofs_root_ioctl Check Use of Function:acpi_ut_remove_reference Check Use of Function:bad_inode_rmdir Check Use of Function:vfs_create_mount Check Use of Function:complete_walk Check Use of Function:ext4_ext_remove_space Check Use of Function:isofs_lookup Check Use of Function:__ew32 Check Use of Function:ext4_alloc_io_end_vec Check Use of Function:__ext4_xattr_check_block Check Use of Function:proc_sys_lookup Check Use of Function:ieee80211_chandef_downgrade Check Use of Function:vfat_lookup Check Use of Function:namespace_unlock Check Use of Function:fsnotify_move Check Use of Function:e1000e_release_hw_control Check Use of Function:ring_buffer_write Check Use of Function:ieee80211_send_null_response Check Use of Function:bad_inode_lookup Check Use of Function:commit_creds Check Use of Function:proc_task_lookup Check Use of Function:netns_install Check Use of Function:dev_get_flags Check Use of Function:hibernation_restore Check Use of Function:ext4_dx_csum Check Use of Function:terminate_walk Check Use of Function:truncate_inode_pages Check Use of Function:nfs_create Check Use of Function:nfs_atomic_open Check Use of Function:ieee80211_wake_queues_by_reason Check Use of Function:vfs_fchmod Check Use of Function:audit_log_path_denied Check Use of Function:skb_copy_expand Check Use of Function:__audit_inode Check Use of Function:drv_start_nan Check Use of Function:acpi_ut_release_mutex Check Use of Function:d_alloc_parallel Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 2 %9 = bitcast %struct.list_head* %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %16, label %20, !prof !4, !misexpect !5 %21 = phi %struct.ctl_table_header* [ %12, %16 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %2 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %22 = icmp ugt %struct.ctl_table_header* %21, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %22, label %23, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %58 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry*, %struct.dentry** %32, align 8 %34 = getelementptr inbounds %struct.dentry, %struct.dentry* %33, i64 0, i32 5 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.22.18726, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #78 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %213 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry*, %struct.dentry** %44, align 8 %46 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #78 %48 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 3 %49 = load %struct.dentry*, %struct.dentry** %48, align 8 %50 = getelementptr inbounds %struct.dentry, %struct.dentry* %49, i64 0, i32 5 %51 = load %struct.inode*, %struct.inode** %50, align 8 %52 = getelementptr inbounds %struct.inode, %struct.inode* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = bitcast %struct.anon.1* %46 to i8* store volatile i8 0, i8* %54, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %55 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.23.18727, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #78 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %213 store i64 2, i64* %27, align 8 br label %58 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %59 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %21, i64 1 %60 = bitcast %struct.ctl_table_header* %59 to %struct.rb_root* %61 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %60) #78 %62 = icmp eq %struct.rb_node* %61, null br i1 %62, label %79, label %63 %64 = phi %struct.rb_node* [ %77, %76 ], [ %61, %58 ] %65 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %64, i64 1 %66 = bitcast %struct.rb_node* %65 to %struct.ctl_table_header** %67 = load %struct.ctl_table_header*, %struct.ctl_table_header** %66, align 8 %68 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %67, i64 0, i32 1 %69 = load %struct.completion*, %struct.completion** %68, align 8 %70 = icmp eq %struct.completion* %69, null br i1 %70, label %71, label %76, !prof !4, !misexpect !5 %77 = tail call %struct.rb_node* @rb_next(%struct.rb_node* nonnull %64) #78 %78 = icmp eq %struct.rb_node* %77, null br i1 %78, label %79, label %63 %80 = phi %struct.ctl_node* [ %75, %71 ], [ null, %58 ], [ null, %76 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = icmp eq %struct.ctl_node* %80, null br i1 %81, label %213, label %82 %83 = getelementptr inbounds %struct.ctl_node, %struct.ctl_node* %80, i64 0, i32 1 %84 = load %struct.ctl_table_header*, %struct.ctl_table_header** %83, align 8 %85 = icmp eq %struct.ctl_table_header* %84, null br i1 %85, label %213, label %86 %87 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 0, i32 0, i32 0 %88 = load %struct.ctl_table*, %struct.ctl_table** %87, align 8 %89 = ptrtoint %struct.ctl_node* %80 to i64 %90 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 6 %91 = bitcast %struct.ctl_node** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = sub i64 %89, %92 %94 = ashr exact i64 %93, 5 %95 = getelementptr %struct.ctl_table, %struct.ctl_table* %88, i64 %94 %96 = bitcast %struct.ctl_table_header** %3 to i8* %97 = bitcast %struct.ctl_table** %4 to i8* br label %98 %99 = phi i64 [ 2, %86 ], [ %102, %200 ] %100 = phi %struct.ctl_table* [ %95, %86 ], [ %211, %200 ] %101 = phi %struct.ctl_table_header* [ %84, %86 ], [ %202, %200 ] %102 = add i64 %99, 1 %103 = load i64, i64* %27, align 8 %104 = icmp ult i64 %99, %103 br i1 %104, label %160, label %105 %106 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %100, i64 0, i32 3 %107 = load i16, i16* %106, align 4 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, -24576 br i1 %109, label %110, label %146, !prof !8, !misexpect !5 %147 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %101, %struct.ctl_table* %100) #78 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #78 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.util_est* %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #79 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_lookup to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5) #80 %23 = icmp eq %struct.dentry* %22, null br i1 %23, label %24, label %67 %25 = bitcast %struct.wait_queue_head* %6 to i8* %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = bitcast %struct.wait_queue_head* %6 to i64* store i64 0, i64* %28, align 8 store %struct.list_head* %26, %struct.list_head** %27, align 8 %29 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %26, %struct.list_head** %29, align 8 %30 = call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry* (%struct.dentry*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5, %struct.wait_queue_head* nonnull %6) #80 ------------- Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 %12 = bitcast %struct.wait_queue_head* %6 to i64* store i64 0, i64* %12, align 8 store %struct.list_head* %10, %struct.list_head** %11, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %10, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %318 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %32, label %27 %33 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %34 = bitcast %struct.qstr* %33 to %struct.util_est* %35 = getelementptr inbounds %struct.util_est, %struct.util_est* %34, i64 0, i32 1 %36 = load i32, i32* %35, align 4 %37 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %38 = load %struct.super_block*, %struct.super_block** %37, align 8 %39 = getelementptr inbounds %struct.super_block, %struct.super_block* %38, i64 0, i32 28 %40 = bitcast i8** %39 to %struct.nfs_server.214586** %41 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %40, align 16 %42 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %41, i64 0, i32 23 %43 = load i32, i32* %42, align 4 %44 = icmp ugt i32 %36, %43 br i1 %44, label %318, label %45 %46 = and i32 %3, 64 %47 = icmp eq i32 %46, 0 br i1 %47, label %63, label %48 %64 = and i32 %3, 512 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 br i1 %47, label %71, label %91 %72 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 0 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 268435456 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %91 call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %1) #78 %77 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 3 %78 = load %struct.dentry*, %struct.dentry** %77, align 8 %79 = call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry* (%struct.dentry*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry* %78, %struct.qstr* %33, %struct.wait_queue_head* nonnull %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_tid_base_readdir ------------- Path:  Function:proc_tid_base_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.177271* %0, %struct.dir_context* %1, %struct.pid_entry* getelementptr inbounds (<{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } } }>, <{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } } }>* @tid_base_stuff, i64 0, i32 0), i32 39) #78 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 2 %6 = load %struct.inode.177454*, %struct.inode.177454** %5, align 8 %7 = getelementptr %struct.inode.177454, %struct.inode.177454* %6, i64 -1, i32 41, i32 13 %8 = bitcast %struct.list_head* %7 to %struct.pid.177248** %9 = load %struct.pid.177248*, %struct.pid.177248** %8, align 8 %10 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %9, i32 0) #78 %11 = icmp eq %struct.task_struct.177581* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.177271* %0, %struct.dir_context* %1) #79 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.177271* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.177444* (%struct.dentry.177444*, %struct.task_struct.177581*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.177581* nonnull %10, i8* %32) #79 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.177444*, %struct.dentry.177444** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 %15 = bitcast %struct.qstr* %8 to i8* store i32 %3, i32* %14, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.177444* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.177444* (%struct.dentry.177444*, %struct.qstr*)*)(%struct.dentry.177444* %11, %struct.qstr* nonnull %8) #78 %18 = icmp eq %struct.dentry.177444* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 %23 = bitcast %struct.wait_queue_head* %9 to i64* store i64 0, i64* %23, align 8 store %struct.list_head* %21, %struct.list_head** %22, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %21, %struct.list_head** %24, align 8 %25 = call %struct.dentry.177444* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.177444* (%struct.dentry.177444*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.177444* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_attr_dir_readdir ------------- Path:  Function:proc_attr_dir_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.177271* %0, %struct.dir_context* %1, %struct.pid_entry* bitcast ([6 x { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i8* } }]* @attr_dir_stuff to %struct.pid_entry*), i32 6) #78 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 2 %6 = load %struct.inode.177454*, %struct.inode.177454** %5, align 8 %7 = getelementptr %struct.inode.177454, %struct.inode.177454* %6, i64 -1, i32 41, i32 13 %8 = bitcast %struct.list_head* %7 to %struct.pid.177248** %9 = load %struct.pid.177248*, %struct.pid.177248** %8, align 8 %10 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %9, i32 0) #78 %11 = icmp eq %struct.task_struct.177581* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.177271* %0, %struct.dir_context* %1) #79 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.177271* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.177444* (%struct.dentry.177444*, %struct.task_struct.177581*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.177581* nonnull %10, i8* %32) #79 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.177444*, %struct.dentry.177444** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 %15 = bitcast %struct.qstr* %8 to i8* store i32 %3, i32* %14, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.177444* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.177444* (%struct.dentry.177444*, %struct.qstr*)*)(%struct.dentry.177444* %11, %struct.qstr* nonnull %8) #78 %18 = icmp eq %struct.dentry.177444* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 %23 = bitcast %struct.wait_queue_head* %9 to i64* store i64 0, i64* %23, align 8 store %struct.list_head* %21, %struct.list_head** %22, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %21, %struct.list_head** %24, align 8 %25 = call %struct.dentry.177444* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.177444* (%struct.dentry.177444*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.177444* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_tgid_base_readdir ------------- Path:  Function:proc_tgid_base_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.177271* %0, %struct.dir_context* %1, %struct.pid_entry* getelementptr inbounds (<{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } } }>, <{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.177449*, %struct.file_operations.177239*, { i32 (%struct.seq_file.177238*, %struct.pid_namespace.177246*, %struct.pid.177248*, %struct.task_struct.177581*)* } } }>* @tgid_base_stuff, i64 0, i32 0), i32 45) #78 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 2 %6 = load %struct.inode.177454*, %struct.inode.177454** %5, align 8 %7 = getelementptr %struct.inode.177454, %struct.inode.177454* %6, i64 -1, i32 41, i32 13 %8 = bitcast %struct.list_head* %7 to %struct.pid.177248** %9 = load %struct.pid.177248*, %struct.pid.177248** %8, align 8 %10 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %9, i32 0) #78 %11 = icmp eq %struct.task_struct.177581* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.177271* %0, %struct.dir_context* %1) #79 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.177271* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.177444* (%struct.dentry.177444*, %struct.task_struct.177581*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.177581* nonnull %10, i8* %32) #79 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.177444*, %struct.dentry.177444** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 %15 = bitcast %struct.qstr* %8 to i8* store i32 %3, i32* %14, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.177444* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.177444* (%struct.dentry.177444*, %struct.qstr*)*)(%struct.dentry.177444* %11, %struct.qstr* nonnull %8) #78 %18 = icmp eq %struct.dentry.177444* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 0 %23 = bitcast %struct.wait_queue_head* %9 to i64* store i64 0, i64* %23, align 8 store %struct.list_head* %21, %struct.list_head** %22, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %21, %struct.list_head** %24, align 8 %25 = call %struct.dentry.177444* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.177444* (%struct.dentry.177444*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.177444* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #78 ------------- Good: 12 Bad: 5 Ignored: 10 Check Use of Function:ext4_xattr_block_csum Check Use of Function:ext4_force_commit Check Use of Function:drm_mode_plane_set_obj_prop Check Use of Function:out_of_line_wait_on_bit Check Use of Function:autofs_lookup Check Use of Function:__d_lookup_done Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #78 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %92, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222506*, %struct.dentry.222508*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #78 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %92 %93 = phi %struct.dentry* [ %56, %69 ], [ %56, %84 ], [ %56, %80 ], [ %56, %75 ], [ %4, %52 ], [ %4, %46 ] %94 = phi %struct.inode* [ %57, %69 ], [ %57, %84 ], [ %57, %80 ], [ %57, %75 ], [ %10, %52 ], [ %10, %46 ] %95 = phi %struct.dentry* [ %58, %69 ], [ %58, %84 ], [ %58, %80 ], [ %58, %75 ], [ %50, %52 ], [ null, %46 ] %96 = phi %struct.dentry* [ %59, %69 ], [ %59, %84 ], [ %59, %80 ], [ %59, %75 ], [ %40, %52 ], [ %40, %46 ] %97 = phi i32 [ %71, %69 ], [ 0, %84 ], [ %82, %80 ], [ %73, %75 ], [ -16, %52 ], [ -16, %46 ] %98 = icmp eq %struct.dentry* %96, null br i1 %98, label %100, label %99 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %101)) #6 to label %115 [label %101], !srcloc !4 switch i32 %97, label %180 [ i32 0, label %116 i32 -2, label %172 ] %117 = icmp eq %struct.inode* %94, null br i1 %117, label %131, label %118 tail call void bitcast (void (%struct.dentry.150061*, %struct.dentry.150061*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #78 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #78 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.150061* %0, %struct.dentry.150061* %1, i1 zeroext false) #79 Function:__d_move %4 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 5 %5 = load %struct.inode.150073*, %struct.inode.150073** %4, align 8 %6 = icmp eq %struct.inode.150073* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16354, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 br label %8 %9 = icmp eq %struct.dentry.150061* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.150061* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %12, i64 0, i32 3 %14 = load %struct.dentry.150061*, %struct.dentry.150061** %13, align 8 %15 = icmp eq %struct.dentry.150061* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 3 %23 = load %struct.dentry.150061*, %struct.dentry.150061** %22, align 8 br label %24 %25 = phi %struct.dentry.150061* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %25, i64 0, i32 3 %27 = load %struct.dentry.150061*, %struct.dentry.150061** %26, align 8 %28 = icmp eq %struct.dentry.150061* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.150061* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.150061* %23, %0 %34 = icmp eq %struct.dentry.150061* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 3 %43 = load %struct.dentry.150061*, %struct.dentry.150061** %42, align 8 %44 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #78 br label %56 %57 = phi %struct.dentry.150061* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #78 br label %60 %61 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #78 %63 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #78 %65 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !8, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 3 %71 = load %struct.dentry.150061*, %struct.dentry.150061** %70, align 8 %72 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %71, i64 0, i32 5 %73 = load %struct.inode.150073*, %struct.inode.150073** %72, align 8 %74 = getelementptr inbounds %struct.inode.150073, %struct.inode.150073* %73, i64 0, i32 43 %75 = bitcast %union.anon.94* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !12 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.150061* %1) #79 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #78 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %92, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222506*, %struct.dentry.222508*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #78 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %92 %93 = phi %struct.dentry* [ %56, %69 ], [ %56, %84 ], [ %56, %80 ], [ %56, %75 ], [ %4, %52 ], [ %4, %46 ] %94 = phi %struct.inode* [ %57, %69 ], [ %57, %84 ], [ %57, %80 ], [ %57, %75 ], [ %10, %52 ], [ %10, %46 ] %95 = phi %struct.dentry* [ %58, %69 ], [ %58, %84 ], [ %58, %80 ], [ %58, %75 ], [ %50, %52 ], [ null, %46 ] %96 = phi %struct.dentry* [ %59, %69 ], [ %59, %84 ], [ %59, %80 ], [ %59, %75 ], [ %40, %52 ], [ %40, %46 ] %97 = phi i32 [ %71, %69 ], [ 0, %84 ], [ %82, %80 ], [ %73, %75 ], [ -16, %52 ], [ -16, %46 ] %98 = icmp eq %struct.dentry* %96, null br i1 %98, label %100, label %99 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %101)) #6 to label %115 [label %101], !srcloc !4 switch i32 %97, label %180 [ i32 0, label %116 i32 -2, label %172 ] %117 = icmp eq %struct.inode* %94, null br i1 %117, label %131, label %118 tail call void bitcast (void (%struct.dentry.150061*, %struct.dentry.150061*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #78 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #78 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.150061* %0, %struct.dentry.150061* %1, i1 zeroext false) #79 Function:__d_move %4 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 5 %5 = load %struct.inode.150073*, %struct.inode.150073** %4, align 8 %6 = icmp eq %struct.inode.150073* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16354, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 br label %8 %9 = icmp eq %struct.dentry.150061* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.150061* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %12, i64 0, i32 3 %14 = load %struct.dentry.150061*, %struct.dentry.150061** %13, align 8 %15 = icmp eq %struct.dentry.150061* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 3 %23 = load %struct.dentry.150061*, %struct.dentry.150061** %22, align 8 br label %24 %25 = phi %struct.dentry.150061* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %25, i64 0, i32 3 %27 = load %struct.dentry.150061*, %struct.dentry.150061** %26, align 8 %28 = icmp eq %struct.dentry.150061* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.150061* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.150061* %23, %0 %34 = icmp eq %struct.dentry.150061* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 3 %43 = load %struct.dentry.150061*, %struct.dentry.150061** %42, align 8 %44 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #78 br label %56 %57 = phi %struct.dentry.150061* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #78 br label %60 %61 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #78 %63 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #78 %65 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !8, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 3 %71 = load %struct.dentry.150061*, %struct.dentry.150061** %70, align 8 %72 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %71, i64 0, i32 5 %73 = load %struct.inode.150073*, %struct.inode.150073** %72, align 8 %74 = getelementptr inbounds %struct.inode.150073, %struct.inode.150073* %73, i64 0, i32 43 %75 = bitcast %union.anon.94* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !12 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.150061* %1) #79 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #78 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %92, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222506*, %struct.dentry.222508*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #78 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %92 %93 = phi %struct.dentry* [ %56, %69 ], [ %56, %84 ], [ %56, %80 ], [ %56, %75 ], [ %4, %52 ], [ %4, %46 ] %94 = phi %struct.inode* [ %57, %69 ], [ %57, %84 ], [ %57, %80 ], [ %57, %75 ], [ %10, %52 ], [ %10, %46 ] %95 = phi %struct.dentry* [ %58, %69 ], [ %58, %84 ], [ %58, %80 ], [ %58, %75 ], [ %50, %52 ], [ null, %46 ] %96 = phi %struct.dentry* [ %59, %69 ], [ %59, %84 ], [ %59, %80 ], [ %59, %75 ], [ %40, %52 ], [ %40, %46 ] %97 = phi i32 [ %71, %69 ], [ 0, %84 ], [ %82, %80 ], [ %73, %75 ], [ -16, %52 ], [ -16, %46 ] %98 = icmp eq %struct.dentry* %96, null br i1 %98, label %100, label %99 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %101)) #6 to label %115 [label %101], !srcloc !4 switch i32 %97, label %180 [ i32 0, label %116 i32 -2, label %172 ] %117 = icmp eq %struct.inode* %94, null br i1 %117, label %131, label %118 tail call void bitcast (void (%struct.dentry.150061*, %struct.dentry.150061*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #78 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #78 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.150061* %0, %struct.dentry.150061* %1, i1 zeroext false) #79 Function:__d_move %4 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 5 %5 = load %struct.inode.150073*, %struct.inode.150073** %4, align 8 %6 = icmp eq %struct.inode.150073* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.3.16354, i64 0, i64 0), i32 2865, i32 2305, i64 12) #6, !srcloc !6 br label %8 %9 = icmp eq %struct.dentry.150061* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.150061* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %12, i64 0, i32 3 %14 = load %struct.dentry.150061*, %struct.dentry.150061** %13, align 8 %15 = icmp eq %struct.dentry.150061* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 3 %23 = load %struct.dentry.150061*, %struct.dentry.150061** %22, align 8 br label %24 %25 = phi %struct.dentry.150061* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %25, i64 0, i32 3 %27 = load %struct.dentry.150061*, %struct.dentry.150061** %26, align 8 %28 = icmp eq %struct.dentry.150061* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.150061* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.150061* %23, %0 %34 = icmp eq %struct.dentry.150061* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 3 %43 = load %struct.dentry.150061*, %struct.dentry.150061** %42, align 8 %44 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #78 br label %56 %57 = phi %struct.dentry.150061* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #78 br label %60 %61 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #78 %63 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #78 %65 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !8, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %1, i64 0, i32 3 %71 = load %struct.dentry.150061*, %struct.dentry.150061** %70, align 8 %72 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %71, i64 0, i32 5 %73 = load %struct.inode.150073*, %struct.inode.150073** %72, align 8 %74 = getelementptr inbounds %struct.inode.150073, %struct.inode.150073* %73, i64 0, i32 43 %75 = bitcast %union.anon.94* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !12 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.150061* %1) #79 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 9 %11 = load %struct.super_block.153920*, %struct.super_block.153920** %10, align 8 %12 = getelementptr inbounds %struct.super_block.153920, %struct.super_block.153920* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.153950*, %struct.dentry_operations.153950** %12, align 64 %14 = icmp eq %struct.dentry_operations.153950* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.150061*, %struct.inode.150073*)* @d_add to void (%struct.dentry.153949*, %struct.inode.153945*)*)(%struct.dentry.153949* %1, %struct.inode.153945* null) #78 Function:d_add %3 = icmp eq %struct.inode.150073* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.150061* %0, %struct.inode.150073* %1) #79 Function:__d_add %3 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #78 %5 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 3 %11 = load %struct.dentry.150061*, %struct.dentry.150061** %10, align 8 %12 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %11, i64 0, i32 5 %13 = load %struct.inode.150073*, %struct.inode.150073** %12, align 8 %14 = getelementptr inbounds %struct.inode.150073, %struct.inode.150073* %13, i64 0, i32 43 %15 = bitcast %union.anon.94* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.150061* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #78 %21 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 0 %22 = load i16, i16* %21, align 8 %23 = and i16 %22, -4096 %24 = icmp eq i16 %23, -32768 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_sync_inode to i32 (%struct.inode*)*)(%struct.inode* %5) #78 br label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 28 %31 = bitcast i8** %30 to %struct.nfs_server.214586** %32 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %31, align 16 %33 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %32, i64 0, i32 0 %34 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %36, i64 0, i32 23 %38 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %37, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %40 = tail call i32 %38(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 tail call void bitcast (void (%struct.dentry.150061*, %struct.inode.150073*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #78 Function:d_add %3 = icmp eq %struct.inode.150073* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.150061* %0, %struct.inode.150073* %1) #79 Function:__d_add %3 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #78 %5 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 3 %11 = load %struct.dentry.150061*, %struct.dentry.150061** %10, align 8 %12 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %11, i64 0, i32 5 %13 = load %struct.inode.150073*, %struct.inode.150073** %12, align 8 %14 = getelementptr inbounds %struct.inode.150073, %struct.inode.150073* %13, i64 0, i32 43 %15 = bitcast %union.anon.94* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.150061* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #78 %21 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 0 %22 = load i16, i16* %21, align 8 %23 = and i16 %22, -4096 %24 = icmp eq i16 %23, -32768 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_sync_inode to i32 (%struct.inode*)*)(%struct.inode* %5) #78 br label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 28 %31 = bitcast i8** %30 to %struct.nfs_server.214586** %32 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %31, align 16 %33 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %32, i64 0, i32 0 %34 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %36, i64 0, i32 23 %38 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %37, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %40 = tail call i32 %38(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 tail call void bitcast (void (%struct.dentry.150061*, %struct.inode.150073*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #78 Function:d_add %3 = icmp eq %struct.inode.150073* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.150061* %0, %struct.inode.150073* %1) #79 Function:__d_add %3 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #78 %5 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 3 %11 = load %struct.dentry.150061*, %struct.dentry.150061** %10, align 8 %12 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %11, i64 0, i32 5 %13 = load %struct.inode.150073*, %struct.inode.150073** %12, align 8 %14 = getelementptr inbounds %struct.inode.150073, %struct.inode.150073* %13, i64 0, i32 43 %15 = bitcast %union.anon.94* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.150061* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #78 %21 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 0 %22 = load i16, i16* %21, align 8 %23 = and i16 %22, -4096 %24 = icmp eq i16 %23, -32768 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_sync_inode to i32 (%struct.inode*)*)(%struct.inode* %5) #78 br label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 28 %31 = bitcast i8** %30 to %struct.nfs_server.214586** %32 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %31, align 16 %33 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %32, i64 0, i32 0 %34 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %36, i64 0, i32 23 %38 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %37, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %40 = tail call i32 %38(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 tail call void bitcast (void (%struct.dentry.150061*, %struct.inode.150073*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #78 Function:d_add %3 = icmp eq %struct.inode.150073* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.150061* %0, %struct.inode.150073* %1) #79 Function:__d_add %3 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #78 %5 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %0, i64 0, i32 3 %11 = load %struct.dentry.150061*, %struct.dentry.150061** %10, align 8 %12 = getelementptr inbounds %struct.dentry.150061, %struct.dentry.150061* %11, i64 0, i32 5 %13 = load %struct.inode.150073*, %struct.inode.150073** %12, align 8 %14 = getelementptr inbounds %struct.inode.150073, %struct.inode.150073* %13, i64 0, i32 43 %15 = bitcast %union.anon.94* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.150061* %0) #79 ------------- Good: 83 Bad: 7 Ignored: 109 Check Use of Function:drm_vblank_get Check Use of Function:ext4_fc_track_link Check Use of Function:drm_property_free_blob Check Use of Function:ipip6_newlink Check Use of Function:msdos_create Check Use of Function:proc_tgid_net_lookup Check Use of Function:arch_uprobe_pre_xol Check Use of Function:init_chmod Check Use of Function:ieee80211_ibss_add_sta Check Use of Function:auditd_reset Check Use of Function:ext4_lookup Check Use of Function:cfg80211_sta_opmode_change_notify Check Use of Function:pci_dev_put Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46658, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %300 = bitcast i32* %9 to i8* store i32 0, i32* %9, align 4 %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46659, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %309 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.46660, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #78 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.318968* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #78 %323 = icmp eq %struct.pci_dev.318968* %322, null br i1 %323, label %362, label %324 %325 = phi %struct.pci_dev.318968* [ %306, %304 ], [ %322, %313 ] %326 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %327 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %326, i64 0, i32 0 %328 = icmp eq %struct.list_head* %327, @vga_list br i1 %328, label %341, label %329 %330 = phi %struct.vga_device* [ %336, %334 ], [ %326, %324 ] %331 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %330, i64 0, i32 1 %332 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %331, align 8 %333 = icmp eq %struct.pci_dev.318968* %332, %325 br i1 %333, label %339, label %334 %340 = icmp eq %struct.vga_device* %330, null br i1 %340, label %341, label %344 %345 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 store %struct.pci_dev.318968* %325, %struct.pci_dev.318968** %345, align 8 %346 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 0, i32 0 %347 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %346, align 8 %348 = icmp eq %struct.pci_dev.318968* %347, %325 br i1 %348, label %360, label %349 %350 = icmp eq %struct.pci_dev.318968* %347, null br i1 %350, label %351, label %356 %357 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 1, i32 0 %358 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %357, align 8 %359 = icmp eq %struct.pci_dev.318968* %358, %325 br i1 %359, label %360, label %526 %527 = icmp eq %struct.pci_dev.318968* %358, null br i1 %527, label %351, label %528 %529 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 2, i32 0 %530 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %529, align 8 %531 = icmp eq %struct.pci_dev.318968* %530, %325 br i1 %531, label %360, label %532 %533 = icmp eq %struct.pci_dev.318968* %530, null br i1 %533, label %351, label %534 %535 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 3, i32 0 %536 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %535, align 8 %537 = icmp eq %struct.pci_dev.318968* %536, %325 br i1 %537, label %360, label %538 %539 = icmp eq %struct.pci_dev.318968* %536, null br i1 %539, label %351, label %540 %541 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 4, i32 0 %542 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %541, align 8 %543 = icmp eq %struct.pci_dev.318968* %542, %325 br i1 %543, label %360, label %544 %545 = icmp eq %struct.pci_dev.318968* %542, null br i1 %545, label %351, label %546 %547 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 5, i32 0 %548 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %547, align 8 %549 = icmp eq %struct.pci_dev.318968* %548, %325 br i1 %549, label %360, label %550 %551 = icmp eq %struct.pci_dev.318968* %548, null br i1 %551, label %351, label %552 %553 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 6, i32 0 %554 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %553, align 8 %555 = icmp eq %struct.pci_dev.318968* %554, %325 br i1 %555, label %360, label %556 %557 = icmp eq %struct.pci_dev.318968* %554, null br i1 %557, label %351, label %558 %559 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 7, i32 0 %560 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %559, align 8 %561 = icmp eq %struct.pci_dev.318968* %560, %325 br i1 %561, label %360, label %562 %563 = icmp eq %struct.pci_dev.318968* %560, null br i1 %563, label %351, label %564 %565 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 8, i32 0 %566 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %565, align 8 %567 = icmp eq %struct.pci_dev.318968* %566, %325 br i1 %567, label %360, label %568 %569 = icmp eq %struct.pci_dev.318968* %566, null br i1 %569, label %351, label %570 %571 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 9, i32 0 %572 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %571, align 8 %573 = icmp eq %struct.pci_dev.318968* %572, %325 br i1 %573, label %360, label %574 %575 = icmp eq %struct.pci_dev.318968* %572, null br i1 %575, label %351, label %576 %577 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 10, i32 0 %578 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %577, align 8 %579 = icmp eq %struct.pci_dev.318968* %578, %325 br i1 %579, label %360, label %580 %581 = icmp eq %struct.pci_dev.318968* %578, null br i1 %581, label %351, label %582 %583 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 11, i32 0 %584 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %583, align 8 %585 = icmp eq %struct.pci_dev.318968* %584, %325 br i1 %585, label %360, label %586 %587 = icmp eq %struct.pci_dev.318968* %584, null br i1 %587, label %351, label %588 %589 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 12, i32 0 %590 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %589, align 8 %591 = icmp eq %struct.pci_dev.318968* %590, %325 br i1 %591, label %360, label %592 %593 = icmp eq %struct.pci_dev.318968* %590, null br i1 %593, label %351, label %594 %595 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 13, i32 0 %596 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %595, align 8 %597 = icmp eq %struct.pci_dev.318968* %596, %325 br i1 %597, label %360, label %598 %599 = icmp eq %struct.pci_dev.318968* %596, null br i1 %599, label %351, label %600 %601 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 14, i32 0 %602 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %601, align 8 %603 = icmp eq %struct.pci_dev.318968* %602, %325 br i1 %603, label %360, label %604 %605 = icmp eq %struct.pci_dev.318968* %602, null br i1 %605, label %351, label %606 %607 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 15, i32 0 %608 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %607, align 8 %609 = icmp eq %struct.pci_dev.318968* %608, %325 br i1 %609, label %360, label %610 %611 = icmp eq %struct.pci_dev.318968* %608, null br i1 %611, label %351, label %361 call void @pci_dev_put(%struct.pci_dev.318968* %325) #78 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46658, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %300 = bitcast i32* %9 to i8* store i32 0, i32* %9, align 4 %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46659, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %309 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.46660, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #78 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.318968* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #78 %323 = icmp eq %struct.pci_dev.318968* %322, null br i1 %323, label %362, label %324 %325 = phi %struct.pci_dev.318968* [ %306, %304 ], [ %322, %313 ] %326 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %327 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %326, i64 0, i32 0 %328 = icmp eq %struct.list_head* %327, @vga_list br i1 %328, label %341, label %329 %330 = phi %struct.vga_device* [ %336, %334 ], [ %326, %324 ] %331 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %330, i64 0, i32 1 %332 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %331, align 8 %333 = icmp eq %struct.pci_dev.318968* %332, %325 br i1 %333, label %339, label %334 %340 = icmp eq %struct.vga_device* %330, null br i1 %340, label %341, label %344 %345 = getelementptr inbounds %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 1 store %struct.pci_dev.318968* %325, %struct.pci_dev.318968** %345, align 8 %346 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 0, i32 0 %347 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %346, align 8 %348 = icmp eq %struct.pci_dev.318968* %347, %325 br i1 %348, label %360, label %349 %350 = icmp eq %struct.pci_dev.318968* %347, null br i1 %350, label %351, label %356 %357 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 1, i32 0 %358 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %357, align 8 %359 = icmp eq %struct.pci_dev.318968* %358, %325 br i1 %359, label %360, label %526 %527 = icmp eq %struct.pci_dev.318968* %358, null br i1 %527, label %351, label %528 %529 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 2, i32 0 %530 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %529, align 8 %531 = icmp eq %struct.pci_dev.318968* %530, %325 br i1 %531, label %360, label %532 %533 = icmp eq %struct.pci_dev.318968* %530, null br i1 %533, label %351, label %534 %535 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 3, i32 0 %536 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %535, align 8 %537 = icmp eq %struct.pci_dev.318968* %536, %325 br i1 %537, label %360, label %538 %539 = icmp eq %struct.pci_dev.318968* %536, null br i1 %539, label %351, label %540 %541 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 4, i32 0 %542 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %541, align 8 %543 = icmp eq %struct.pci_dev.318968* %542, %325 br i1 %543, label %360, label %544 %545 = icmp eq %struct.pci_dev.318968* %542, null br i1 %545, label %351, label %546 %547 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 5, i32 0 %548 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %547, align 8 %549 = icmp eq %struct.pci_dev.318968* %548, %325 br i1 %549, label %360, label %550 %551 = icmp eq %struct.pci_dev.318968* %548, null br i1 %551, label %351, label %552 %553 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 6, i32 0 %554 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %553, align 8 %555 = icmp eq %struct.pci_dev.318968* %554, %325 br i1 %555, label %360, label %556 %557 = icmp eq %struct.pci_dev.318968* %554, null br i1 %557, label %351, label %558 %559 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 7, i32 0 %560 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %559, align 8 %561 = icmp eq %struct.pci_dev.318968* %560, %325 br i1 %561, label %360, label %562 %563 = icmp eq %struct.pci_dev.318968* %560, null br i1 %563, label %351, label %564 %565 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 8, i32 0 %566 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %565, align 8 %567 = icmp eq %struct.pci_dev.318968* %566, %325 br i1 %567, label %360, label %568 %569 = icmp eq %struct.pci_dev.318968* %566, null br i1 %569, label %351, label %570 %571 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 9, i32 0 %572 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %571, align 8 %573 = icmp eq %struct.pci_dev.318968* %572, %325 br i1 %573, label %360, label %574 %575 = icmp eq %struct.pci_dev.318968* %572, null br i1 %575, label %351, label %576 %577 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 10, i32 0 %578 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %577, align 8 %579 = icmp eq %struct.pci_dev.318968* %578, %325 br i1 %579, label %360, label %580 %581 = icmp eq %struct.pci_dev.318968* %578, null br i1 %581, label %351, label %582 %583 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 11, i32 0 %584 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %583, align 8 %585 = icmp eq %struct.pci_dev.318968* %584, %325 br i1 %585, label %360, label %586 %587 = icmp eq %struct.pci_dev.318968* %584, null br i1 %587, label %351, label %588 %589 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 12, i32 0 %590 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %589, align 8 %591 = icmp eq %struct.pci_dev.318968* %590, %325 br i1 %591, label %360, label %592 %593 = icmp eq %struct.pci_dev.318968* %590, null br i1 %593, label %351, label %594 %595 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 13, i32 0 %596 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %595, align 8 %597 = icmp eq %struct.pci_dev.318968* %596, %325 br i1 %597, label %360, label %598 %599 = icmp eq %struct.pci_dev.318968* %596, null br i1 %599, label %351, label %600 %601 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 14, i32 0 %602 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %601, align 8 %603 = icmp eq %struct.pci_dev.318968* %602, %325 br i1 %603, label %360, label %604 %605 = icmp eq %struct.pci_dev.318968* %602, null br i1 %605, label %351, label %606 %607 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 15, i32 0 %608 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %607, align 8 %609 = icmp eq %struct.pci_dev.318968* %608, %325 br i1 %609, label %360, label %610 %611 = icmp eq %struct.pci_dev.318968* %608, null br i1 %611, label %351, label %361 %352 = phi i64 [ 0, %349 ], [ 1, %526 ], [ 2, %532 ], [ 3, %538 ], [ 4, %544 ], [ 5, %550 ], [ 6, %556 ], [ 7, %562 ], [ 8, %568 ], [ 9, %574 ], [ 10, %580 ], [ 11, %586 ], [ 12, %592 ], [ 13, %598 ], [ 14, %604 ], [ 15, %610 ] %353 = phi %struct.pci_dev.318968** [ %346, %349 ], [ %357, %526 ], [ %529, %532 ], [ %535, %538 ], [ %541, %544 ], [ %547, %550 ], [ %553, %556 ], [ %559, %562 ], [ %565, %568 ], [ %571, %574 ], [ %577, %580 ], [ %583, %586 ], [ %589, %592 ], [ %595, %598 ], [ %601, %604 ], [ %607, %610 ] store %struct.pci_dev.318968* %325, %struct.pci_dev.318968** %353, align 8 %354 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 %352, i32 2 store i32 0, i32* %354, align 4 %355 = getelementptr %struct.vga_arb_private, %struct.vga_arb_private* %12, i64 0, i32 2, i64 %352, i32 1 store i32 0, i32* %355, align 8 br label %360 call void @pci_dev_put(%struct.pci_dev.318968* %325) #78 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46658, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %300 = bitcast i32* %9 to i8* store i32 0, i32* %9, align 4 %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46659, i64 0, i64 0), i64 7) %303 = icmp eq i32 %302, 0 br i1 %303, label %304, label %307 %308 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %309 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %310 = call i32 (i8*, i8*, ...) @sscanf(i8* %301, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.23.46660, i64 0, i64 0), i32* nonnull %8, i32* nonnull %9, i32* nonnull %5, i32* nonnull %6) #78 %311 = icmp eq i32 %310, 4 br i1 %311, label %313, label %312 %314 = load i32, i32* %5, align 4 %315 = shl i32 %314, 3 %316 = and i32 %315, 248 %317 = load i32, i32* %6, align 4 %318 = and i32 %317, 7 %319 = or i32 %316, %318 %320 = load i32, i32* %8, align 4 %321 = load i32, i32* %9, align 4 %322 = call %struct.pci_dev.318968* @pci_get_domain_bus_and_slot(i32 %320, i32 %321, i32 %319) #78 %323 = icmp eq %struct.pci_dev.318968* %322, null br i1 %323, label %362, label %324 %325 = phi %struct.pci_dev.318968* [ %306, %304 ], [ %322, %313 ] %326 = load %struct.vga_device*, %struct.vga_device** bitcast (%struct.list_head* @vga_list to %struct.vga_device**), align 8 %327 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %326, i64 0, i32 0 %328 = icmp eq %struct.list_head* %327, @vga_list br i1 %328, label %341, label %329 %330 = phi %struct.vga_device* [ %336, %334 ], [ %326, %324 ] %331 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %330, i64 0, i32 1 %332 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %331, align 8 %333 = icmp eq %struct.pci_dev.318968* %332, %325 br i1 %333, label %339, label %334 %335 = bitcast %struct.vga_device* %330 to %struct.vga_device** %336 = load %struct.vga_device*, %struct.vga_device** %335, align 8 %337 = getelementptr inbounds %struct.vga_device, %struct.vga_device* %336, i64 0, i32 0 %338 = icmp eq %struct.list_head* %337, @vga_list br i1 %338, label %341, label %329 %342 = icmp eq %struct.pci_dev.318968* %325, null br i1 %342, label %362, label %343 call void @pci_dev_put(%struct.pci_dev.318968* nonnull %325) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_seq_stop ------------- Path:  Function:pci_seq_stop %3 = icmp eq i8* %1, null br i1 %3, label %6, label %4 %5 = bitcast i8* %1 to %struct.pci_dev.327444* tail call void bitcast (void (%struct.pci_dev.318968*)* @pci_dev_put to void (%struct.pci_dev.327444*)*)(%struct.pci_dev.327444* nonnull %5) #78 ------------- Good: 129 Bad: 4 Ignored: 8 Check Use of Function:__pskb_pull_tail Use: =BAD PATH= Call Stack: 0 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.868117, %struct.sk_buff.868117* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %481, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.868117*, i32)*)(%struct.sk_buff.868117* %0, i32 %33) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %63) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_vlan_untag 1 __netif_receive_skb_core 2 __netif_receive_skb_list_core 3 __netif_receive_skb_list 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_vlan_untag 1 __netif_receive_skb_core 2 __netif_receive_skb_list_core 3 __netif_receive_skb_list 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 tcp_recvmsg 9 inet6_recvmsg 10 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 ------------- Use: =BAD PATH= Call Stack: 0 packet_parse_headers 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 ------------- Good: 1021 Bad: 10 Ignored: 3592 Check Use of Function:xt_find_revision Check Use of Function:cfg80211_ref_bss Check Use of Function:drm_event_reserve_init_locked Check Use of Function:uart_shutdown Check Use of Function:ext4_claim_free_clusters Check Use of Function:__ipv6_dev_ac_inc Check Use of Function:__ext4_read_dirblock Use: =BAD PATH= Call Stack: 0 dx_probe 1 ext4_htree_fill_tree 2 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info** %17 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #78 %60 = icmp eq i8* %59, null br i1 %60, label %853, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %88 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %93 %71 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %72 = inttoptr i64 %71 to %struct.task_struct* %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %72, i64 0, i32 0, i32 2 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2 %76 = icmp eq i32 %75, 0 %77 = trunc i64 %57 to i32 %78 = shl i32 %77, 1 %79 = lshr i64 %57, 31 %80 = trunc i64 %79 to i32 %81 = and i32 %80, -2 %82 = select i1 %76, i32 %81, i32 %78 %83 = getelementptr inbounds i8, i8* %59, i64 32 %84 = bitcast i8* %83 to i32* store i32 %82, i32* %84, align 8 %85 = load i32, i32* %73, align 8 %86 = and i32 %85, 2 %87 = icmp eq i32 %86, 0 br i1 %87, label %99, label %101 %100 = trunc i64 %57 to i32 br label %101 %102 = phi i32 [ %100, %99 ], [ 0, %70 ], [ 0, %88 ] %103 = getelementptr inbounds i8, i8* %59, i64 36 %104 = bitcast i8* %103 to i32* store i32 %102, i32* %104, align 4 store i8* %59, i8** %48, align 8 br label %105 %106 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %101 ] %107 = phi i32 [ %54, %52 ], [ %64, %101 ] %108 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %109 = load i64, i64* %108, align 8 %110 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %111 = and i32 %107, 512 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %124 %114 = and i32 %107, 1024 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %123 %117 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct* %119 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %124 br label %124 %125 = phi i64 [ 9223372036854775807, %123 ], [ 2147483647, %116 ], [ 2147483647, %105 ] %126 = icmp eq i64 %109, %125 br i1 %126, label %853, label %127 %128 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 3 %129 = load i64, i64* %128, align 8 %130 = icmp eq i64 %129, %109 br i1 %130, label %202, label %131 %203 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 2 %204 = load %struct.fname*, %struct.fname** %203, align 8 %205 = icmp eq %struct.fname* %204, null br i1 %205, label %277, label %206 %207 = load %struct.inode*, %struct.inode** %6, align 8 %208 = getelementptr inbounds %struct.inode, %struct.inode* %207, i64 0, i32 8 %209 = load %struct.super_block*, %struct.super_block** %208, align 8 %210 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 0 %211 = load i32, i32* %210, align 8 %212 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 1 %213 = load i32, i32* %212, align 4 br i1 %112, label %214, label %224 %215 = and i32 %107, 1024 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %227 %218 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %219 = inttoptr i64 %218 to %struct.task_struct* %220 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %219, i64 0, i32 0, i32 2 %221 = load i32, i32* %220, align 8 %222 = and i32 %221, 2 %223 = icmp eq i32 %222, 0 br i1 %223, label %227, label %224 %228 = lshr i32 %211, 1 %229 = zext i32 %228 to i64 %230 = shl nuw nsw i64 %229, 32 %231 = zext i32 %213 to i64 %232 = or i64 %230, %231 br label %233 %234 = phi i64 [ %226, %224 ], [ %232, %227 ] store i64 %234, i64* %108, align 8 %235 = getelementptr inbounds %struct.super_block, %struct.super_block* %209, i64 0, i32 28 %236 = bitcast i8** %235 to %struct.ext4_sb_info** %237 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %238 %239 = phi %struct.fname* [ %204, %233 ], [ %271, %269 ] %240 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 7, i64 0 %241 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 5 %242 = load i8, i8* %241, align 4 %243 = zext i8 %242 to i32 %244 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 4 %245 = load i32, i32* %244, align 8 %246 = zext i32 %245 to i64 %247 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 6 %248 = load i8, i8* %247, align 1 %249 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %236, align 16 %250 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %249, i64 0, i32 15 %251 = load %struct.ext4_super_block*, %struct.ext4_super_block** %250, align 8 %252 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %251, i64 0, i32 29 %253 = load i32, i32* %252, align 8 %254 = and i32 %253, 2 %255 = icmp eq i32 %254, 0 %256 = icmp ugt i8 %248, 7 %257 = or i1 %256, %255 br i1 %257, label %262, label %258 %259 = zext i8 %248 to i64 %260 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %259 %261 = load i8, i8* %260, align 1 br label %262 %263 = phi i8 [ %261, %258 ], [ 0, %238 ] %264 = zext i8 %263 to i32 %265 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %237, align 8 %266 = load i64, i64* %108, align 8 %267 = tail call i32 %265(%struct.dir_context* %1, i8* %240, i32 %243, i64 %266, i64 %246, i32 %264) #78 %268 = icmp eq i32 %267, 0 br i1 %268, label %269, label %273 %270 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 3 %271 = load %struct.fname*, %struct.fname** %270, align 8 %272 = icmp eq %struct.fname* %271, null br i1 %272, label %276, label %238 store %struct.fname* null, %struct.fname** %203, align 8 br label %464 %465 = phi i32 [ 0, %276 ], [ %375, %390 ], [ %375, %457 ] %466 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %467 = load %struct.rb_node*, %struct.rb_node** %466, align 8 %468 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %467) #78 store %struct.rb_node* %468, %struct.rb_node** %466, align 8 %469 = icmp eq %struct.rb_node* %468, null %470 = bitcast %struct.rb_node* %468 to i8* br i1 %469, label %480, label %471 %481 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %482 = load i32, i32* %481, align 8 %483 = icmp eq i32 %482, -1 br i1 %483, label %484, label %501 %502 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %482, i32* %502, align 8 %503 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 0, i32* %503, align 4 br label %287 %288 = phi i8* [ %470, %471 ], [ %470, %501 ], [ %281, %277 ], [ %286, %282 ] %289 = phi %struct.rb_node* [ %468, %471 ], [ null, %501 ], [ %279, %277 ], [ %285, %282 ] %290 = phi i32 [ %465, %471 ], [ %465, %501 ], [ 0, %277 ], [ 0, %282 ] %291 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %292 = icmp eq %struct.rb_node* %289, null br i1 %292, label %300, label %293 %294 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 %295 = load i64, i64* %294, align 8 %296 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %297 = load volatile i64, i64* %296, align 8 %298 = lshr i64 %297, 1 %299 = icmp eq i64 %298, %295 br i1 %299, label %373, label %300 store %struct.rb_node* null, %struct.rb_node** %291, align 8 %301 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0 %302 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %301) #78 %303 = icmp eq %struct.rb_node* %302, null %304 = getelementptr %struct.rb_node, %struct.rb_node* %302, i64 -1, i32 2 %305 = icmp eq %struct.rb_node** %304, null %306 = or i1 %303, %305 br i1 %306, label %326, label %307 %308 = bitcast %struct.rb_node** %304 to %struct.fname* br label %311 %312 = phi %struct.fname* [ %318, %309 ], [ %308, %307 ] %313 = getelementptr inbounds %struct.fname, %struct.fname* %312, i64 0, i32 2 %314 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %313) #78 %315 = icmp eq %struct.rb_node* %314, null %316 = getelementptr %struct.rb_node, %struct.rb_node* %314, i64 -1, i32 2 %317 = bitcast %struct.rb_node** %316 to %struct.fname* %318 = select i1 %315, %struct.fname* null, %struct.fname* %317 %319 = icmp eq %struct.fname* %312, null br i1 %319, label %309, label %320 %321 = phi %struct.fname* [ %323, %320 ], [ %312, %311 ] %322 = getelementptr inbounds %struct.fname, %struct.fname* %321, i64 0, i32 3 %323 = load %struct.fname*, %struct.fname** %322, align 8 %324 = bitcast %struct.fname* %321 to i8* tail call void @kfree(i8* nonnull %324) #78 %325 = icmp eq %struct.fname* %323, null br i1 %325, label %309, label %320 %310 = icmp eq %struct.fname* %318, null br i1 %310, label %326, label %311 %327 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %327, align 8 %328 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %329 = load volatile i64, i64* %328, align 8 br label %330 %331 = phi i64 [ %329, %326 ], [ %337, %335 ] %332 = and i64 %331, 1 %333 = icmp eq i64 %332, 0 br i1 %333, label %335, label %334 %336 = or i64 %331, 1 %337 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %328, i64 %336, i64 %331, i64* %328) #6, !srcloc !6 %338 = icmp eq i64 %337, %331 br i1 %338, label %339, label %330, !prof !7, !misexpect !8 %340 = lshr i64 %331, 1 %341 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 store i64 %340, i64* %341, align 8 %342 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 %343 = load i32, i32* %342, align 8 %344 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 %345 = load i32, i32* %344, align 4 %346 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %347 = tail call i32 @ext4_htree_fill_tree(%struct.file* %0, i32 %343, i32 %345, i32* %346) #78 Function:ext4_htree_fill_tree %5 = alloca %struct.dx_hash_info, align 8 %6 = alloca [3 x %struct.dx_frame], align 16 %7 = alloca %struct.uuidcmp, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.dx_hash_info* %5 to i8* %10 = bitcast [3 x %struct.dx_frame]* %6 to i8* %11 = bitcast %struct.uuidcmp* %7 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = getelementptr %struct.inode, %struct.inode* %13, i64 -1, i32 34 %15 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %14, i64 10, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 4096 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %73 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 0 store i32 %1, i32* %73, align 8 %74 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 1 store i32 0, i32* %74, align 4 %75 = getelementptr inbounds [3 x %struct.dx_frame], [3 x %struct.dx_frame]* %6, i64 0, i64 0 %76 = call fastcc %struct.dx_frame* @dx_probe(%struct.ext4_filename* null, %struct.inode* %13, %struct.dx_hash_info* nonnull %5, %struct.dx_frame* nonnull %75) #79 Function:dx_probe %5 = alloca [3 x i32], align 4 %6 = bitcast [3 x i32]* %5 to i8* %7 = bitcast %struct.dx_frame* %3 to i8* %8 = tail call fastcc %struct.buffer_head* @__ext4_read_dirblock(%struct.inode* %1, i32 0, i32 1, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @__func__.dx_probe, i64 0, i64 0), i32 818) #78 ------------- Use: =BAD PATH= Call Stack: 0 dx_probe 1 __ext4_find_entry 2 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.util_est* %9 = getelementptr inbounds %struct.util_est, %struct.util_est* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.153949*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry*)*)(%struct.dentry* %1) #78 %22 = call fastcc %struct.buffer_head* @__ext4_find_entry(%struct.inode* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #78 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = load %struct.super_block*, %struct.super_block** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.util_est** %16 = load %struct.util_est*, %struct.util_est** %15, align 8 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %451, label %20 %21 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 34 %22 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %21, i64 10, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 268435456 %25 = icmp eq i64 %24, 0 br i1 %25, label %41, label %26 %42 = phi %struct.buffer_head* [ %33, %40 ], [ null, %26 ], [ null, %20 ] %43 = icmp slt i32 %18, 3 br i1 %43, label %44, label %50 %45 = load i8, i8* %12, align 1 %46 = icmp eq i8 %45, 46 br i1 %46, label %47, label %50 %48 = getelementptr i8, i8* %12, i64 1 %49 = load i8, i8* %48, align 1 switch i8 %49, label %50 [ i8 46, label %268 i8 0, label %268 ] %51 = load %struct.super_block*, %struct.super_block** %13, align 8 %52 = getelementptr inbounds %struct.super_block, %struct.super_block* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.ext4_sb_info** %54 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %53, align 16 %55 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %54, i64 0, i32 15 %56 = load %struct.ext4_super_block*, %struct.ext4_super_block** %55, align 8 %57 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %56, i64 0, i32 28 %58 = load i32, i32* %57, align 4 %59 = and i32 %58, 32 %60 = icmp eq i32 %59, 0 br i1 %60, label %252, label %61 %62 = load volatile i64, i64* %22, align 8 %63 = and i64 %62, 4096 %64 = icmp eq i64 %63, 0 br i1 %64, label %252, label %65 %66 = bitcast [3 x %struct.dx_frame]* %5 to i8* %67 = getelementptr inbounds [3 x %struct.dx_frame], [3 x %struct.dx_frame]* %5, i64 0, i64 0 %68 = call fastcc %struct.dx_frame* @dx_probe(%struct.ext4_filename* %1, %struct.inode* %0, %struct.dx_hash_info* null, %struct.dx_frame* nonnull %67) #78 Function:dx_probe %5 = alloca [3 x i32], align 4 %6 = bitcast [3 x i32]* %5 to i8* %7 = bitcast %struct.dx_frame* %3 to i8* %8 = tail call fastcc %struct.buffer_head* @__ext4_read_dirblock(%struct.inode* %1, i32 0, i32 1, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @__func__.dx_probe, i64 0, i64 0), i32 818) #78 ------------- Good: 36 Bad: 2 Ignored: 5 Check Use of Function:ieee80211_freq_khz_to_channel Check Use of Function:arch_uprobe_skip_sstep Check Use of Function:get_fs_type Check Use of Function:drm_primary_helper_update Check Use of Function:nfs4_lookup_revalidate Check Use of Function:copy_time_ns Check Use of Function:vfat_revalidate_ci Check Use of Function:mntns_install Check Use of Function:vfs_tmpfile Check Use of Function:proc_net_d_revalidate Check Use of Function:map_files_d_revalidate Check Use of Function:acpi_sleep_init Check Use of Function:dev_driver_string Use: =BAD PATH= Call Stack: 0 name_show.57121 ------------- Path:  Function:name_show.57121 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %5 = load %struct.device*, %struct.device** %4, align 8 %6 = tail call i8* @dev_driver_string(%struct.device* %5) #78 ------------- Good: 4168 Bad: 1 Ignored: 3978 Check Use of Function:fs_context_for_reconfigure Check Use of Function:dev_close Check Use of Function:ext4_release_io_end Check Use of Function:i915_gem_context_release Check Use of Function:e1000_configure_msix Check Use of Function:ext4_ext_release Check Use of Function:task_join_group_stop Check Use of Function:tg3_switch_clocks Check Use of Function:md_set_read_only Check Use of Function:max_swapfile_size Check Use of Function:proc_sys_revalidate Check Use of Function:pid_revalidate Check Use of Function:page_mapped Use: =BAD PATH= Call Stack: 0 stable_page_flags 1 kpageflags_read ------------- Path:  Function:kpageflags_read %5 = bitcast i8* %1 to i64* %6 = load i64, i64* %3, align 8 %7 = lshr i64 %6, 3 %8 = or i64 %6, %2 %9 = and i64 %8, 7 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %108 %12 = load i64, i64* @max_pfn, align 8 %13 = shl i64 %12, 3 %14 = add i64 %13, -8 %15 = or i64 %14, 262136 %16 = add i64 %15, 8 %17 = icmp ugt i64 %16, %6 br i1 %17, label %18, label %108 %19 = sub i64 %16, %6 %20 = icmp ugt i64 %19, %2 %21 = select i1 %20, i64 %2, i64 %19 %22 = icmp eq i64 %21, 0 br i1 %22, label %101, label %23 %24 = phi i64 [ %90, %87 ], [ %21, %18 ] %25 = phi i64* [ %89, %87 ], [ %5, %18 ] %26 = phi i64 [ %88, %87 ], [ %7, %18 ] %27 = icmp ult i64 %26, 4503599627370496 br i1 %27, label %28, label %75 %29 = lshr i64 %26, 15 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %32), i8* blockaddress(@kpageflags_read, %31)) #6 to label %30 [label %32, label %31], !srcloc !4 br label %32 %33 = phi i64 [ 524288, %31 ], [ 33554432, %28 ], [ 33554432, %30 ] %34 = icmp ult i64 %29, %33 br i1 %34, label %35, label %75 %36 = lshr i64 %26, 23 callbr void asm sideeffect "# ALT: oldinstr2\0A661:\0A\09jmp 6f\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+21)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .long 661b - .\0A .long 6642f - .\0A .word ${0:P}\0A .byte 663b-661b\0A .byte 6652f-6642f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09jmp ${4:l}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09\0A6652:\0A.popsection\0A.section .altinstr_aux,\22ax\22\0A6:\0A testb $1,$2\0A jnz ${3:l}\0A jmp ${4:l}\0A.previous\0A", "i,i,*m,X,X,~{dirflag},~{fpsr},~{flags}"(i16 528, i32 1, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 58), i8* blockaddress(@kpageflags_read, %39), i8* blockaddress(@kpageflags_read, %38)) #6 to label %37 [label %39, label %38], !srcloc !4 br label %39 %40 = phi i64 [ 2048, %38 ], [ 131072, %35 ], [ 131072, %37 ] %41 = icmp ult i64 %36, %40 br i1 %41, label %42, label %75, !prof !5, !misexpect !6 %43 = load %struct.mem_section**, %struct.mem_section*** @mem_section, align 8 %44 = icmp eq %struct.mem_section** %43, null br i1 %44, label %75, label %45 %46 = getelementptr %struct.mem_section*, %struct.mem_section** %43, i64 %36 %47 = load %struct.mem_section*, %struct.mem_section** %46, align 8 %48 = icmp eq %struct.mem_section* %47, null br i1 %48, label %75, label %49 %50 = and i64 %29, 255 %51 = getelementptr %struct.mem_section, %struct.mem_section* %47, i64 %50 %52 = icmp eq %struct.mem_section* %51, null br i1 %52, label %75, label %53 %54 = getelementptr inbounds %struct.mem_section, %struct.mem_section* %51, i64 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = and i64 %55, 2 %57 = icmp eq i64 %56, 0 br i1 %57, label %75, label %58 %59 = and i64 %55, 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %64, label %61 %65 = getelementptr %struct.mem_section, %struct.mem_section* %47, i64 %50, i32 1 %66 = load %struct.mem_section_usage*, %struct.mem_section_usage** %65, align 8 %67 = getelementptr inbounds %struct.mem_section_usage, %struct.mem_section_usage* %66, i64 0, i32 0, i64 0 %68 = lshr i64 %26, 9 %69 = and i64 %68, 63 %70 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 %69) #6, !srcloc !7 %71 = and i8 %70, 1 %72 = icmp eq i8 %71, 0 %73 = load %struct.page*, %struct.page** bitcast (i64* @vmemmap_base to %struct.page**), align 8 %74 = getelementptr %struct.page, %struct.page* %73, i64 %26 br i1 %72, label %75, label %76 %77 = phi %struct.page* [ null, %75 ], [ %74, %64 ], [ %63, %61 ] %78 = bitcast i64* %25 to i8* %79 = tail call i64 @stable_page_flags(%struct.page* %77) #78 Function:stable_page_flags %2 = icmp eq %struct.page* %0, null br i1 %2, label %187, label %3 %4 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 16 %6 = getelementptr inbounds %struct.page, %struct.page* %0, i64 0, i32 1 %7 = bitcast %union.anon.20* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 1 %10 = icmp eq i64 %9, 0 %11 = add i64 %8, -1 %12 = ptrtoint %struct.page* %0 to i64 %13 = select i1 %10, i64 %12, i64 %11, !prof !4 %14 = inttoptr i64 %13 to %struct.page* %15 = getelementptr inbounds %struct.page, %struct.page* %14, i64 0, i32 0 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 512 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %22 %20 = tail call zeroext i1 @page_mapped(%struct.page* nonnull %0) #78 ------------- Good: 105 Bad: 1 Ignored: 69 Check Use of Function:vfs_path_lookup Check Use of Function:xt_compat_match_to_user Check Use of Function:alloc_file_clone Check Use of Function:vfat_create Check Use of Function:ext4_commit_super Check Use of Function:kernfs_dop_revalidate Check Use of Function:pipe_ioctl Check Use of Function:d_invalidate Check Use of Function:simple_rmdir Check Use of Function:nd_jump_link Check Use of Function:ieee80211_sta_rx_bw_to_chan_width Check Use of Function:ioread8 Check Use of Function:set_fs_pwd Check Use of Function:xt_compat_target_to_user Check Use of Function:__SCT__tp_func_io_uring_create Check Use of Function:security_kernel_load_data Check Use of Function:do_kexec_load Check Use of Function:ext4_mb_release Check Use of Function:__hw_addr_unsync Check Use of Function:kernel_wait Check Use of Function:__SCT__tp_func_sched_process_fork Check Use of Function:tg3_frob_aux_power Check Use of Function:fpu__clear_user_states Check Use of Function:dev_add_pack Check Use of Function:sock_release Check Use of Function:drm_crtc_check_viewport Check Use of Function:ieee80211_send_delba Check Use of Function:__ext4_iget Check Use of Function:destroy_workqueue Check Use of Function:task_set_jobctl_pending Check Use of Function:dquot_free_inode Check Use of Function:ext4_xattr_block_set Check Use of Function:i915_active_ref Check Use of Function:xt_find_table_lock Check Use of Function:io_ring_ctx_wait_and_kill Use: =BAD PATH= Call Stack: 0 io_uring_release ------------- Path:  Function:io_uring_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.io_ring_ctx** %5 = load %struct.io_ring_ctx*, %struct.io_ring_ctx** %4, align 8 store i8* null, i8** %3, align 8 tail call fastcc void @io_ring_ctx_wait_and_kill(%struct.io_ring_ctx* %5) #78 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:ext4_read_bh_lock Check Use of Function:d_instantiate_new Check Use of Function:bitmap_parse Use: =BAD PATH= Call Stack: 0 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 ------------- Use: =BAD PATH= Call Stack: 0 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 ------------- Good: 5 Bad: 2 Ignored: 1 Check Use of Function:pci_user_read_config_dword Check Use of Function:netif_carrier_on Check Use of Function:drm_ioctl Use: =BAD PATH= Call Stack: 0 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %35 %36 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.435818*, i32, i64)*)(%struct.file.435818* %0, i32 %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file.409321*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.435818*, i32, i64)*)(%struct.file.435818* %0, i32 %1, i64 %2) #78 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.409321, %struct.file.409321* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.409369** %7 = load %struct.drm_file.409369*, %struct.drm_file.409369** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.409321*, i32, i64)*)(%struct.file.409321* %0, i32 %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file.409321*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.435818*, i32, i64)*)(%struct.file.435818* %0, i32 %1, i64 %2) #78 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.409321, %struct.file.409321* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.409369** %7 = load %struct.drm_file.409369*, %struct.drm_file.409369** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %12 = zext i32 %4 to i64 %13 = getelementptr [185 x %struct.anon.82.409322], [185 x %struct.anon.82.409322]* @drm_compat_ioctls, i64 0, i64 %12, i32 0 %14 = load i32 (%struct.file.409321*, i32, i64)*, i32 (%struct.file.409321*, i32, i64)** %13, align 16 %15 = icmp eq i32 (%struct.file.409321*, i32, i64)* %14, null br i1 %15, label %16, label %18 %17 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.409321*, i32, i64)*)(%struct.file.409321* %0, i32 %1, i64 %2) #78 ------------- Good: 0 Bad: 3 Ignored: 6 Check Use of Function:dquot_drop Check Use of Function:snapshot_get_image_size Check Use of Function:acpi_wakeup_device_init Check Use of Function:ext4_unlink Check Use of Function:xt_compat_unlock Check Use of Function:vfs_symlink Check Use of Function:pci_fastcom335_setup Check Use of Function:ext4_bio_write_page Check Use of Function:security_sb_pivotroot Check Use of Function:blk_queue_flag_clear Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to %struct.scsi_sense_hdr* %9 = getelementptr %struct.device.628629, %struct.device.628629* %0, i64 -1, i32 36 %10 = bitcast %struct.dev_iommu** %9 to %struct.scsi_disk* %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %9, i64 1 %12 = bitcast %struct.dev_iommu** %11 to %struct.scsi_device.628647** %13 = load %struct.scsi_device.628647*, %struct.scsi_device.628647** %12, align 8 %14 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %15 = bitcast %struct.scsi_mode_data* %6 to i8* %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = getelementptr inbounds %struct.scsi_device.628647, %struct.scsi_device.628647* %13, i64 0, i32 22 %18 = load i8, i8* %17, align 8 switch i8 %18, label %119 [ i8 0, label %19 i8 20, label %19 ] %20 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #78 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %28 %29 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %10, i64 0, i32 24 %30 = bitcast i24* %29 to i32* %31 = load i32, i32* %30, align 1 %32 = and i32 %31, -3 store i32 %32, i32* %30, align 1 br label %33 %34 = phi i8* [ %23, %22 ], [ %2, %28 ] %35 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %34) #79 %36 = icmp slt i32 %35, 0 br i1 %36, label %119, label %37 %38 = and i32 %35, 1 %39 = and i32 %35, 2 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %47 = phi i32 [ 0, %37 ], [ %45, %41 ] %48 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %10, i64 0, i32 24 %49 = bitcast i24* %48 to i32* %50 = load i32, i32* %49, align 1 %51 = and i32 %50, 2 %52 = icmp eq i32 %51, 0 br i1 %52, label %66, label %53 %54 = and i32 %50, -13 %55 = or i32 %54, %47 %56 = shl nuw nsw i32 %38, 3 %57 = or i32 %55, %56 store i32 %57, i32* %49, align 1 %58 = icmp ne i32 %47, 0 %59 = and i32 %55, 20 %60 = icmp eq i32 %59, 20 %61 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %9, i64 93 %62 = bitcast %struct.dev_iommu** %61 to %struct.gendisk.628464** %63 = load %struct.gendisk.628464*, %struct.gendisk.628464** %62, align 8 %64 = getelementptr inbounds %struct.gendisk.628464, %struct.gendisk.628464* %63, i64 0, i32 9 %65 = load %struct.request_queue.628458*, %struct.request_queue.628458** %64, align 8 tail call void bitcast (void (%struct.request_queue.296182*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.628458*, i1, i1)*)(%struct.request_queue.628458* %65, i1 zeroext %58, i1 zeroext %60) #79 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void @blk_queue_flag_clear(i32 17, %struct.request_queue.296182* %0) #78 br label %6 br i1 %2, label %7, label %8 tail call void @blk_queue_flag_clear(i32 18, %struct.request_queue.296182* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to %struct.scsi_sense_hdr* %9 = getelementptr %struct.device.628629, %struct.device.628629* %0, i64 -1, i32 36 %10 = bitcast %struct.dev_iommu** %9 to %struct.scsi_disk* %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %9, i64 1 %12 = bitcast %struct.dev_iommu** %11 to %struct.scsi_device.628647** %13 = load %struct.scsi_device.628647*, %struct.scsi_device.628647** %12, align 8 %14 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %15 = bitcast %struct.scsi_mode_data* %6 to i8* %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = getelementptr inbounds %struct.scsi_device.628647, %struct.scsi_device.628647* %13, i64 0, i32 22 %18 = load i8, i8* %17, align 8 switch i8 %18, label %119 [ i8 0, label %19 i8 20, label %19 ] %20 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #78 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %28 %29 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %10, i64 0, i32 24 %30 = bitcast i24* %29 to i32* %31 = load i32, i32* %30, align 1 %32 = and i32 %31, -3 store i32 %32, i32* %30, align 1 br label %33 %34 = phi i8* [ %23, %22 ], [ %2, %28 ] %35 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %34) #79 %36 = icmp slt i32 %35, 0 br i1 %36, label %119, label %37 %38 = and i32 %35, 1 %39 = and i32 %35, 2 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %47 = phi i32 [ 0, %37 ], [ %45, %41 ] %48 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %10, i64 0, i32 24 %49 = bitcast i24* %48 to i32* %50 = load i32, i32* %49, align 1 %51 = and i32 %50, 2 %52 = icmp eq i32 %51, 0 br i1 %52, label %66, label %53 %54 = and i32 %50, -13 %55 = or i32 %54, %47 %56 = shl nuw nsw i32 %38, 3 %57 = or i32 %55, %56 store i32 %57, i32* %49, align 1 %58 = icmp ne i32 %47, 0 %59 = and i32 %55, 20 %60 = icmp eq i32 %59, 20 %61 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %9, i64 93 %62 = bitcast %struct.dev_iommu** %61 to %struct.gendisk.628464** %63 = load %struct.gendisk.628464*, %struct.gendisk.628464** %62, align 8 %64 = getelementptr inbounds %struct.gendisk.628464, %struct.gendisk.628464* %63, i64 0, i32 9 %65 = load %struct.request_queue.628458*, %struct.request_queue.628458** %64, align 8 tail call void bitcast (void (%struct.request_queue.296182*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.628458*, i1, i1)*)(%struct.request_queue.628458* %65, i1 zeroext %58, i1 zeroext %60) #79 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void @blk_queue_flag_clear(i32 17, %struct.request_queue.296182* %0) #78 ------------- Good: 54 Bad: 2 Ignored: 50 Check Use of Function:fat_compat_dir_ioctl Check Use of Function:d_add Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #78 %21 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 0 %22 = load i16, i16* %21, align 8 %23 = and i16 %22, -4096 %24 = icmp eq i16 %23, -32768 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_sync_inode to i32 (%struct.inode*)*)(%struct.inode* %5) #78 br label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 28 %31 = bitcast i8** %30 to %struct.nfs_server.214586** %32 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %31, align 16 %33 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %32, i64 0, i32 0 %34 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %36, i64 0, i32 23 %38 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %37, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %40 = tail call i32 %38(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 tail call void bitcast (void (%struct.dentry.150061*, %struct.inode.150073*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #78 %21 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 0 %22 = load i16, i16* %21, align 8 %23 = and i16 %22, -4096 %24 = icmp eq i16 %23, -32768 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_sync_inode to i32 (%struct.inode*)*)(%struct.inode* %5) #78 br label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 28 %31 = bitcast i8** %30 to %struct.nfs_server.214586** %32 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %31, align 16 %33 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %32, i64 0, i32 0 %34 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %36, i64 0, i32 23 %38 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %37, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %40 = tail call i32 %38(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 tail call void bitcast (void (%struct.dentry.150061*, %struct.inode.150073*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #78 %21 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 0 %22 = load i16, i16* %21, align 8 %23 = and i16 %22, -4096 %24 = icmp eq i16 %23, -32768 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_sync_inode to i32 (%struct.inode*)*)(%struct.inode* %5) #78 br label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 28 %31 = bitcast i8** %30 to %struct.nfs_server.214586** %32 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %31, align 16 %33 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %32, i64 0, i32 0 %34 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %36, i64 0, i32 23 %38 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %37, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %40 = tail call i32 %38(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 tail call void bitcast (void (%struct.dentry.150061*, %struct.inode.150073*)* @d_add to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %2, %struct.inode* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 9 %11 = load %struct.super_block.153920*, %struct.super_block.153920** %10, align 8 %12 = getelementptr inbounds %struct.super_block.153920, %struct.super_block.153920* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.153950*, %struct.dentry_operations.153950** %12, align 64 %14 = icmp eq %struct.dentry_operations.153950* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.150061*, %struct.inode.150073*)* @d_add to void (%struct.dentry.153949*, %struct.inode.153945*)*)(%struct.dentry.153949* %1, %struct.inode.153945* null) #78 ------------- Good: 19 Bad: 4 Ignored: 5 Check Use of Function:tid_fd_revalidate Check Use of Function:kernel_sigaction Check Use of Function:nla_strcmp Check Use of Function:ext4_orphan_cleanup Check Use of Function:__netif_set_xps_queue Check Use of Function:io_arm_poll_handler Check Use of Function:ata_task_ioctl Check Use of Function:mpage_process_page_bufs Check Use of Function:vfs_parse_fs_string Check Use of Function:ext4_bread Check Use of Function:netdev_master_upper_dev_get Check Use of Function:security_get_user_sids Check Use of Function:modify_user_hw_breakpoint_check Check Use of Function:mb_cache_entry_create Check Use of Function:exit_task_namespaces Check Use of Function:netif_device_attach Check Use of Function:nl80211_notify_iface Check Use of Function:mount_too_revealing Check Use of Function:intel_modeset_driver_remove_nogem Check Use of Function:shrink_dcache_parent Check Use of Function:wake_up_var Check Use of Function:dev_set_mtu Check Use of Function:acpi_install_table_handler Check Use of Function:__mmap_lock_do_trace_start_locking Use: =BAD PATH= Call Stack: 0 probe_range 1 i915_gem_userptr_ioctl ------------- Path:  Function:i915_gem_userptr_ioctl %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %6 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 17 %7 = bitcast %struct.mutex* %6 to i24* %8 = load i24, i24* %7, align 8 %9 = and i24 %8, 525312 %10 = icmp eq i24 %9, 0 br i1 %10, label %112, label %11 %12 = getelementptr inbounds i8, i8* %1, i64 16 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2147483644 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %112 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp ugt i64 %20, 8796093022207 br i1 %21, label %112, label %22 %23 = icmp eq i64 %20, 0 br i1 %23, label %112, label %24 %25 = bitcast i8* %1 to i64* %26 = load i64, i64* %25, align 8 %27 = or i64 %26, %20 %28 = and i64 %27, 4095 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %112 %31 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %32 = add i64 %26, %20 %33 = icmp ult i64 %32, %20 %34 = icmp ugt i64 %32, %31 %35 = or i1 %33, %34 br i1 %35, label %112, label %36, !prof !5, !misexpect !6 %37 = load i32, i32* %13, align 8 %38 = icmp sgt i32 %37, -1 br i1 %38, label %39, label %112 %40 = and i32 %37, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %50, label %42 %43 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 19, i32 32, i32 1 %44 = bitcast i32* %43 to %struct.i915_address_space.501693** %45 = load %struct.i915_address_space.501693*, %struct.i915_address_space.501693** %44, align 8 %46 = getelementptr inbounds %struct.i915_address_space.501693, %struct.i915_address_space.501693* %45, i64 0, i32 15 %47 = load i8, i8* %46, align 8 %48 = and i8 %47, 4 %49 = icmp eq i8 %48, 0 br i1 %49, label %112, label %50 %51 = and i32 %37, 2 %52 = icmp eq i32 %51, 0 br i1 %52, label %62, label %53 %54 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %55 = inttoptr i64 %54 to %struct.task_struct* %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %55, i64 0, i32 38 %57 = load %struct.mm_struct*, %struct.mm_struct** %56, align 64 %58 = load i64, i64* %25, align 8 %59 = load i64, i64* %19, align 8 %60 = tail call fastcc i32 @probe_range(%struct.mm_struct* %57, i64 %58, i64 %59) #78 Function:probe_range %4 = add i64 %2, %1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@probe_range, %5)) #6 to label %6 [label %5], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #78 Function:compat_ksys_ipc %7 = alloca i64, align 8 %8 = bitcast i64* %7 to %struct.util_est* %9 = alloca i64, align 8 %10 = lshr i32 %0, 16 %11 = trunc i32 %0 to i16 switch i16 %11, label %115 [ i16 1, label %12 i16 4, label %17 i16 2, label %24 i16 3, label %27 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %101 i16 23, label %106 i16 24, label %110 ] %102 = zext i32 %4 to i64 %103 = inttoptr i64 %102 to i8* %104 = tail call i64 @ksys_shmdt(i8* %103) #78 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __ia32_sys_shmdt ------------- Path:  Function:__ia32_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call i64 @ksys_shmdt(i8* %5) #78 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmdt 1 __x64_sys_shmdt ------------- Path:  Function:__x64_sys_shmdt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call i64 @ksys_shmdt(i8* %4) #78 Function:ksys_shmdt %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 38 %5 = load %struct.mm_struct*, %struct.mm_struct** %4, align 64 %6 = ptrtoint i8* %0 to i64 %7 = and i64 %6, 4095 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %85 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ksys_shmdt, %10)) #6 to label %11 [label %10], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %5, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 clear_refs_write ------------- Path:  Function:clear_refs_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = alloca %struct.mmu_notifier_range, align 8 %8 = alloca %struct.kuid_t, align 4 %9 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %10 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %11 = icmp ult i64 %2, 12 %12 = select i1 %11, i64 %2, i64 12 %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %1, i64 %12) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %123 %16 = call i8* @strim(i8* nonnull %9) #78 %17 = call i32 @kstrtoint(i8* %16, i32 10, i32* nonnull %6) #78 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %21 %22 = load i32, i32* %6, align 4 %23 = add i32 %22, -1 %24 = icmp ugt i32 %23, 4 br i1 %24, label %123, label %25 %26 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %27 = load %struct.inode*, %struct.inode** %26, align 8 %28 = getelementptr %struct.inode, %struct.inode* %27, i64 -1, i32 41, i32 13 %29 = bitcast %struct.list_head* %28 to %struct.pid** %30 = load %struct.pid*, %struct.pid** %29, align 8 %31 = call %struct.task_struct* @get_pid_task(%struct.pid* %30, i32 0) #78 %32 = icmp eq %struct.task_struct* %31, null br i1 %32, label %123, label %33 %34 = call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %31) #78 %35 = icmp eq %struct.mm_struct* %34, null br i1 %35, label %111, label %36 %37 = bitcast %struct.mmu_notifier_range* %7 to i8* %38 = bitcast %struct.kuid_t* %8 to i8* %39 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %8, i64 0, i32 0 store i32 %22, i32* %39, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@clear_refs_write, %40)) #6 to label %41 [label %40], !srcloc !4 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %34, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18167 ------------- Path:  Function:m_start.18167 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #78 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18167, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18167 ------------- Path:  Function:m_start.18167 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #78 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18167, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18167 ------------- Path:  Function:m_start.18167 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #78 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18167, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 remove_arg_zero 1 load_script ------------- Path:  Function:load_script %2 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 0 %3 = load i8, i8* %2, align 8 %4 = icmp eq i8 %3, 35 br i1 %4, label %5, label %122 %6 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 1 %7 = load i8, i8* %6, align 1 %8 = icmp eq i8 %7, 33 br i1 %8, label %9, label %122 %10 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 255 %11 = tail call i8* @strnchr(i8* %2, i64 256, i32 10) #78 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %36 %14 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 2 %15 = icmp ugt i8* %14, %10 br i1 %15, label %122, label %16 %17 = phi i8* [ %20, %19 ], [ %14, %13 ] %18 = load i8, i8* %17, align 1 switch i8 %18, label %22 [ i8 32, label %19 i8 9, label %19 ] %23 = icmp eq i8* %17, null %24 = icmp ugt i8* %17, %10 %25 = or i1 %23, %24 br i1 %25, label %122, label %26 %27 = phi i8 [ %33, %32 ], [ %18, %22 ] %28 = phi i8* [ %30, %32 ], [ %17, %22 ] switch i8 %27, label %29 [ i8 32, label %34 i8 9, label %34 i8 0, label %34 ] %35 = icmp eq i8* %28, null br i1 %35, label %122, label %36 %37 = phi i8* [ %10, %34 ], [ %11, %9 ] br label %38 %39 = phi i8* [ %37, %36 ], [ %40, %42 ] %40 = getelementptr i8, i8* %39, i64 -1 %41 = load i8, i8* %40, align 1 switch i8 %41, label %43 [ i8 32, label %42 i8 9, label %42 ] %44 = getelementptr %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 22, i64 2 %45 = icmp ugt i8* %44, %39 br i1 %45, label %122, label %46 %47 = phi i8* [ %50, %49 ], [ %44, %43 ] %48 = load i8, i8* %47, align 1 switch i8 %48, label %52 [ i8 32, label %49 i8 9, label %49 ] %53 = icmp eq i8* %47, null %54 = icmp eq i8* %47, %39 %55 = or i1 %53, %54 br i1 %55, label %122, label %56 %57 = icmp ugt i8* %47, %39 br i1 %57, label %80, label %58 %59 = phi i8 [ %65, %64 ], [ %48, %56 ] %60 = phi i8* [ %62, %64 ], [ %47, %56 ] switch i8 %59, label %61 [ i8 32, label %66 i8 9, label %66 i8 0, label %66 ] %62 = getelementptr i8, i8* %60, i64 1 %63 = icmp ugt i8* %62, %39 br i1 %63, label %80, label %64 %81 = phi i8* [ %60, %68 ], [ null, %66 ], [ null, %56 ], [ %60, %74 ], [ %60, %77 ], [ null, %61 ] %82 = phi i8* [ null, %68 ], [ null, %66 ], [ null, %56 ], [ null, %77 ], [ %76, %74 ], [ null, %61 ] %83 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 17 %84 = load i32, i32* %83, align 8 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %122 %88 = tail call i32 @remove_arg_zero(%struct.linux_binprm* %0) #78 Function:remove_arg_zero %2 = alloca %struct.page*, align 8 %3 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 12 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %78, label %6 %7 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 3 %8 = bitcast %struct.page** %2 to i8* %9 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 2 br label %10 %11 = load i64, i64* %7, align 8 store %struct.page* null, %struct.page** %2, align 8 %12 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@remove_arg_zero, %13)) #6 to label %14 [label %13], !srcloc !4 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 remove_arg_zero 1 load_misc_binary ------------- Path:  Function:load_misc_binary %2 = load i1, i1* @enabled, align 4 br i1 %2, label %198, label %3 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @entries_lock) #78 %4 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 15 %5 = load i8*, i8** %4, align 8 %6 = tail call i8* @strrchr(i8* %5, i32 46) #78 %7 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @entries, i64 0, i32 0), align 8 %8 = icmp eq %struct.list_head* %7, @entries br i1 %8, label %109, label %9 %10 = icmp eq i8* %6, null %11 = getelementptr i8, i8* %6, i64 1 br label %12 %13 = phi %struct.list_head* [ %7, %9 ], [ %91, %89 ] %14 = bitcast %struct.list_head* %13 to %struct.Node* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 1 %16 = bitcast %struct.list_head* %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 1 %19 = icmp eq i64 %18, 0 br i1 %19, label %89, label %20 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %31 br i1 %10, label %89, label %25 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 2 %27 = bitcast %struct.list_head* %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @strcmp(i8* %28, i8* %11) #78 %30 = icmp eq i32 %29, 0 br i1 %30, label %93, label %89 %94 = bitcast %struct.list_head* %15 to i64* %95 = icmp eq %struct.list_head* %13, null br i1 %95, label %109, label %96 %97 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 4 %98 = bitcast %struct.list_head* %97 to %struct.dentry** %99 = load %struct.dentry*, %struct.dentry** %98, align 8 %100 = icmp eq %struct.dentry* %99, null br i1 %100, label %103, label %101 %104 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @entries_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @entries_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %105 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 17 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 4 %108 = icmp eq i32 %107, 0 br i1 %108, label %111, label %195 %112 = load i64, i64* %94, align 8 %113 = trunc i64 %112 to i32 %114 = icmp sgt i32 %113, -1 br i1 %114, label %117, label %115 %118 = tail call i32 @remove_arg_zero(%struct.linux_binprm* %0) #78 Function:remove_arg_zero %2 = alloca %struct.page*, align 8 %3 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 12 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %78, label %6 %7 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 3 %8 = bitcast %struct.page** %2 to i8* %9 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 2 br label %10 %11 = load i64, i64* %7, align 8 store %struct.page* null, %struct.page** %2, align 8 %12 = load %struct.mm_struct*, %struct.mm_struct** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@remove_arg_zero, %13)) #6 to label %14 [label %13], !srcloc !4 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_pages_stat_array 1 __se_sys_move_pages 2 __ia32_sys_move_pages ------------- Path:  Function:__ia32_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_move_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #78 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #78 %38 = icmp eq %struct.task_struct* %37, null br i1 %38, label %39, label %40 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %37, i64 0, i32 3 %42 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %41, i64 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !8 %44 = icmp eq i32 %43, 0 br i1 %44, label %49, label %45, !prof !9, !misexpect !10 %46 = add i32 %43, 1 %47 = or i32 %46, %43 %48 = icmp sgt i32 %47, -1 br i1 %48, label %51, label %49, !prof !11, !misexpect !10 %50 = phi i32 [ 2, %40 ], [ 1, %45 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %41, i32 %50) #78 br label %51 %52 = tail call zeroext i1 @ptrace_may_access(%struct.task_struct* nonnull %37, i32 17) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br i1 %52, label %53, label %62 %54 = tail call i32 @security_task_movememory(%struct.task_struct* nonnull %37) #78 %55 = sext i32 %54 to i64 %56 = inttoptr i64 %55 to i8* %57 = inttoptr i64 %55 to %struct.mm_struct* %58 = icmp ugt i8* %56, inttoptr (i64 -4096 to i8*) br i1 %58, label %62, label %59 %60 = tail call i64 @cpuset_mems_allowed(%struct.task_struct* nonnull %37) #78 %61 = tail call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %37) #78 br label %62 %63 = phi i64 [ 0, %53 ], [ %60, %59 ], [ 0, %51 ] %64 = phi %struct.mm_struct* [ %57, %53 ], [ %61, %59 ], [ inttoptr (i64 -1 to %struct.mm_struct*), %51 ] %65 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !12 %66 = icmp eq i32 %65, 1 br i1 %66, label %72, label %67 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @__put_task_struct(%struct.task_struct* nonnull %37) #78 br label %73 %74 = icmp eq %struct.mm_struct* %64, null br i1 %74, label %79, label %75 %76 = phi i64 [ %63, %73 ], [ %34, %28 ] %77 = phi %struct.mm_struct* [ %64, %73 ], [ %35, %28 ] %78 = icmp ugt %struct.mm_struct* %77, inttoptr (i64 -4096 to %struct.mm_struct*) br i1 %78, label %79, label %83 %84 = icmp eq i64 %3, 0 br i1 %84, label %282, label %85 %283 = bitcast [16 x i8*]* %7 to i8* %284 = bitcast [16 x i32]* %8 to i8* %285 = icmp eq i64 %1, 0 br i1 %285, label %337, label %286 %287 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %288 = inttoptr i64 %287 to %struct.task_struct* %289 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %288, i64 0, i32 0, i32 2 %290 = getelementptr inbounds [16 x i8*], [16 x i8*]* %7, i64 0, i64 0 %291 = getelementptr inbounds [16 x i32], [16 x i32]* %8, i64 0, i64 0 br label %292 %293 = phi i32* [ %17, %286 ], [ %334, %332 ] %294 = phi i8** [ %15, %286 ], [ %333, %332 ] %295 = phi i64 [ %1, %286 ], [ %335, %332 ] %296 = icmp ult i64 %295, 16 %297 = select i1 %296, i64 %295, i64 16 %298 = load i32, i32* %289, align 8 %299 = and i32 %298, 2 %300 = icmp eq i32 %299, 0 br i1 %300, label %322, label %301 %302 = bitcast i8** %294 to i32* br label %303 %304 = phi i64 [ %320, %314 ], [ 0, %301 ] %305 = phi i32 [ %319, %314 ], [ 0, %301 ] %307 = getelementptr i32, i32* %302, i64 %304 %308 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %307, i64 4, i64 %306) #6, !srcloc !19 %309 = extractvalue { i32*, i32, i64 } %308, 0 %310 = extractvalue { i32*, i32, i64 } %308, 2 %311 = ptrtoint i32* %309 to i64 %312 = and i64 %311, 4294967295 %313 = icmp eq i64 %312, 0 br i1 %313, label %314, label %337, !prof !11, !misexpect !10 %315 = extractvalue { i32*, i32, i64 } %308, 1 %316 = zext i32 %315 to i64 %317 = inttoptr i64 %316 to i8* %318 = getelementptr [16 x i8*], [16 x i8*]* %7, i64 0, i64 %304 store i8* %317, i8** %318, align 8 %319 = add i32 %305, 1 %320 = sext i32 %319 to i64 %321 = icmp ugt i64 %297, %320 br i1 %321, label %303, label %327 call fastcc void @do_pages_stat_array(%struct.mm_struct* %77, i64 %297, i8** nonnull %290, i32* nonnull %291) #78 Function:do_pages_stat_array callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_pages_stat_array, %5)) #6 to label %6 [label %5], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_pages_stat_array 1 __se_sys_move_pages 2 __x64_sys_move_pages ------------- Path:  Function:__x64_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_move_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #78 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #78 %38 = icmp eq %struct.task_struct* %37, null br i1 %38, label %39, label %40 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %37, i64 0, i32 3 %42 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %41, i64 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !8 %44 = icmp eq i32 %43, 0 br i1 %44, label %49, label %45, !prof !9, !misexpect !10 %46 = add i32 %43, 1 %47 = or i32 %46, %43 %48 = icmp sgt i32 %47, -1 br i1 %48, label %51, label %49, !prof !11, !misexpect !10 %50 = phi i32 [ 2, %40 ], [ 1, %45 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %41, i32 %50) #78 br label %51 %52 = tail call zeroext i1 @ptrace_may_access(%struct.task_struct* nonnull %37, i32 17) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 br i1 %52, label %53, label %62 %54 = tail call i32 @security_task_movememory(%struct.task_struct* nonnull %37) #78 %55 = sext i32 %54 to i64 %56 = inttoptr i64 %55 to i8* %57 = inttoptr i64 %55 to %struct.mm_struct* %58 = icmp ugt i8* %56, inttoptr (i64 -4096 to i8*) br i1 %58, label %62, label %59 %60 = tail call i64 @cpuset_mems_allowed(%struct.task_struct* nonnull %37) #78 %61 = tail call %struct.mm_struct* @get_task_mm(%struct.task_struct* nonnull %37) #78 br label %62 %63 = phi i64 [ 0, %53 ], [ %60, %59 ], [ 0, %51 ] %64 = phi %struct.mm_struct* [ %57, %53 ], [ %61, %59 ], [ inttoptr (i64 -1 to %struct.mm_struct*), %51 ] %65 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !12 %66 = icmp eq i32 %65, 1 br i1 %66, label %72, label %67 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @__put_task_struct(%struct.task_struct* nonnull %37) #78 br label %73 %74 = icmp eq %struct.mm_struct* %64, null br i1 %74, label %79, label %75 %76 = phi i64 [ %63, %73 ], [ %34, %28 ] %77 = phi %struct.mm_struct* [ %64, %73 ], [ %35, %28 ] %78 = icmp ugt %struct.mm_struct* %77, inttoptr (i64 -4096 to %struct.mm_struct*) br i1 %78, label %79, label %83 %84 = icmp eq i64 %3, 0 br i1 %84, label %282, label %85 %283 = bitcast [16 x i8*]* %7 to i8* %284 = bitcast [16 x i32]* %8 to i8* %285 = icmp eq i64 %1, 0 br i1 %285, label %337, label %286 %287 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %288 = inttoptr i64 %287 to %struct.task_struct* %289 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %288, i64 0, i32 0, i32 2 %290 = getelementptr inbounds [16 x i8*], [16 x i8*]* %7, i64 0, i64 0 %291 = getelementptr inbounds [16 x i32], [16 x i32]* %8, i64 0, i64 0 br label %292 %293 = phi i32* [ %17, %286 ], [ %334, %332 ] %294 = phi i8** [ %15, %286 ], [ %333, %332 ] %295 = phi i64 [ %1, %286 ], [ %335, %332 ] %296 = icmp ult i64 %295, 16 %297 = select i1 %296, i64 %295, i64 16 %298 = load i32, i32* %289, align 8 %299 = and i32 %298, 2 %300 = icmp eq i32 %299, 0 br i1 %300, label %322, label %301 %302 = bitcast i8** %294 to i32* br label %303 %304 = phi i64 [ %320, %314 ], [ 0, %301 ] %305 = phi i32 [ %319, %314 ], [ 0, %301 ] %307 = getelementptr i32, i32* %302, i64 %304 %308 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %307, i64 4, i64 %306) #6, !srcloc !19 %309 = extractvalue { i32*, i32, i64 } %308, 0 %310 = extractvalue { i32*, i32, i64 } %308, 2 %311 = ptrtoint i32* %309 to i64 %312 = and i64 %311, 4294967295 %313 = icmp eq i64 %312, 0 br i1 %313, label %314, label %337, !prof !11, !misexpect !10 %315 = extractvalue { i32*, i32, i64 } %308, 1 %316 = zext i32 %315 to i64 %317 = inttoptr i64 %316 to i8* %318 = getelementptr [16 x i8*], [16 x i8*]* %7, i64 0, i64 %304 store i8* %317, i8** %318, align 8 %319 = add i32 %305, 1 %320 = sext i32 %319 to i64 %321 = icmp ugt i64 %297, %320 br i1 %321, label %303, label %327 call fastcc void @do_pages_stat_array(%struct.mm_struct* %77, i64 %297, i8** nonnull %290, i32* nonnull %291) #78 Function:do_pages_stat_array callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_pages_stat_array, %5)) #6 to label %6 [label %5], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __ia32_sys_get_mempolicy ------------- Path:  Function:__ia32_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %9 = bitcast %struct.cpumask* %7 to i8* %10 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %7, i64 0, i32 0, i64 0 store i64 0, i64* %10, align 8 %11 = icmp eq i64 %1, 0 br i1 %11, label %16, label %12 %13 = load i32, i32* @nr_node_ids, align 4 %14 = zext i32 %13 to i64 %15 = icmp ugt i64 %14, %2 br i1 %15, label %82, label %16 %17 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #78 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 146 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %163 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = and i64 %3, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %56, label %28 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %29)) #6 to label %30 [label %29], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __x64_sys_get_mempolicy ------------- Path:  Function:__x64_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %9 = bitcast %struct.cpumask* %7 to i8* %10 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %7, i64 0, i32 0, i64 0 store i64 0, i64* %10, align 8 %11 = icmp eq i64 %1, 0 br i1 %11, label %16, label %12 %13 = load i32, i32* @nr_node_ids, align 4 %14 = zext i32 %13 to i64 %15 = icmp ugt i64 %14, %2 br i1 %15, label %82, label %16 %17 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #78 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 146 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %163 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = and i64 %3, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %56, label %28 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %29)) #6 to label %30 [label %29], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %8, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mbind 1 __se_sys_mbind 2 __ia32_sys_mbind ------------- Path:  Function:__ia32_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_mbind(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_mbind %7 = alloca i64, align 8 %8 = alloca %struct.cpumask, align 8 %9 = inttoptr i64 %3 to i64* %10 = bitcast %struct.cpumask* %8 to i8* %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 store i64 0, i64* %11, align 8 %12 = trunc i64 %2 to i32 %13 = trunc i64 %2 to i16 %14 = and i16 %13, -8192 %15 = and i32 %12, -57345 %16 = icmp ugt i32 %15, 5 %17 = icmp ugt i16 %14, -16385 %18 = or i1 %16, %17 br i1 %18, label %95, label %19 %20 = and i16 %13, 8192 %21 = icmp eq i16 %20, 0 br i1 %21, label %26, label %22 %23 = icmp eq i32 %15, 2 br i1 %23, label %24, label %95 %25 = or i16 %14, 24 br label %26 %27 = phi i16 [ %14, %19 ], [ %25, %24 ] %28 = add i64 %4, -1 store i64 0, i64* %11, align 8 %29 = icmp ne i64 %28, 0 %30 = icmp ne i64 %3, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %91 %33 = icmp ugt i64 %28, 32768 br i1 %33, label %95, label %34 %35 = bitcast i64* %7 to i8* br label %36 %37 = phi i64 [ %63, %60 ], [ %28, %34 ] %38 = icmp ugt i64 %37, 64 br i1 %38, label %39, label %66 %67 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %68 = inttoptr i64 %67 to %struct.task_struct* %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %68, i64 0, i32 0, i32 2 %70 = load i32, i32* %69, align 8 %71 = and i32 %70, 2 %72 = icmp eq i32 %71, 0 br i1 %72, label %76, label %73 %77 = inttoptr i64 %3 to i8* %78 = call i64 @_copy_from_user(i8* nonnull %10, i8* nonnull %77, i64 8) #78 br label %79 %80 = phi i64 [ %75, %73 ], [ %78, %76 ] %81 = trunc i64 %80 to i32 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %95 %84 = and i64 %37, 63 %85 = icmp eq i64 %84, 0 br i1 %85, label %91, label %86 %87 = shl nsw i64 -1, %84 %88 = xor i64 %87, -1 %89 = load i64, i64* %11, align 8 %90 = and i64 %89, %88 store i64 %90, i64* %11, align 8 br label %91 %92 = trunc i32 %15 to i16 %93 = and i64 %5, 4294967295 %94 = call fastcc i64 @do_mbind(i64 %0, i64 %1, i16 zeroext %92, i16 zeroext %27, %struct.cpumask* nonnull %8, i64 %93) #78 Function:do_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.list_head, align 8 %9 = alloca %struct.nodemask_scratch, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = icmp ult i64 %5, 8 br i1 %17, label %18, label %301 %19 = and i64 %5, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %23, label %21 %24 = and i64 %0, 4095 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %301 %27 = icmp eq i16 %2, 0 %28 = and i64 %5, -2 %29 = select i1 %27, i64 %28, i64 %5 %30 = add i64 %1, 4095 %31 = and i64 %30, -4096 %32 = add i64 %31, %0 %33 = icmp ult i64 %32, %0 br i1 %33, label %301, label %34 %35 = icmp eq i64 %31, 0 br i1 %35, label %301, label %36 switch i16 %2, label %49 [ i16 0, label %37 i16 1, label %43 ] %38 = icmp eq %struct.cpumask* %4, null br i1 %38, label %74, label %39 %40 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %74, label %71 %75 = phi i8* [ %61, %63 ], [ null, %37 ], [ null, %39 ] %76 = phi %struct.mempolicy* [ %64, %63 ], [ null, %37 ], [ null, %39 ] %77 = and i64 %29, 8 %78 = icmp eq i64 %77, 0 br i1 %78, label %83, label %79 %84 = icmp eq %struct.mempolicy* %76, null %85 = or i64 %29, 16 %86 = select i1 %84, i64 %85, i64 %29 %87 = and i64 %86, 6 %88 = icmp eq i64 %87, 0 br i1 %88, label %90, label %89 %91 = bitcast %struct.nodemask_scratch* %9 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mbind, %92)) #6 to label %93 [label %92], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %13, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mbind 1 __se_sys_mbind 2 __x64_sys_mbind ------------- Path:  Function:__x64_sys_mbind %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_mbind(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_mbind %7 = alloca i64, align 8 %8 = alloca %struct.cpumask, align 8 %9 = inttoptr i64 %3 to i64* %10 = bitcast %struct.cpumask* %8 to i8* %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %8, i64 0, i32 0, i64 0 store i64 0, i64* %11, align 8 %12 = trunc i64 %2 to i32 %13 = trunc i64 %2 to i16 %14 = and i16 %13, -8192 %15 = and i32 %12, -57345 %16 = icmp ugt i32 %15, 5 %17 = icmp ugt i16 %14, -16385 %18 = or i1 %16, %17 br i1 %18, label %95, label %19 %20 = and i16 %13, 8192 %21 = icmp eq i16 %20, 0 br i1 %21, label %26, label %22 %23 = icmp eq i32 %15, 2 br i1 %23, label %24, label %95 %25 = or i16 %14, 24 br label %26 %27 = phi i16 [ %14, %19 ], [ %25, %24 ] %28 = add i64 %4, -1 store i64 0, i64* %11, align 8 %29 = icmp ne i64 %28, 0 %30 = icmp ne i64 %3, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %91 %33 = icmp ugt i64 %28, 32768 br i1 %33, label %95, label %34 %35 = bitcast i64* %7 to i8* br label %36 %37 = phi i64 [ %63, %60 ], [ %28, %34 ] %38 = icmp ugt i64 %37, 64 br i1 %38, label %39, label %66 %67 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %68 = inttoptr i64 %67 to %struct.task_struct* %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %68, i64 0, i32 0, i32 2 %70 = load i32, i32* %69, align 8 %71 = and i32 %70, 2 %72 = icmp eq i32 %71, 0 br i1 %72, label %76, label %73 %77 = inttoptr i64 %3 to i8* %78 = call i64 @_copy_from_user(i8* nonnull %10, i8* nonnull %77, i64 8) #78 br label %79 %80 = phi i64 [ %75, %73 ], [ %78, %76 ] %81 = trunc i64 %80 to i32 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %95 %84 = and i64 %37, 63 %85 = icmp eq i64 %84, 0 br i1 %85, label %91, label %86 %87 = shl nsw i64 -1, %84 %88 = xor i64 %87, -1 %89 = load i64, i64* %11, align 8 %90 = and i64 %89, %88 store i64 %90, i64* %11, align 8 br label %91 %92 = trunc i32 %15 to i16 %93 = and i64 %5, 4294967295 %94 = call fastcc i64 @do_mbind(i64 %0, i64 %1, i16 zeroext %92, i16 zeroext %27, %struct.cpumask* nonnull %8, i64 %93) #78 Function:do_mbind %7 = alloca %struct.queue_pages, align 8 %8 = alloca %struct.list_head, align 8 %9 = alloca %struct.nodemask_scratch, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = icmp ult i64 %5, 8 br i1 %17, label %18, label %301 %19 = and i64 %5, 4 %20 = icmp eq i64 %19, 0 br i1 %20, label %23, label %21 %24 = and i64 %0, 4095 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %301 %27 = icmp eq i16 %2, 0 %28 = and i64 %5, -2 %29 = select i1 %27, i64 %28, i64 %5 %30 = add i64 %1, 4095 %31 = and i64 %30, -4096 %32 = add i64 %31, %0 %33 = icmp ult i64 %32, %0 br i1 %33, label %301, label %34 %35 = icmp eq i64 %31, 0 br i1 %35, label %301, label %36 switch i16 %2, label %49 [ i16 0, label %37 i16 1, label %43 ] %38 = icmp eq %struct.cpumask* %4, null br i1 %38, label %74, label %39 %40 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %4, i64 0, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %74, label %71 %75 = phi i8* [ %61, %63 ], [ null, %37 ], [ null, %39 ] %76 = phi %struct.mempolicy* [ %64, %63 ], [ null, %37 ], [ null, %39 ] %77 = and i64 %29, 8 %78 = icmp eq i64 %77, 0 br i1 %78, label %83, label %79 %84 = icmp eq %struct.mempolicy* %76, null %85 = or i64 %29, 16 %86 = select i1 %84, i64 %85, i64 %29 %87 = and i64 %86, 6 %88 = icmp eq i64 %87, 0 br i1 %88, label %90, label %89 %91 = bitcast %struct.nodemask_scratch* %9 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mbind, %92)) #6 to label %93 [label %92], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %13, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %31)) #6 to label %32 [label %31], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_msync 1 __ia32_sys_msync ------------- Path:  Function:__ia32_sys_msync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i64 @__do_sys_msync(i64 %4, i64 %7, i32 %10) #78 Function:__do_sys_msync %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 38 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 64 %8 = icmp ult i32 %2, 8 %9 = and i64 %0, 4095 %10 = icmp eq i64 %9, 0 %11 = and i1 %10, %8 br i1 %11, label %12, label %109 %13 = and i32 %2, 4 %14 = and i32 %2, 5 %15 = icmp eq i32 %14, 5 br i1 %15, label %109, label %16 %17 = add i64 %1, 4095 %18 = and i64 %17, -4096 %19 = add i64 %18, %0 %20 = icmp ult i64 %19, %0 br i1 %20, label %109, label %21 %22 = icmp eq i64 %18, 0 br i1 %22, label %107, label %23 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_msync, %24)) #6 to label %25 [label %24], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_msync 1 __x64_sys_msync ------------- Path:  Function:__x64_sys_msync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call fastcc i64 @__do_sys_msync(i64 %3, i64 %5, i32 %8) #78 Function:__do_sys_msync %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 38 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 64 %8 = icmp ult i32 %2, 8 %9 = and i64 %0, 4095 %10 = icmp eq i64 %9, 0 %11 = and i1 %10, %8 br i1 %11, label %12, label %109 %13 = and i32 %2, 4 %14 = and i32 %2, 5 %15 = icmp eq i32 %14, 5 br i1 %15, label %109, label %16 %17 = add i64 %1, 4095 %18 = and i64 %17, -4096 %19 = add i64 %18, %0 %20 = icmp ult i64 %19, %0 br i1 %20, label %109, label %21 %22 = icmp eq i64 %18, 0 br i1 %22, label %107, label %23 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_msync, %24)) #6 to label %25 [label %24], !srcloc !5 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __ia32_sys_mremap ------------- Path:  Function:__ia32_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_mremap(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__do_sys_mremap %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.list_head, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.133045** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.133045**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.133045* %13 = getelementptr inbounds %struct.task_struct.133045, %struct.task_struct.133045* %12, i64 0, i32 38 %14 = load %struct.mm_struct.132944*, %struct.mm_struct.132944** %13, align 64 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 store i8 0, i8* %8, align 1 %16 = bitcast %struct.list_head* %9 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %18, align 8 %19 = bitcast %struct.list_head* %10 to i8* %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 store %struct.list_head* %10, %struct.list_head** %20, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 1 store %struct.list_head* %10, %struct.list_head** %21, align 8 %22 = icmp ult i64 %3, 8 br i1 %22, label %23, label %286 %24 = and i64 %3, 2 %25 = and i64 %3, 1 %26 = icmp eq i64 %25, 0 %27 = and i64 %3, 3 %28 = icmp eq i64 %27, 2 br i1 %28, label %286, label %29 %30 = and i64 %3, 4 %31 = icmp eq i64 %30, 0 br i1 %31, label %36, label %32 %33 = icmp ne i64 %25, 0 %34 = icmp eq i64 %1, %2 %35 = and i1 %34, %33 br i1 %35, label %36, label %286 %37 = and i64 %0, 4095 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %286 %40 = add i64 %1, 4095 %41 = and i64 %40, -4096 %42 = add i64 %2, 4095 %43 = and i64 %42, -4096 %44 = icmp eq i64 %43, 0 br i1 %44, label %286, label %45 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %46)) #6 to label %47 [label %46], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132944*, i1)*)(%struct.mm_struct.132944* %14, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mremap 1 __x64_sys_mremap ------------- Path:  Function:__x64_sys_mremap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_mremap(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_mremap %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca %struct.list_head, align 8 %10 = alloca %struct.list_head, align 8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.133045** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.133045**)) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct.133045* %13 = getelementptr inbounds %struct.task_struct.133045, %struct.task_struct.133045* %12, i64 0, i32 38 %14 = load %struct.mm_struct.132944*, %struct.mm_struct.132944** %13, align 64 %15 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 store i8 0, i8* %8, align 1 %16 = bitcast %struct.list_head* %9 to i8* %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 0 store %struct.list_head* %9, %struct.list_head** %17, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 0, i32 1 store %struct.list_head* %9, %struct.list_head** %18, align 8 %19 = bitcast %struct.list_head* %10 to i8* %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 store %struct.list_head* %10, %struct.list_head** %20, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 1 store %struct.list_head* %10, %struct.list_head** %21, align 8 %22 = icmp ult i64 %3, 8 br i1 %22, label %23, label %286 %24 = and i64 %3, 2 %25 = and i64 %3, 1 %26 = icmp eq i64 %25, 0 %27 = and i64 %3, 3 %28 = icmp eq i64 %27, 2 br i1 %28, label %286, label %29 %30 = and i64 %3, 4 %31 = icmp eq i64 %30, 0 br i1 %31, label %36, label %32 %33 = icmp ne i64 %25, 0 %34 = icmp eq i64 %1, %2 %35 = and i1 %34, %33 br i1 %35, label %36, label %286 %37 = and i64 %0, 4095 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %286 %40 = add i64 %1, 4095 %41 = and i64 %40, -4096 %42 = add i64 %2, 4095 %43 = and i64 %42, -4096 %44 = icmp eq i64 %43, 0 br i1 %44, label %286, label %45 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mremap, %46)) #6 to label %47 [label %46], !srcloc !5 call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132944*, i1)*)(%struct.mm_struct.132944* %14, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_pkey_mprotect ------------- Path:  Function:__ia32_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 %13) #78 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.132530*, align 8 %6 = bitcast %struct.vm_area_struct.132530** %5 to i8* store %struct.vm_area_struct.132530* null, %struct.vm_area_struct.132530** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %33 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %33, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_pkey_mprotect ------------- Path:  Function:__x64_sys_pkey_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 %10) #78 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.132530*, align 8 %6 = bitcast %struct.vm_area_struct.132530** %5 to i8* store %struct.vm_area_struct.132530* null, %struct.vm_area_struct.132530** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %33 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %33, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __ia32_sys_mprotect ------------- Path:  Function:__ia32_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i32 @do_mprotect_pkey(i64 %4, i64 %7, i64 %10, i32 -1) #78 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.132530*, align 8 %6 = bitcast %struct.vm_area_struct.132530** %5 to i8* store %struct.vm_area_struct.132530* null, %struct.vm_area_struct.132530** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %33 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %33, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mprotect_pkey 1 __x64_sys_mprotect ------------- Path:  Function:__x64_sys_mprotect %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i32 @do_mprotect_pkey(i64 %3, i64 %5, i64 %7, i32 -1) #78 Function:do_mprotect_pkey %5 = alloca %struct.vm_area_struct.132530*, align 8 %6 = bitcast %struct.vm_area_struct.132530** %5 to i8* store %struct.vm_area_struct.132530* null, %struct.vm_area_struct.132530** %5, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 47 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp ne i32 %11, 0 %13 = and i64 %2, 1 %14 = icmp ne i64 %13, 0 %15 = and i1 %14, %12 %16 = and i64 %2, -50331649 %17 = and i64 %2, 50331648 %18 = icmp ne i64 %17, 50331648 %19 = and i64 %0, 4095 %20 = icmp eq i64 %19, 0 %21 = and i1 %20, %18 br i1 %21, label %22, label %166 %23 = icmp eq i64 %1, 0 br i1 %23, label %166, label %24 %25 = add i64 %1, 4095 %26 = and i64 %25, -4096 %27 = add i64 %26, %0 %28 = icmp ugt i64 %27, %0 br i1 %28, label %29, label %166 %30 = icmp ult i64 %16, 16 br i1 %30, label %31, label %166 %32 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %33 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %32, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mprotect_pkey, %34)) #6 to label %35 [label %34], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %33, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_alloc 1 __ia32_sys_pkey_alloc ------------- Path:  Function:__ia32_sys_pkey_alloc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_pkey_alloc(i64 %4, i64 %7) #78 Function:__do_sys_pkey_alloc %3 = icmp eq i64 %0, 0 %4 = icmp ult i64 %1, 4 %5 = and i1 %3, %4 br i1 %5, label %6, label %67 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %10 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %9, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_alloc, %11)) #6 to label %12 [label %11], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %10, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_alloc 1 __x64_sys_pkey_alloc ------------- Path:  Function:__x64_sys_pkey_alloc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_pkey_alloc(i64 %3, i64 %5) #78 Function:__do_sys_pkey_alloc %3 = icmp eq i64 %0, 0 %4 = icmp ult i64 %1, 4 %5 = and i1 %3, %4 br i1 %5, label %6, label %67 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.132437* %9 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %8, i64 0, i32 38 %10 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %9, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_alloc, %11)) #6 to label %12 [label %11], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %10, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_free 1 __ia32_sys_pkey_free ------------- Path:  Function:__ia32_sys_pkey_free %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_pkey_free(i32 %4) #78 Function:__do_sys_pkey_free %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.132437* %4 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %3, i64 0, i32 38 %5 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %4, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_free, %6)) #6 to label %7 [label %6], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %5, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_pkey_free 1 __x64_sys_pkey_free ------------- Path:  Function:__x64_sys_pkey_free %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_pkey_free(i32 %4) #78 Function:__do_sys_pkey_free %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.132437** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.132437**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.132437* %4 = getelementptr inbounds %struct.task_struct.132437, %struct.task_struct.132437* %3, i64 0, i32 38 %5 = load %struct.mm_struct.132543*, %struct.mm_struct.132543** %4, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_pkey_free, %6)) #6 to label %7 [label %6], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.132543*, i1)*)(%struct.mm_struct.132543* %5, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __ia32_sys_remap_file_pages ------------- Path:  Function:__ia32_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 64 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #79 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_remap_file_pages 1 __x64_sys_remap_file_pages ------------- Path:  Function:__x64_sys_remap_file_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__do_sys_remap_file_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_remap_file_pages %6 = alloca i64, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %10 = load %struct.mm_struct*, %struct.mm_struct** %9, align 64 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = load i1, i1* @__do_sys_remap_file_pages.__already_done, align 1 br i1 %12, label %18, label %13, !prof !5, !misexpect !6 %19 = icmp eq i64 %2, 0 br i1 %19, label %20, label %138 %21 = and i64 %0, -4096 %22 = and i64 %1, -4096 %23 = add i64 %22, %21 %24 = icmp ugt i64 %23, %21 br i1 %24, label %25, label %138 %26 = lshr i64 %1, 12 %27 = xor i64 %3, -1 %28 = icmp ugt i64 %26, %27 br i1 %28, label %138, label %29 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_remap_file_pages, %30)) #6 to label %31 [label %30], !srcloc !7 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %10, i1 zeroext true) #79 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __ia32_sys_brk ------------- Path:  Function:__ia32_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__do_sys_brk(i64 %4) #78 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 38 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 64 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_brk 1 __x64_sys_brk ------------- Path:  Function:__x64_sys_brk %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__do_sys_brk(i64 %3) #78 Function:__do_sys_brk %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 38 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 64 %7 = bitcast %struct.list_head* %2 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %9, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_brk, %10)) #6 to label %11 [label %10], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %6, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 vm_munmap 1 kill_ioctx 2 __se_sys_io_destroy 3 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #78 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #78 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !10, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17691, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !11 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #78 Function:vm_munmap %3 = alloca %struct.list_head, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 38 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 64 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_munmap, %11)) #6 to label %12 [label %11], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 vm_munmap 1 kill_ioctx 2 __se_sys_io_destroy 3 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 %9 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 1, i32 0 store volatile i32 1, i32* %9, align 8 %10 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %11 = inttoptr i64 %10 to %struct.task_struct* %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 38 %13 = load %struct.mm_struct*, %struct.mm_struct** %12, align 64 %14 = call fastcc i32 @kill_ioctx(%struct.mm_struct* %13, %struct.kioctx* nonnull %3, %struct.ctx_rq_wait* nonnull %2) #78 Function:kill_ioctx %4 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 47 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 1, i32 0 %7 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 48 %13 = load volatile %struct.kioctx_table*, %struct.kioctx_table** %12, align 8 %14 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 21 %15 = load i32, i32* %14, align 8 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %16 %18 = load volatile %struct.kioctx*, %struct.kioctx** %17, align 8 %19 = icmp eq %struct.kioctx* %18, %1 br i1 %19, label %23, label %20, !prof !7, !misexpect !8 %24 = phi i64 [ %16, %11 ], [ %22, %20 ] %25 = getelementptr %struct.kioctx_table, %struct.kioctx_table* %13, i64 0, i32 2, i64 %24 store volatile %struct.kioctx* null, %struct.kioctx** %25, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %26, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 17, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %27, i32 3, i32 0, i8* null) #78 %28 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 6 %29 = load i32, i32* %28, align 4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @aio_nr_lock, i64 0, i32 0, i32 0)) #78 %30 = load i64, i64* @aio_nr, align 8 %31 = zext i32 %29 to i64 %32 = icmp ult i64 %30, %31 br i1 %32, label %33, label %34, !prof !10, !misexpect !8 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.17691, i64 0, i64 0), i32 691, i32 2305, i64 12) #6, !srcloc !11 br label %36 %37 = phi i64 [ %35, %34 ], [ 0, %33 ] store i64 %37, i64* @aio_nr, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @aio_nr_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %38 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 9 %39 = load i64, i64* %38, align 16 %40 = icmp eq i64 %39, 0 br i1 %40, label %45, label %41 %42 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %1, i64 0, i32 8 %43 = load i64, i64* %42, align 8 %44 = tail call i32 @vm_munmap(i64 %43, i64 %39) #78 Function:vm_munmap %3 = alloca %struct.list_head, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 38 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 64 %8 = bitcast %struct.list_head* %3 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %10, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_munmap, %11)) #6 to label %12 [label %11], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %7, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock2 ------------- Path:  Function:__ia32_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %17 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i64 8192, i64 532480 %15 = tail call fastcc i32 @do_mlock(i64 %12, i64 %9, i64 %14) #78 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.131117* %6 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 95 %7 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 %8 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #78 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 br label %15 %16 = phi %struct.signal_struct.131066* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 38 %26 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %26, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock2 ------------- Path:  Function:__x64_sys_mlock2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp ult i32 %4, 2 br i1 %5, label %6, label %15 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = icmp eq i32 %4, 0 %12 = select i1 %11, i64 8192, i64 532480 %13 = tail call fastcc i32 @do_mlock(i64 %10, i64 %8, i64 %12) #78 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.131117* %6 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 95 %7 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 %8 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #78 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 br label %15 %16 = phi %struct.signal_struct.131066* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 38 %26 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %26, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __ia32_sys_mlock ------------- Path:  Function:__ia32_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i32 @do_mlock(i64 %4, i64 %7, i64 8192) #78 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.131117* %6 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 95 %7 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 %8 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #78 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 br label %15 %16 = phi %struct.signal_struct.131066* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 38 %26 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %26, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mlock 1 __x64_sys_mlock ------------- Path:  Function:__x64_sys_mlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i32 @do_mlock(i64 %3, i64 %5, i64 8192) #78 Function:do_mlock %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.131117* %6 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 95 %7 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 %8 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %7, i64 0, i32 49, i64 8, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 %12 = tail call zeroext i1 @capable(i32 14) #78 br i1 %12, label %13, label %107 %14 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %6, align 32 br label %15 %16 = phi %struct.signal_struct.131066* [ %14, %13 ], [ %7, %3 ] %17 = and i64 %0, 4095 %18 = add i64 %1, 4095 %19 = add i64 %18, %17 %20 = and i64 %19, -4096 %21 = and i64 %0, -4096 %22 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %16, i64 0, i32 49, i64 8, i32 0 %23 = load volatile i64, i64* %22, align 8 %24 = lshr i64 %23, 12 %25 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %5, i64 0, i32 38 %26 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %25, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_mlock, %27)) #6 to label %28 [label %27], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %26, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __ia32_sys_mlockall ------------- Path:  Function:__ia32_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #78 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.131117* %10 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %9, i64 0, i32 95 %11 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %10, align 32 %12 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %11, i64 0, i32 49, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #78 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %10, align 32 br label %19 %20 = phi %struct.signal_struct.131066* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %20, i64 0, i32 49, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %9, i64 0, i32 38 %25 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %24, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %25, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_mlockall 1 __x64_sys_mlockall ------------- Path:  Function:__x64_sys_mlockall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call fastcc i64 @__do_sys_mlockall(i32 %4) #78 Function:__do_sys_mlockall %2 = icmp eq i32 %0, 0 br i1 %2, label %69, label %3 %4 = icmp ugt i32 %0, 7 %5 = icmp eq i32 %0, 4 %6 = or i1 %4, %5 br i1 %6, label %69, label %7 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.131117* %10 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %9, i64 0, i32 95 %11 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %10, align 32 %12 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %11, i64 0, i32 49, i64 8, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = tail call zeroext i1 @capable(i32 14) #78 br i1 %16, label %17, label %69 %18 = load %struct.signal_struct.131066*, %struct.signal_struct.131066** %10, align 32 br label %19 %20 = phi %struct.signal_struct.131066* [ %18, %17 ], [ %11, %7 ] %21 = getelementptr %struct.signal_struct.131066, %struct.signal_struct.131066* %20, i64 0, i32 49, i64 8, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = lshr i64 %22, 12 %24 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %9, i64 0, i32 38 %25 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %24, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_mlockall, %26)) #6 to label %27 [label %26], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %25, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __ia32_sys_munlock ------------- Path:  Function:__ia32_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__do_sys_munlock(i64 %4, i64 %7) #78 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.131117* %5 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %4, i64 0, i32 38 %6 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %6, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_munlock 1 __x64_sys_munlock ------------- Path:  Function:__x64_sys_munlock %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__do_sys_munlock(i64 %3, i64 %5) #78 Function:__do_sys_munlock %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131117** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131117**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.131117* %5 = getelementptr inbounds %struct.task_struct.131117, %struct.task_struct.131117* %4, i64 0, i32 38 %6 = load %struct.mm_struct.131018*, %struct.mm_struct.131018** %5, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_munlock, %7)) #6 to label %8 [label %7], !srcloc !5 tail call void bitcast (void (%struct.mm_struct*, i1)* @__mmap_lock_do_trace_start_locking to void (%struct.mm_struct.131018*, i1)*)(%struct.mm_struct.131018* %6, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_prctl 1 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %181 = or i64 %4, %3 %182 = or i64 %181, %2 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %276 %185 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 38 %186 = load %struct.mm_struct*, %struct.mm_struct** %185, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__do_sys_prctl, %187)) #6 to label %188 [label %187], !srcloc !8 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %186, i1 zeroext true) #78 ------------- Use: =BAD PATH= Call Stack: 0 vm_mmap_pgoff 1 vm_mmap 2 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %166 %10 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.449467* %11 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 15 %12 = bitcast %struct.mutex* %11 to i8* %13 = load i8, i8* %12, align 8 %14 = zext i8 %13 to i32 %15 = shl nuw nsw i32 %14, 8 %16 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %10, i64 0, i32 3, i32 1 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i32 %19 = or i32 %15, %18 %20 = icmp ugt i32 %19, 3072 br i1 %20, label %166, label %21 %22 = getelementptr inbounds i8, i8* %1, i64 32 %23 = bitcast i8* %22 to i64* %24 = load i64, i64* %23, align 8 %25 = icmp ult i64 %24, 2 br i1 %25, label %26, label %166 %27 = icmp eq i64 %24, 0 br i1 %27, label %32, label %28 %29 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %30 = and i64 %29, 65536 %31 = icmp eq i64 %30, 0 br i1 %31, label %166, label %32 %33 = bitcast i8* %1 to i32* %34 = load i32, i32* %33, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %36 = zext i32 %34 to i64 %37 = tail call i8* @idr_find(%struct.idr* %35, i64 %36) #78 %38 = bitcast i8* %37 to %struct.drm_i915_gem_object.449204* %39 = icmp eq i8* %37, null br i1 %39, label %64, label %40 %41 = bitcast i8* %37 to %struct.seqcount_spinlock* %42 = bitcast i8* %37 to i32* %43 = load volatile i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %46 = phi i32 [ %53, %52 ], [ %43, %40 ] %47 = add i32 %46, 1 %48 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %42, i32 %47, i32* nonnull %42, i32 %46) #6, !srcloc !5 %49 = extractvalue { i8, i32 } %48, 0 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %55, !prof !6, !misexpect !7 %53 = extractvalue { i8, i32 } %48, 1 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %45 %56 = phi i32 [ 0, %40 ], [ %46, %45 ], [ 0, %52 ] %57 = add i32 %56, 1 %58 = or i32 %57, %56 %59 = icmp sgt i32 %58, -1 br i1 %59, label %61, label %60, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %41, i32 0) #78 br label %61 %62 = icmp eq i32 %56, 0 %63 = select i1 %62, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %38 br label %64 %65 = phi %struct.drm_i915_gem_object.449204* [ null, %32 ], [ %63, %61 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %66 = icmp eq %struct.drm_i915_gem_object.449204* %65, null br i1 %66, label %166, label %67 %68 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 3 %69 = load %struct.file*, %struct.file** %68, align 8 %70 = icmp eq %struct.file* %69, null br i1 %70, label %151, label %71 %72 = getelementptr inbounds i8, i8* %1, i64 8 %73 = bitcast i8* %72 to i64* %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds i8, i8* %1, i64 16 %76 = bitcast i8* %75 to i64* %77 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 5 %78 = load i64, i64* %77, align 8 %79 = icmp ugt i64 %78, %74 br i1 %79, label %80, label %151 %81 = load i64, i64* %76, align 8 %82 = sub i64 %78, %74 %83 = icmp ugt i64 %81, %82 br i1 %83, label %151, label %84 %85 = tail call i64 @vm_mmap(%struct.file* nonnull %69, i64 0, i64 %81, i64 3, i64 1, i64 %74) #78 Function:vm_mmap %7 = add i64 %2, 4095 %8 = and i64 %7, -4096 %9 = xor i64 %5, -1 %10 = icmp ule i64 %8, %9 %11 = and i64 %5, 4095 %12 = icmp eq i64 %11, 0 %13 = and i1 %10, %12 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %15 = lshr i64 %5, 12 %16 = tail call i64 @vm_mmap_pgoff(%struct.file* %0, i64 %1, i64 %2, i64 %3, i64 %4, i64 %15) #78 Function:vm_mmap_pgoff %7 = alloca i64, align 8 %8 = alloca %struct.list_head, align 8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %14 = bitcast %struct.list_head* %8 to i8* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 0 store %struct.list_head* %8, %struct.list_head** %15, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %8, i64 0, i32 1 store %struct.list_head* %8, %struct.list_head** %16, align 8 %17 = call i32 @security_mmap_file(%struct.file* %0, i64 %3, i64 %4) #78 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %37 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@vm_mmap_pgoff, %21)) #6 to label %22 [label %21], !srcloc !5 call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %12, i1 zeroext true) #78 ------------- Good: 159 Bad: 49 Ignored: 408 Check Use of Function:cfg80211_auth_timeout Check Use of Function:ext4_discard_preallocations Check Use of Function:__perf_remove_from_context Check Use of Function:x86_pmu_aux_output_match Check Use of Function:unlock_buffer Check Use of Function:jbd2_journal_unlock_updates Check Use of Function:__cfg80211_disconnected Check Use of Function:bdev_add_partition Check Use of Function:shmem_xattr_handler_get Check Use of Function:snapshot_compat_ioctl Check Use of Function:ext4_es_delayed_clu Check Use of Function:lock_two_nondirectories Check Use of Function:uart_startup Check Use of Function:vfs_rmdir Check Use of Function:strndup_user Use: =BAD PATH= Call Stack: 0 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.dma_buf** %9 = load %struct.dma_buf*, %struct.dma_buf** %8, align 8 switch i32 %1, label %84 [ i32 1074291200, label %10 i32 1074029057, label %58 i32 1074291201, label %58 ] %59 = inttoptr i64 %2 to i8* %60 = tail call i8* @strndup_user(i8* %59, i64 32) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #78 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.242170, align 8 %8 = bitcast %struct.kernel_pkey_params.242170* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.242170, %struct.kernel_pkey_params.242170* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24483, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.242170* nonnull %7) #78 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.242170* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.242170, %struct.kernel_pkey_params.242170* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24483, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %267 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %268 = inttoptr i64 %2 to i8* %269 = inttoptr i64 %3 to i8* %270 = inttoptr i64 %4 to i8* %271 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %267, i8* %268, i8* %269, i8* %270) #78 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.242170, align 8 %8 = bitcast %struct.kernel_pkey_params.242170* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.242170, %struct.kernel_pkey_params.242170* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24483, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.242170* nonnull %7) #78 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.242170* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.242170, %struct.kernel_pkey_params.242170* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24483, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %91 = inttoptr i64 %6 to %struct.keyctl_pkey_params* %92 = inttoptr i64 %9 to i8* %93 = inttoptr i64 %12 to i8* %94 = inttoptr i64 %15 to i8* %95 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %91, i8* %92, i8* %93, i8* %94) #78 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.242170, align 8 %8 = bitcast %struct.kernel_pkey_params.242170* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.242170, %struct.kernel_pkey_params.242170* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24483, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.242170* nonnull %7) #78 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.242170* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.242170, %struct.kernel_pkey_params.242170* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.24483, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %27 = icmp eq i64 %1, 0 br i1 %27, label %37, label %28 %29 = inttoptr i64 %1 to i8* %30 = tail call i8* @strndup_user(i8* nonnull %29, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %27 = icmp eq i64 %1, 0 br i1 %27, label %37, label %28 %29 = inttoptr i64 %1 to i8* %30 = tail call i8* @strndup_user(i8* nonnull %29, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %41 = inttoptr i64 %9 to i8* %42 = inttoptr i64 %12 to i8* %43 = tail call i64 @keyctl_keyring_search(i32 %17, i8* %41, i8* %42, i32 %20) #78 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #78 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %111 = trunc i64 %1 to i32 %112 = inttoptr i64 %2 to i8* %113 = inttoptr i64 %3 to i8* %114 = trunc i64 %4 to i32 %115 = tail call i64 @keyctl_keyring_search(i32 %111, i8* %112, i8* %113, i32 %114) #78 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #78 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %111 = trunc i64 %1 to i32 %112 = inttoptr i64 %2 to i8* %113 = inttoptr i64 %3 to i8* %114 = trunc i64 %4 to i32 %115 = tail call i64 @keyctl_keyring_search(i32 %111, i8* %112, i8* %113, i32 %114) #78 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #78 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_join_session_keyring 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %24 = inttoptr i64 %6 to i8* %25 = tail call i64 @keyctl_join_session_keyring(i8* %24) #78 Function:keyctl_join_session_keyring %2 = icmp eq i8* %0, null br i1 %2, label %11, label %3 %4 = tail call i8* @strndup_user(i8* nonnull %0, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_request_key 1 __ia32_sys_request_key ------------- Path:  Function:__ia32_sys_request_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_request_key(i64 %4, i64 %7, i64 %10, i64 %13) #78 Function:__se_sys_request_key %5 = alloca [32 x i8], align 16 %6 = inttoptr i64 %0 to i8* %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %3 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %11 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %6, i64 32) #78 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %20, label %14 %15 = add nsw i32 %12, -1 %16 = icmp ugt i32 %15, 30 br i1 %16, label %20, label %17 %18 = load i8, i8* %10, align 16 %19 = icmp eq i8 %18, 46 br i1 %19, label %20, label %24 %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %25, align 1 %26 = call i8* @strndup_user(i8* %7, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_request_key 1 __x64_sys_request_key ------------- Path:  Function:__x64_sys_request_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_request_key(i64 %3, i64 %5, i64 %7, i64 %9) #78 Function:__se_sys_request_key %5 = alloca [32 x i8], align 16 %6 = inttoptr i64 %0 to i8* %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %3 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %11 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %6, i64 32) #78 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %20, label %14 %15 = add nsw i32 %12, -1 %16 = icmp ugt i32 %15, 30 br i1 %16, label %20, label %17 %18 = load i8, i8* %10, align 16 %19 = icmp eq i8 %18, 46 br i1 %19, label %20, label %24 %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %25, align 1 %26 = call i8* @strndup_user(i8* %7, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #78 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #78 %14 = ptrtoint i8* %13 to i64 %15 = icmp ugt i8* %13, inttoptr (i64 -4096 to i8*) br i1 %15, label %77, label %16 %17 = phi i8* [ %13, %11 ], [ null, %5 ] %18 = icmp eq i64 %0, 0 br i1 %18, label %23, label %19 %20 = tail call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_mount(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_mount 1 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_mount(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_mount %6 = alloca %struct.path, align 8 %7 = inttoptr i64 %0 to i8* %8 = inttoptr i64 %1 to i8* %9 = inttoptr i64 %4 to i8* %10 = icmp eq i64 %2, 0 br i1 %10, label %16, label %11 %12 = inttoptr i64 %2 to i8* %13 = tail call i8* @strndup_user(i8* nonnull %12, i64 4096) #78 ------------- Good: 10 Bad: 20 Ignored: 5 Check Use of Function:put_mnt_ns Use: =BAD PATH= Call Stack: 0 mntns_put ------------- Path:  Function:mntns_put %2 = bitcast %struct.ns_common* %0 to %struct.mnt_namespace* tail call void @put_mnt_ns(%struct.mnt_namespace* %2) #78 ------------- Good: 11 Bad: 1 Ignored: 3 Check Use of Function:mount_capable Check Use of Function:ext4_ind_remove_space Check Use of Function:msdos_rename Check Use of Function:drm_prime_destroy_file_private Check Use of Function:pci_intx Check Use of Function:device_reset Check Use of Function:cfg80211_find_elem_match Check Use of Function:ext4_inode_journal_mode Check Use of Function:e1000_reset Check Use of Function:bad_area Check Use of Function:ext4_xattr_trusted_get Check Use of Function:ext4_delete_entry Check Use of Function:down_read_killable Use: =BAD PATH= Call Stack: 0 m_start.18167 ------------- Path:  Function:m_start.18167 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #78 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18167, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #78 br label %52 %53 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 17 %54 = tail call i32 @down_read_killable(%struct.rw_semaphore* %53) #78 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18167 ------------- Path:  Function:m_start.18167 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #78 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18167, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #78 br label %52 %53 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 17 %54 = tail call i32 @down_read_killable(%struct.rw_semaphore* %53) #78 ------------- Use: =BAD PATH= Call Stack: 0 m_start.18167 ------------- Path:  Function:m_start.18167 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = load i64, i64* %1, align 8 %7 = icmp eq i64 %6, -1 br i1 %7, label %92, label %8 %9 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 0 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr %struct.inode, %struct.inode* %10, i64 -1, i32 41, i32 13 %12 = bitcast %struct.list_head* %11 to %struct.pid** %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = tail call %struct.task_struct* @get_pid_task(%struct.pid* %13, i32 0) #78 %15 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 store %struct.task_struct* %14, %struct.task_struct** %15, align 8 %16 = icmp eq %struct.task_struct* %14, null br i1 %16, label %92, label %17 %18 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %19 = load %struct.mm_struct*, %struct.mm_struct** %18, align 8 %20 = icmp eq %struct.mm_struct* %19, null br i1 %20, label %37, label %21 %22 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 12, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %37, label %25, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %50, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_start.18167, %51)) #6 to label %52 [label %51], !srcloc !10 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* nonnull %19, i1 zeroext false) #78 br label %52 %53 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %19, i64 0, i32 0, i32 17 %54 = tail call i32 @down_read_killable(%struct.rw_semaphore* %53) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #78 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #78 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !5 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !6, !misexpect !7 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !8, !misexpect !7 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #78 br label %26 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 1, i32* %28) #6, !srcloc !5 %30 = icmp eq i32 %29, 0 br i1 %30, label %35, label %31, !prof !6, !misexpect !7 %32 = add i32 %29, 1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !8, !misexpect !7 %36 = phi i32 [ 2, %26 ], [ 1, %31 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 %36) #78 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 95 %39 = load %struct.signal_struct*, %struct.signal_struct** %38, align 32 %40 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %39, i64 0, i32 59 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 95 %42 = load %struct.signal_struct*, %struct.signal_struct** %41, align 32 %43 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %42, i64 0, i32 59 %44 = icmp ugt %struct.signal_struct* %42, %39 %45 = select i1 %44, %struct.rw_semaphore* %40, %struct.rw_semaphore* %43 %46 = select i1 %44, %struct.rw_semaphore* %43, %struct.rw_semaphore* %40 %47 = tail call i32 @down_read_killable(%struct.rw_semaphore* %46) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #78 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #78 %12 = icmp ne %struct.task_struct* %10, null %13 = icmp ne %struct.task_struct* %11, null %14 = and i1 %12, %13 br i1 %14, label %15, label %261 %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 0, i32 0, i32 0 %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !5 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !6, !misexpect !7 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !8, !misexpect !7 %25 = phi i32 [ 2, %15 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #78 br label %26 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 1, i32* %28) #6, !srcloc !5 %30 = icmp eq i32 %29, 0 br i1 %30, label %35, label %31, !prof !6, !misexpect !7 %32 = add i32 %29, 1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !8, !misexpect !7 %36 = phi i32 [ 2, %26 ], [ 1, %31 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %27, i32 %36) #78 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 95 %39 = load %struct.signal_struct*, %struct.signal_struct** %38, align 32 %40 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %39, i64 0, i32 59 %41 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %11, i64 0, i32 95 %42 = load %struct.signal_struct*, %struct.signal_struct** %41, align 32 %43 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %42, i64 0, i32 59 %44 = icmp ugt %struct.signal_struct* %42, %39 %45 = select i1 %44, %struct.rw_semaphore* %40, %struct.rw_semaphore* %43 %46 = select i1 %44, %struct.rw_semaphore* %43, %struct.rw_semaphore* %40 %47 = tail call i32 @down_read_killable(%struct.rw_semaphore* %46) #78 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 environ_open ------------- Path:  Function:environ_open %3 = tail call %struct.mm_struct.177490* @proc_mem_open(%struct.inode.177454* %0, i32 1) #78 Function:proc_mem_open %3 = getelementptr %struct.inode.177454, %struct.inode.177454* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177248** %5 = load %struct.pid.177248*, %struct.pid.177248** %4, align 8 %6 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %5, i32 0) #78 %7 = icmp eq %struct.task_struct.177581* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177490* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177490* (%struct.task_struct.177581*, i32)*)(%struct.task_struct.177581* nonnull %6, i32 %9) #78 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 auxv_open ------------- Path:  Function:auxv_open %3 = tail call %struct.mm_struct.177490* @proc_mem_open(%struct.inode.177454* %0, i32 9) #78 Function:proc_mem_open %3 = getelementptr %struct.inode.177454, %struct.inode.177454* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177248** %5 = load %struct.pid.177248*, %struct.pid.177248** %4, align 8 %6 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %5, i32 0) #78 %7 = icmp eq %struct.task_struct.177581* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177490* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177490* (%struct.task_struct.177581*, i32)*)(%struct.task_struct.177581* nonnull %6, i32 %9) #78 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 mem_open ------------- Path:  Function:mem_open %3 = tail call %struct.mm_struct.177490* @proc_mem_open(%struct.inode.177454* %0, i32 2) #78 Function:proc_mem_open %3 = getelementptr %struct.inode.177454, %struct.inode.177454* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177248** %5 = load %struct.pid.177248*, %struct.pid.177248** %4, align 8 %6 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %5, i32 0) #78 %7 = icmp eq %struct.task_struct.177581* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177490* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177490* (%struct.task_struct.177581*, i32)*)(%struct.task_struct.177581* nonnull %6, i32 %9) #78 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 proc_pid_attr_open ------------- Path:  Function:proc_pid_attr_open %3 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %1, i64 0, i32 16 store i8* null, i8** %3, align 8 %4 = tail call %struct.mm_struct.177490* @proc_mem_open(%struct.inode.177454* %0, i32 9) #78 Function:proc_mem_open %3 = getelementptr %struct.inode.177454, %struct.inode.177454* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177248** %5 = load %struct.pid.177248*, %struct.pid.177248** %4, align 8 %6 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %5, i32 0) #78 %7 = icmp eq %struct.task_struct.177581* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177490* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177490* (%struct.task_struct.177581*, i32)*)(%struct.task_struct.177581* nonnull %6, i32 %9) #78 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 pagemap_open ------------- Path:  Function:pagemap_open %3 = tail call %struct.mm_struct* bitcast (%struct.mm_struct.177490* (%struct.inode.177454*, i32)* @proc_mem_open to %struct.mm_struct* (%struct.inode*, i32)*)(%struct.inode* %0, i32 1) #78 Function:proc_mem_open %3 = getelementptr %struct.inode.177454, %struct.inode.177454* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.177248** %5 = load %struct.pid.177248*, %struct.pid.177248** %4, align 8 %6 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %5, i32 0) #78 %7 = icmp eq %struct.task_struct.177581* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.177490* bitcast (%struct.mm_struct* (%struct.task_struct*, i32)* @mm_access to %struct.mm_struct.177490* (%struct.task_struct.177581*, i32)*)(%struct.task_struct.177581* nonnull %6, i32 %9) #78 Function:mm_access %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %4 = load %struct.signal_struct*, %struct.signal_struct** %3, align 32 %5 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #78 ------------- Good: 35 Bad: 10 Ignored: 73 Check Use of Function:tg3_ptp_enable Check Use of Function:__tcf_chain_put Check Use of Function:track_pfn_insert Check Use of Function:drm_modeset_unlock Check Use of Function:iommu_device_sysfs_add Check Use of Function:xt_compat_flush_offsets Check Use of Function:__lock_buffer Check Use of Function:init_mkdir Check Use of Function:drm_modeset_backoff Check Use of Function:drm_connector_free Check Use of Function:ext4_append Check Use of Function:congestion_wait Check Use of Function:ieee80211_run_deferred_scan Check Use of Function:hibernation_snapshot Check Use of Function:ptep_set_access_flags Check Use of Function:ext4_count_free_clusters Check Use of Function:ip_tunnel_bind_dev Check Use of Function:acpi_processor_power_exit Check Use of Function:io_uring_alloc_task_context Check Use of Function:sd_config_write_same Check Use of Function:ext4_dirblock_csum_verify Check Use of Function:autofs_root_compat_ioctl Check Use of Function:perf_kprobe_init Check Use of Function:__ext4_journal_get_create_access Check Use of Function:unlock_new_inode Check Use of Function:__ext4_std_error Check Use of Function:__ftrace_trace_stack Check Use of Function:ring_buffer_nest_start Check Use of Function:security_inode_rename Check Use of Function:sync_blockdev Check Use of Function:io_req_complete_post Check Use of Function:ieee80211_set_wmm_default Check Use of Function:acpi_processor_ignore_ppc_init Check Use of Function:dm_compat_ctl_ioctl Check Use of Function:bcmp Use: =BAD PATH= Call Stack: 0 __ip_options_echo 1 __icmp_send 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %63) #78 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.837070*, %struct.net_device.837070** %78, align 8 %80 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %79, i64 0, i32 109, i32 0 %81 = load %struct.net.836644*, %struct.net.836644** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.836644* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.836958* %0, i32* null) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @rcu_read_unlock_strict() #78 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void @__icmp_send(%struct.sk_buff.836958* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #78 Function:__icmp_send %6 = alloca %struct.inetpeer_addr, align 4 %7 = alloca %struct.flowi4, align 8 %8 = alloca %struct.flowi4, align 8 %9 = alloca %struct.icmp_bxm, align 8 %10 = alloca %struct.rtable.836556*, align 8 %11 = alloca %struct.ipcm_cookie, align 8 %12 = alloca %struct.flowi4, align 8 %13 = alloca i8, align 1 %14 = bitcast %struct.icmp_bxm* %9 to i8* %15 = bitcast %struct.rtable.836556** %10 to i8* %16 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 4, i32 0, i32 0 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, -2 %19 = inttoptr i64 %18 to %struct.rtable.836556* store %struct.rtable.836556* %19, %struct.rtable.836556** %10, align 8 %20 = bitcast %struct.ipcm_cookie* %11 to i8* %21 = bitcast %struct.flowi4* %12 to i8* %22 = icmp eq i64 %18, 0 br i1 %22, label %505, label %23 %24 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %19, i64 0, i32 0, i32 0 %25 = load %struct.net_device.837070*, %struct.net_device.837070** %24, align 8 %26 = icmp eq %struct.net_device.837070* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = icmp eq %struct.net_device.837070* %29, null br i1 %30, label %505, label %31 %32 = phi %struct.net_device.837070* [ %25, %23 ], [ %29, %27 ] %33 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %32, i64 0, i32 109, i32 0 %34 = load %struct.net.836644*, %struct.net.836644** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %36 = load i8*, i8** %35, align 8 %37 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %38 = load i16, i16* %37, align 4 %39 = zext i16 %38 to i64 %40 = getelementptr i8, i8* %36, i64 %39 %41 = icmp ult i8* %40, %36 br i1 %41, label %505, label %42 %43 = getelementptr i8, i8* %40, i64 20 %44 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 38 %45 = load i32, i32* %44, align 8 %46 = zext i32 %45 to i64 %47 = getelementptr i8, i8* %36, i64 %46 %48 = icmp ugt i8* %43, %47 br i1 %48, label %505, label %49 %50 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, 7 %53 = icmp eq i16 %52, 0 br i1 %53, label %54, label %505 %55 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %19, i64 0, i32 2 %56 = load i32, i32* %55, align 4 %57 = and i32 %56, 805306368 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %505 %60 = getelementptr inbounds i8, i8* %40, i64 6 %61 = bitcast i8* %60 to i16* %62 = load i16, i16* %61, align 2 %63 = and i16 %62, -225 %64 = icmp eq i16 %63, 0 br i1 %64, label %65, label %505 %66 = zext i32 %1 to i64 %67 = lshr i64 516353, %66 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 br i1 %69, label %70, label %115 %71 = getelementptr inbounds i8, i8* %40, i64 9 %72 = load i8, i8* %71, align 1 %73 = icmp eq i8 %72, 1 br i1 %73, label %74, label %115 store i8 0, i8* %13, align 1 %75 = load i8, i8* %40, align 4 %76 = shl i8 %75, 2 %77 = and i8 %76, 60 %78 = zext i8 %77 to i64 %79 = getelementptr i8, i8* %40, i64 %78 %80 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %81 = bitcast i8** %80 to i64* %82 = load i64, i64* %81, align 8 %83 = ptrtoint i8* %79 to i64 %84 = sub i64 %83, %82 %85 = trunc i64 %84 to i32 %86 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp slt i32 %91, 1 br i1 %92, label %93, label %98, !prof !4, !misexpect !5 %94 = icmp eq %struct.sk_buff.836958* %0, null br i1 %94, label %113, label %95 %96 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.836958*, i32, i8*, i32)*)(%struct.sk_buff.836958* nonnull %0, i32 %85, i8* nonnull %13, i32 1) #78 %97 = icmp sgt i32 %96, -1 br i1 %97, label %104, label %113 %105 = phi i8* [ %102, %98 ], [ %13, %95 ] %106 = load i8, i8* %105, align 1 %107 = icmp ugt i8 %106, 18 br i1 %107, label %113, label %108 %109 = zext i8 %106 to i64 %110 = lshr i64 516353, %109 %111 = and i64 %110, 1 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %114 br label %115 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %116 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %117 = load %struct.net_device.837070*, %struct.net_device.837070** %116, align 8 %118 = icmp eq %struct.net_device.837070* %117, null br i1 %118, label %126, label %119 %120 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %117, i64 0, i32 14 %121 = load i32, i32* %120, align 64 %122 = and i32 %121, 8 %123 = icmp ne i32 %122, 0 %124 = icmp sgt i32 %1, 18 %125 = or i1 %124, %123 br i1 %125, label %177, label %128 %129 = icmp eq i32 %1, 3 %130 = icmp eq i32 %2, 4 %131 = and i1 %129, %130 br i1 %131, label %177, label %132 %133 = shl nuw nsw i32 1, %1 %134 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %34, i64 0, i32 34, i32 29 %135 = load volatile i32, i32* %134, align 4 %136 = and i32 %135, %133 %137 = icmp eq i32 %136, 0 br i1 %137, label %177, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = trunc i64 %139 to i32 %141 = load volatile i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 %142 = icmp eq i32 %141, 0 br i1 %142, label %143, label %147 %144 = load volatile i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 %145 = sub i32 %140, %144 %146 = icmp ult i32 %145, 20 br i1 %146, label %504, label %147 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 0, i32 0, i32 0)) #78 %148 = load i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 %149 = sub i32 %140, %148 %150 = icmp ult i32 %149, 1000 %151 = select i1 %150, i32 %149, i32 1000 %152 = icmp ugt i32 %151, 19 br i1 %152, label %153, label %159 %154 = load volatile i32, i32* @sysctl_icmp_msgs_per_sec, align 4 %155 = mul i32 %154, %151 %156 = icmp ult i32 %155, 1000 br i1 %156, label %159, label %157 %158 = udiv i32 %155, 1000 store volatile i32 %140, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 br label %159 %160 = phi i32 [ %158, %157 ], [ 0, %153 ], [ 0, %147 ] %161 = load i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 %162 = add i32 %161, %160 %163 = load volatile i32, i32* @sysctl_icmp_msgs_burst, align 4 %164 = icmp ult i32 %162, %163 %165 = select i1 %164, i32 %162, i32 %163 %166 = icmp eq i32 %165, 0 br i1 %166, label %176, label %167 %168 = call i32 @prandom_u32() #78 %169 = zext i32 %168 to i64 %170 = mul nuw nsw i64 %169, 3 %171 = lshr i64 %170, 32 %172 = trunc i64 %171 to i32 %173 = sub i32 %165, %172 %174 = icmp sgt i32 %173, 0 %175 = select i1 %174, i32 %173, i32 0 store volatile i32 %175, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.intel_pipe_crc* @icmp_global to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 br label %177 %178 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %34, i64 0, i32 34, i32 19 %179 = load %struct.sock.836948**, %struct.sock.836948*** %178, align 32 %180 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.836948** %179) #6, !srcloc !10 %181 = inttoptr i64 %180 to %struct.sock.836948* %182 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %181, i64 0, i32 1, i32 0, i32 0, i32 0 %183 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %182) #78 %184 = icmp eq i32 %183, 0 %185 = icmp eq i64 %180, 0 %186 = or i1 %185, %184 br i1 %186, label %504, label %187 %188 = getelementptr inbounds i8, i8* %40, i64 12 %189 = getelementptr inbounds i8, i8* %40, i64 16 %190 = bitcast i8* %189 to i32* %191 = load i32, i32* %190, align 4 %192 = load %struct.rtable.836556*, %struct.rtable.836556** %10, align 8 %193 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %192, i64 0, i32 2 %194 = load i32, i32* %193, align 4 %195 = icmp sgt i32 %194, -1 br i1 %195, label %196, label %227 %228 = phi i32 [ %191, %187 ], [ %226, %225 ] %229 = getelementptr inbounds i8, i8* %40, i64 1 %230 = load i8, i8* %229, align 1 %231 = and i8 %230, 30 %232 = or i8 %231, -64 %233 = select i1 %69, i8 %232, i8 %230 %234 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %34, i64 0, i32 34, i32 44 %235 = load volatile i8, i8* %234, align 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %240, label %237 %241 = phi i32 [ %239, %237 ], [ 0, %227 ] %242 = getelementptr inbounds %struct.icmp_bxm, %struct.icmp_bxm* %9, i64 0, i32 5, i32 0, i32 1 %243 = call i32 @__ip_options_echo(%struct.net.836644* %34, %struct.ip_options* %242, %struct.sk_buff.836958* %0, %struct.ip_options* %4) #78 Function:__ip_options_echo %5 = bitcast %struct.ip_options* %1 to i8* %6 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 2 %7 = load i8, i8* %6, align 4 %8 = icmp eq i8 %7, 0 br i1 %8, label %251, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %13 = load i16, i16* %12, align 4 %14 = zext i16 %13 to i64 %15 = getelementptr i8, i8* %11, i64 %14 %16 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 %17 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 4 %18 = load i8, i8* %17, align 2 %19 = icmp eq i8 %18, 0 br i1 %19, label %54, label %20 %55 = phi i8 [ %53, %51 ], [ 20, %9 ] %56 = phi i8* [ %52, %51 ], [ %16, %9 ] %57 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 5 %58 = load i8, i8* %57, align 1 %59 = icmp eq i8 %58, 0 br i1 %59, label %135, label %60 %136 = phi i8* [ %132, %131 ], [ %56, %54 ] %137 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 3 %138 = load i8, i8* %137, align 1 %139 = icmp eq i8 %138, 0 br i1 %139, label %214, label %140 %141 = zext i8 %138 to i64 %142 = getelementptr i8, i8* %15, i64 %141 %143 = getelementptr i8, i8* %142, i64 1 %144 = load i8, i8* %143, align 1 %145 = getelementptr i8, i8* %142, i64 2 %146 = load i8, i8* %145, align 1 %147 = zext i8 %146 to i32 %148 = icmp ugt i8 %146, %144 %149 = zext i8 %144 to i32 %150 = add nuw nsw i32 %149, 1 %151 = select i1 %148, i32 %150, i32 %147 %152 = icmp ugt i32 %151, 7 br i1 %152, label %153, label %214 %154 = add nsw i32 %151, -5 %155 = zext i32 %154 to i64 %156 = getelementptr i8, i8* %142, i64 %155 %157 = bitcast i8* %156 to i32* %158 = load i32, i32* %157, align 1 %159 = add nsw i32 %151, -8 %160 = icmp ugt i32 %151, 11 br i1 %160, label %161, label %177 %162 = phi i64 [ %173, %161 ], [ 4, %153 ] %163 = phi i32 [ %172, %161 ], [ %159, %153 ] %164 = add nsw i64 %162, -1 %165 = getelementptr i8, i8* %136, i64 %164 %166 = add nsw i32 %163, -1 %167 = zext i32 %166 to i64 %168 = getelementptr i8, i8* %142, i64 %167 %169 = bitcast i8* %168 to i32* %170 = bitcast i8* %165 to i32* %171 = load i32, i32* %169, align 1 store i32 %171, i32* %170, align 1 %172 = add nsw i32 %163, -4 %173 = add nuw nsw i64 %162, 4 %174 = icmp sgt i32 %163, 7 br i1 %174, label %161, label %175 %176 = trunc i64 %173 to i32 br label %177 %178 = phi i32 [ %159, %153 ], [ %172, %175 ] %179 = phi i32 [ 4, %153 ], [ %176, %175 ] %180 = load i8*, i8** %10, align 8 %181 = load i16, i16* %12, align 4 %182 = zext i16 %181 to i64 %183 = getelementptr i8, i8* %180, i64 %182 %184 = getelementptr inbounds i8, i8* %183, i64 12 %185 = add nsw i32 %178, 3 %186 = zext i32 %185 to i64 %187 = getelementptr i8, i8* %142, i64 %186 %188 = tail call i32 @bcmp(i8* dereferenceable(4) %184, i8* dereferenceable(4) %187, i64 4) ------------- Use: =BAD PATH= Call Stack: 0 __neigh_update 1 neigh_update 2 ndisc_update 3 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.903079, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.903079* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %58 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.902571*, %struct.inet6_dev.902571** %58, align 16 %60 = icmp eq %struct.inet6_dev.902571* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.905443*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.902651*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.902651* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #78 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %79 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %102 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.902525** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %109 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.902548*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %122 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121) #78 %123 = icmp eq %struct.neighbour.902458* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121, i1 zeroext true) #78 %126 = icmp ugt %struct.neighbour.902458* %125, inttoptr (i64 -4096 to %struct.neighbour.902458*) %127 = icmp eq %struct.neighbour.902458* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.902458* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.905443*, %struct.neighbour.904925*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.902651*, %struct.neighbour.902458*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.902651* %131, %struct.neighbour.902458* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #78 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.904925*, i8*, i8, i32, i32)*)(%struct.neighbour.904925* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #78 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #78 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 %35 = icmp sgt i32 %3, -1 %36 = xor i1 %35, true %37 = icmp ult i8 %26, 64 %38 = or i1 %37, %36 br i1 %38, label %39, label %398 br i1 %35, label %53, label %40 %54 = phi i32 [ 0, %39 ], [ 0, %40 ], [ 1, %48 ] %55 = phi i1 [ false, %39 ], [ false, %40 ], [ true, %48 ] %56 = and i32 %3, 268435456 %57 = icmp eq i32 %56, 0 br i1 %57, label %60, label %58 %61 = zext i8 %2 to i32 %62 = and i32 %61, 222 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %102 %103 = getelementptr inbounds %struct.net_device, %struct.net_device* %24, i64 0, i32 51 %104 = load i8, i8* %103, align 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %108 %109 = icmp eq i8* %1, null %110 = and i8 %26, -34 %111 = icmp eq i8 %110, 0 br i1 %109, label %119, label %112 br i1 %111, label %126, label %113 %114 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %115 = zext i8 %104 to i64 %116 = tail call i32 @bcmp(i8* nonnull %1, i8* %114, i64 %115) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 ip6_neigh_lookup 3 ip6_dst_neigh_lookup ------------- Path:  Function:ip6_dst_neigh_lookup %4 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %5 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %6 = bitcast %struct.lwtunnel_state.902525** %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 2 %9 = icmp eq i32 %8, 0 %10 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %4, i64 0, i32 5 %11 = and i32 %7, 16777216 %12 = icmp eq i32 %11, 0 %13 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %4, i64 0, i32 3, i32 0 %14 = select i1 %12, %struct.in6_addr* bitcast ({ { [16 x i8] } }* @in6addr_any to %struct.in6_addr*), %struct.in6_addr* %13 %15 = select i1 %9, %struct.in6_addr* %14, %struct.in6_addr* %10 %16 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 0 %17 = load %struct.net_device.902651*, %struct.net_device.902651** %16, align 8 %18 = tail call %struct.neighbour.902458* @ip6_neigh_lookup(%struct.in6_addr* %15, %struct.net_device.902651* %17, %struct.sk_buff.902664* %1, i8* %2) #78 Function:ip6_neigh_lookup %5 = bitcast %struct.in6_addr* %0 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.in6_addr, %struct.in6_addr* %0, i64 0, i32 0, i32 0, i64 2 %8 = bitcast i32* %7 to i64* %9 = load i64, i64* %8, align 8 %10 = or i64 %9, %6 %11 = icmp eq i64 %10, 0 br i1 %11, label %14, label %12 %13 = bitcast %struct.in6_addr* %0 to i8* br label %24 %25 = phi i8* [ %23, %16 ], [ %13, %12 ], [ %3, %14 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = load volatile %struct.neigh_hash_table.902453*, %struct.neigh_hash_table.902453** getelementptr inbounds (%struct.neigh_table.902454, %struct.neigh_table.902454* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i64 0, i32 29), align 8 %27 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 0 %28 = bitcast i8* %25 to i32* %29 = load i32, i32* %28, align 4 %30 = ptrtoint %struct.net_device.902651* %1 to i64 %31 = lshr i64 %30, 32 %32 = xor i64 %31, %30 %33 = trunc i64 %32 to i32 %34 = xor i32 %29, %33 %35 = load i32, i32* %27, align 4 %36 = mul i32 %34, %35 %37 = getelementptr i8, i8* %25, i64 4 %38 = bitcast i8* %37 to i32* %39 = load i32, i32* %38, align 4 %40 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 1 %41 = load i32, i32* %40, align 4 %42 = mul i32 %41, %39 %43 = add i32 %42, %36 %44 = getelementptr i8, i8* %25, i64 8 %45 = bitcast i8* %44 to i32* %46 = load i32, i32* %45, align 4 %47 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 2 %48 = load i32, i32* %47, align 4 %49 = mul i32 %48, %46 %50 = add i32 %43, %49 %51 = getelementptr i8, i8* %25, i64 12 %52 = bitcast i8* %51 to i32* %53 = load i32, i32* %52, align 4 %54 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 3 %55 = load i32, i32* %54, align 4 %56 = mul i32 %55, %53 %57 = add i32 %50, %56 %58 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 1 %59 = load i32, i32* %58, align 8 %60 = sub i32 32, %59 %61 = lshr i32 %57, %60 %62 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 0 %63 = load %struct.neighbour.902458**, %struct.neighbour.902458*** %62, align 8 %64 = zext i32 %61 to i64 %65 = getelementptr %struct.neighbour.902458*, %struct.neighbour.902458** %63, i64 %64 %66 = load volatile %struct.neighbour.902458*, %struct.neighbour.902458** %65, align 8 %67 = icmp eq %struct.neighbour.902458* %66, null br i1 %67, label %121, label %68 %69 = phi %struct.neighbour.902458* [ %96, %94 ], [ %66, %24 ] %70 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 25 %71 = load %struct.net_device.902651*, %struct.net_device.902651** %70, align 8 %72 = icmp eq %struct.net_device.902651* %71, %1 br i1 %72, label %73, label %94 %74 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 0 %75 = bitcast i8* %74 to i32* %76 = load i32, i32* %75, align 4 %77 = xor i32 %76, %29 %78 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 4 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 4 %81 = xor i32 %80, %39 %82 = or i32 %81, %77 %83 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 8 %84 = bitcast i8* %83 to i32* %85 = load i32, i32* %84, align 4 %86 = xor i32 %85, %46 %87 = or i32 %82, %86 %88 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 12 %89 = bitcast i8* %88 to i32* %90 = load i32, i32* %89, align 4 %91 = xor i32 %90, %53 %92 = or i32 %87, %91 %93 = icmp eq i32 %92, 0 br i1 %93, label %98, label %94 %95 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 0 %96 = load volatile %struct.neighbour.902458*, %struct.neighbour.902458** %95, align 8 %97 = icmp eq %struct.neighbour.902458* %96, null br i1 %97, label %121, label %68 tail call fastcc void @local_bh_enable.67548() #78 br label %124 %125 = tail call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %25, %struct.net_device.902651* %1, i1 zeroext true) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.903079, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.903079* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %58 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.902571*, %struct.inet6_dev.902571** %58, align 16 %60 = icmp eq %struct.inet6_dev.902571* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.905443*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.902651*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.902651* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #78 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %79 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %102 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.902525** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %109 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.902548*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %122 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121) #78 %123 = icmp eq %struct.neighbour.902458* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121, i1 zeroext true) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 ipv4_neigh_lookup ------------- Path:  Function:ipv4_neigh_lookup %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %7 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 0, i32 0 %8 = load %struct.net_device.837070*, %struct.net_device.837070** %7, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 1, i32 2 %10 = bitcast i64* %9 to i8* %11 = load i8, i8* %10, align 8 switch i8 %11, label %138 [ i8 2, label %12 i8 10, label %58 ], !prof !6 %13 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %6, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %14 = load i32, i32* %13, align 4 %15 = bitcast i32* %5 to i8* store i32 %14, i32* %5, align 4 %16 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %8, i64 0, i32 14 %17 = load i32, i32* %16, align 64 %18 = and i32 %17, 24 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 %14, i32 0 %21 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %22 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 2, i64 0 %23 = ptrtoint %struct.net_device.837070* %8 to i64 %24 = lshr i64 %23, 32 %25 = xor i64 %24, %23 %26 = trunc i64 %25 to i32 %27 = xor i32 %20, %26 %28 = load i32, i32* %22, align 4 %29 = mul i32 %27, %28 %30 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = sub i32 32, %31 %33 = lshr i32 %29, %32 %34 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 0 %35 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %34, align 8 %36 = zext i32 %33 to i64 %37 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %35, i64 %36 %38 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %37, align 8 %39 = icmp eq %struct.neighbour.836545* %38, null br i1 %39, label %54, label %40 %41 = phi %struct.neighbour.836545* [ %52, %50 ], [ %38, %12 ] %42 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 25 %43 = load %struct.net_device.837070*, %struct.net_device.837070** %42, align 8 %44 = icmp eq %struct.net_device.837070* %43, %8 br i1 %44, label %45, label %50 %46 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 26, i64 0 %47 = bitcast i8* %46 to i32* %48 = load i32, i32* %47, align 8 %49 = icmp eq i32 %48, %20 br i1 %49, label %56, label %50 %51 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 0 %52 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %51, align 8 %53 = icmp eq %struct.neighbour.836545* %52, null br i1 %53, label %54, label %40 %55 = call %struct.neighbour.836545* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.836545* (%struct.neigh_table.836542*, i8*, %struct.net_device.837070*, i1)*)(%struct.neigh_table.836542* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i8* nonnull %15, %struct.net_device.837070* %8, i1 zeroext false) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 __ip_do_redirect 3 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %148 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 0 %149 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %148, align 8 %150 = icmp eq %struct.neighbour.836545* %149, null br i1 %150, label %174, label %137 tail call fastcc void @local_bh_enable.65589() #78 br label %177 %178 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 %179 = call %struct.neighbour.836545* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.836545* (%struct.neigh_table.836542*, i8*, %struct.net_device.837070*, i1)*)(%struct.neigh_table.836542* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i8* nonnull %10, %struct.net_device.837070* %178, i1 zeroext true) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) ------------- Use: =BAD PATH= Call Stack: 0 dev_get_port_parent_id 1 phys_switch_id_show ------------- Path:  Function:phys_switch_id_show %4 = alloca %struct.netdev_phys_item_id, align 1 %5 = getelementptr %struct.device.773229, %struct.device.773229* %0, i64 -2, i32 11, i32 2 %6 = bitcast i32* %5 to %struct.net_device.773585* %7 = getelementptr inbounds i32, i32* %5, i64 50 %8 = bitcast i32* %7 to %struct.net_device_ops.773499** %9 = load %struct.net_device_ops.773499*, %struct.net_device_ops.773499** %8, align 8 %10 = getelementptr inbounds %struct.net_device_ops.773499, %struct.net_device_ops.773499* %9, i64 0, i32 61 %11 = load i32 (%struct.net_device.773585*, %struct.netdev_phys_item_id*)*, i32 (%struct.net_device.773585*, %struct.netdev_phys_item_id*)** %10, align 8 %12 = icmp eq i32 (%struct.net_device.773585*, %struct.netdev_phys_item_id*)* %11, null br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.net_device_ops.773499, %struct.net_device_ops.773499* %9, i64 0, i32 74 %15 = load %struct.devlink_port* (%struct.net_device.773585*)*, %struct.devlink_port* (%struct.net_device.773585*)** %14, align 8 %16 = icmp eq %struct.devlink_port* (%struct.net_device.773585*)* %15, null br i1 %16, label %42, label %17 %18 = tail call i32 @rtnl_trylock() #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %23 %24 = getelementptr inbounds i32, i32* %5, i64 294 %25 = bitcast i32* %24 to i8* %26 = load i8, i8* %25, align 8 %27 = icmp ugt i8 %26, 1 br i1 %27, label %40, label %28 %29 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.net_device.763141*, %struct.netdev_phys_item_id*, i1)* @dev_get_port_parent_id to i32 (%struct.net_device.773585*, %struct.netdev_phys_item_id*, i1)*)(%struct.net_device.773585* %6, %struct.netdev_phys_item_id* nonnull %4, i1 zeroext false) #78 Function:dev_get_port_parent_id %4 = alloca %struct.netdev_phys_item_id, align 1 %5 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 16 %6 = load %struct.net_device_ops.763050*, %struct.net_device_ops.763050** %5, align 8 %7 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 0, i64 0 %8 = getelementptr inbounds %struct.net_device_ops.763050, %struct.net_device_ops.763050* %6, i64 0, i32 61 %9 = load i32 (%struct.net_device.763141*, %struct.netdev_phys_item_id*)*, i32 (%struct.net_device.763141*, %struct.netdev_phys_item_id*)** %8, align 8 %10 = icmp eq i32 (%struct.net_device.763141*, %struct.netdev_phys_item_id*)* %9, null br i1 %10, label %16, label %11 %12 = tail call i32 %9(%struct.net_device.763141* %0, %struct.netdev_phys_item_id* %1) #78 %13 = icmp ne i32 %12, -95 %14 = xor i1 %2, true %15 = or i1 %13, %14 br i1 %15, label %57, label %17 %18 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 13, i32 1, i32 0 %19 = bitcast %struct.list_head** %18 to i64* %20 = load i64, i64* %19, align 16 %21 = inttoptr i64 %20 to %struct.list_head* %22 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 13, i32 1 %23 = icmp eq %struct.list_head* %22, %21 br i1 %23, label %57, label %24 %25 = inttoptr i64 %20 to i8* %26 = getelementptr i8, i8* %25, i64 -24 %27 = bitcast i8* %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = icmp eq i8* %28, null br i1 %29, label %57, label %30 %31 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 1 %32 = getelementptr %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %1, i64 0, i32 0, i64 0 br label %33 %34 = phi i8* [ %28, %30 ], [ %55, %51 ] %35 = phi i64 [ %20, %30 ], [ %37, %51 ] %36 = inttoptr i64 %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast i8* %34 to %struct.net_device.763141* %39 = tail call i32 @dev_get_port_parent_id(%struct.net_device.763141* nonnull %38, %struct.netdev_phys_item_id* %1, i1 zeroext %2) #79 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %57 %42 = load i8, i8* %31, align 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %45 %46 = call i32 @bcmp(i8* nonnull dereferenceable(33) %7, i8* dereferenceable(33) %32, i64 33) ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.719470* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.719371** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.719371**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.719371* %14 = getelementptr inbounds %struct.task_struct.719371, %struct.task_struct.719371* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %77 = icmp eq i64 %2, 2084 br i1 %77, label %78, label %134 %79 = getelementptr inbounds i8, i8* %1, i64 2080 %80 = bitcast i8* %79 to i32* %81 = load i32, i32* %80, align 1 %82 = getelementptr inbounds i8, i8* %1, i64 1024 %83 = bitcast i8* %82 to i64* %84 = load i64, i64* %83, align 1 %85 = getelementptr inbounds i8, i8* %1, i64 1032 %86 = bitcast i8* %85 to i64* %87 = load i64, i64* %86, align 1 %88 = bitcast i8* %1 to i16* %89 = getelementptr inbounds i8, i8* %1, i64 1040 %90 = bitcast i8* %89 to i64* %91 = load i64, i64* %90, align 1 %92 = getelementptr inbounds i8, i8* %1, i64 1048 %93 = bitcast %struct.efivar_entry.719470* %0 to i8* %94 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %93, i64 1024) #6 %95 = icmp eq i32 %94, 0 br i1 %95, label %96, label %111 %97 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1 %98 = bitcast %struct.uuid_t* %97 to i64* %99 = load i64, i64* %98, align 1 %100 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %101 = bitcast i8* %100 to i64* %102 = load i64, i64* %101, align 1 %103 = bitcast { i64, i64 }* %4 to i8* %104 = bitcast { i64, i64 }* %5 to i8* %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %84, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %87, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %99, i64* %107, align 8 %108 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %102, i64* %108, align 8 %109 = call i32 @bcmp(i8* nonnull dereferenceable(16) %103, i8* nonnull dereferenceable(16) %104, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.719470* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.719371** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.719371**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.719371* %14 = getelementptr inbounds %struct.task_struct.719371, %struct.task_struct.719371* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %77 = icmp eq i64 %2, 2084 br i1 %77, label %78, label %134 %79 = getelementptr inbounds i8, i8* %1, i64 2080 %80 = bitcast i8* %79 to i32* %81 = load i32, i32* %80, align 1 %82 = getelementptr inbounds i8, i8* %1, i64 1024 %83 = bitcast i8* %82 to i64* %84 = load i64, i64* %83, align 1 %85 = getelementptr inbounds i8, i8* %1, i64 1032 %86 = bitcast i8* %85 to i64* %87 = load i64, i64* %86, align 1 %88 = bitcast i8* %1 to i16* %89 = getelementptr inbounds i8, i8* %1, i64 1040 %90 = bitcast i8* %89 to i64* %91 = load i64, i64* %90, align 1 %92 = getelementptr inbounds i8, i8* %1, i64 1048 %93 = bitcast %struct.efivar_entry.719470* %0 to i8* %94 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %93, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.719470* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.719371** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.719371**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.719371* %14 = getelementptr inbounds %struct.task_struct.719371, %struct.task_struct.719371* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.719470* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %54 %40 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1 %41 = bitcast %struct.uuid_t* %40 to i64* %42 = load i64, i64* %41, align 1 %43 = getelementptr inbounds %struct.efivar_entry.719470, %struct.efivar_entry.719470* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 1 %46 = bitcast { i64, i64 }* %6 to i8* %47 = bitcast { i64, i64 }* %7 to i8* %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %26, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %29, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %42, i64* %50, align 8 %51 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %45, i64* %51, align 8 %52 = call i32 @bcmp(i8* nonnull dereferenceable(16) %46, i8* nonnull dereferenceable(16) %47, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.719470* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %134 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.719371** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.719371**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.719371* %14 = getelementptr inbounds %struct.task_struct.719371, %struct.task_struct.719371* %13, i64 0, i32 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 2 %17 = icmp eq i32 %16, 0 br i1 %17, label %76, label %18 %19 = icmp eq i64 %2, 2076 br i1 %19, label %20, label %134 %21 = getelementptr inbounds i8, i8* %1, i64 2072 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 1 %24 = getelementptr inbounds i8, i8* %1, i64 1024 %25 = bitcast i8* %24 to i64* %26 = load i64, i64* %25, align 1 %27 = getelementptr inbounds i8, i8* %1, i64 1032 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 1 %30 = bitcast i8* %1 to i16* %31 = getelementptr inbounds i8, i8* %1, i64 1040 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 1 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds i8, i8* %1, i64 1044 %36 = bitcast %struct.efivar_entry.719470* %0 to i8* %37 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %36, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 xhci_port_write ------------- Path:  Function:xhci_port_write %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.xhci_port** %11 = load %struct.xhci_port*, %struct.xhci_port** %10, align 8 %12 = getelementptr inbounds %struct.xhci_port, %struct.xhci_port* %11, i64 0, i32 3 %13 = load %struct.xhci_hub*, %struct.xhci_hub** %12, align 8 %14 = getelementptr inbounds %struct.xhci_hub, %struct.xhci_hub* %13, i64 0, i32 2 %15 = load %struct.usb_hcd*, %struct.usb_hcd** %14, align 8 %16 = tail call i32 bitcast (i32 (%struct.usb_hcd.665332*)* @usb_hcd_is_primary_hcd to i32 (%struct.usb_hcd*)*)(%struct.usb_hcd* %15) #78 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21 %22 = phi %struct.usb_hcd* [ %20, %18 ], [ %15, %4 ] %23 = getelementptr inbounds %struct.usb_hcd, %struct.usb_hcd* %22, i64 0, i32 29, i64 0 %24 = bitcast i64* %23 to %struct.xhci_hcd* %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %26 = icmp ult i64 %2, 31 %27 = select i1 %26, i64 %2, i64 31 %28 = call i64 @_copy_from_user(i8* nonnull %25, i8* %1, i64 %27) #78 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %53 %31 = call i32 @bcmp(i8* nonnull dereferenceable(10) %25, i8* dereferenceable(10) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.209.55731, i64 0, i64 0), i64 10) ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device, %struct.device* %0, i64 -2, i32 2 %13 = bitcast %struct.device_private** %12 to %struct.Scsi_Host.625387* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 store i8 0, i8* %11, align 1 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.33.48808, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #78 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* store i8* null, i8** %7, align 8 %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.48809, i64 0, i64 0), i64 2) #6 %22 = icmp eq i32 %21, 0 br i1 %22, label %29, label %23 %24 = call i64 @simple_strtoull(i8* nonnull %14, i8** nonnull %7, i32 0) #78 %25 = load i8*, i8** %7, align 8 %26 = load i8, i8* %25, align 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 %30 = phi i64 [ %24, %23 ], [ -1, %19 ] %31 = bitcast i8** %6 to i8* store i8* null, i8** %6, align 8 %32 = call i32 @bcmp(i8* nonnull dereferenceable(2) %15, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.48809, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device, %struct.device* %0, i64 -2, i32 2 %13 = bitcast %struct.device_private** %12 to %struct.Scsi_Host.625387* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 store i8 0, i8* %11, align 1 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.33.48808, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #78 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* store i8* null, i8** %7, align 8 %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.34.48809, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46658, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %365 = icmp eq i64 %206, 2338324113575339364 br i1 %365, label %366, label %412 %367 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %368 = bitcast i8* %367 to i32* %369 = load i32, i32* %368, align 8 %370 = icmp eq i32 %369, 1701736302 br i1 %370, label %380, label %371 %372 = trunc i32 %369 to i16 %373 = call i32 @bcmp(i8* dereferenceable(6) %367, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %374 = icmp eq i32 %373, 0 %375 = icmp eq i16 %372, 28521 %376 = or i1 %374, %375 br i1 %376, label %380, label %377 %378 = call i32 @bcmp(i8* dereferenceable(3) %367, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.46629, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46658, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %365 = icmp eq i64 %206, 2338324113575339364 br i1 %365, label %366, label %412 %367 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %368 = bitcast i8* %367 to i32* %369 = load i32, i32* %368, align 8 %370 = icmp eq i32 %369, 1701736302 br i1 %370, label %380, label %371 %372 = trunc i32 %369 to i16 %373 = call i32 @bcmp(i8* dereferenceable(6) %367, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46658, i64 0, i64 0), i64 7) %297 = icmp eq i32 %296, 0 br i1 %297, label %298, label %364 %299 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %300 = bitcast i32* %9 to i8* store i32 0, i32* %9, align 4 %301 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %302 = call i32 @bcmp(i8* dereferenceable(7) %301, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.46659, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %296 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.46658, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %220 = call i32 @bcmp(i8* dereferenceable(3) %209, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.46629, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %295 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46657, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46626, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.46628, i64 0, i64 0), i64 2) %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %73 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.46629, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46657, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46626, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.46628, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46657, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46626, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46657, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46626, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.46657, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.46656, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46626, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %408, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.46628, i64 0, i64 0), i64 2) %31 = icmp eq i32 %30, 0 br i1 %31, label %35, label %32 %33 = call i32 @bcmp(i8* dereferenceable(3) %23, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.46629, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46626, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %408, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.46628, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46626, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %408, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.46630, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.46626, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %412, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %412 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.46655, i64 0, i64 0), i64 5) ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.438758** %12 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %11, align 8 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #79 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39851, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.438758** %12 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 store i8 0, i8* %6, align 1 %14 = icmp ugt i64 %2, 15 br i1 %14, label %68, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %68 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #79 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39851, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %12 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #78 %13 = trunc i64 %12 to i32 %14 = icmp slt i32 %13, 0 br i1 %14, label %15, label %18 %19 = call i64 @strlen(i8* nonnull %8) #79 %20 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %19 %21 = getelementptr i8, i8* %20, i64 -1 store i8* %21, i8** %5, align 8 %22 = icmp eq i64 %19, 0 br i1 %22, label %27, label %23 %28 = bitcast [80 x i8]* %6 to i64* %29 = load i64, i64* %28, align 16 %30 = icmp eq i64 %29, 4424061378758928740 br i1 %30, label %31, label %39 %40 = call i32 @bcmp(i8* nonnull dereferenceable(5) %8, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.9.3170, i64 0, i64 0), i64 5) ------------- Use: =BAD PATH= Call Stack: 0 load_elf_binary ------------- Path:  Function:load_elf_binary %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.linux_binprm.168775, %struct.linux_binprm.168775* %0, i64 0, i32 22, i64 0 %5 = bitcast i8* %4 to %struct.elf64_hdr* %6 = tail call i32 @bcmp(i8* dereferenceable(4) %4, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.17887, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 load_elf_binary.17892 ------------- Path:  Function:load_elf_binary.17892 %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.linux_binprm.168775, %struct.linux_binprm.168775* %0, i64 0, i32 22, i64 0 %5 = bitcast i8* %4 to %struct.elf32_hdr* %6 = tail call i32 @bcmp(i8* dereferenceable(4) %4, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.17900, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 proc_ns_dir_lookup ------------- Path:  Function:proc_ns_dir_lookup %4 = getelementptr %struct.inode.182601, %struct.inode.182601* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.182349** %6 = load %struct.pid.182349*, %struct.pid.182349** %5, align 8 %7 = tail call %struct.task_struct.182540* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.182540* (%struct.pid.182349*, i32)*)(%struct.pid.182349* %6, i32 0) #78 %8 = icmp eq %struct.task_struct.182540* %7, null br i1 %8, label %58, label %9 %10 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 4 %11 = bitcast %struct.qstr* %10 to %struct.util_est* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %11, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.dentry.182605, %struct.dentry.182605* %1, i64 0, i32 4, i32 1 %15 = zext i32 %13 to i64 br label %16 %17 = phi %struct.proc_ns_operations.182542** [ getelementptr inbounds ([9 x %struct.proc_ns_operations.182542*], [9 x %struct.proc_ns_operations.182542*]* @ns_entries, i64 0, i64 0), %9 ], [ %28, %27 ] %18 = load %struct.proc_ns_operations.182542*, %struct.proc_ns_operations.182542** %17, align 8 %19 = getelementptr inbounds %struct.proc_ns_operations.182542, %struct.proc_ns_operations.182542* %18, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = tail call i64 @strlen(i8* %20) #79 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %27 %24 = load i8*, i8** %14, align 8 %25 = tail call i32 @bcmp(i8* %24, i8* %20, i64 %15) ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236416** %6 = load %struct.nfs_unlinkdata.236416*, %struct.nfs_unlinkdata.236416** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236411* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241452*, %struct.nfs4_minor_version_ops.241452** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241452, %struct.nfs4_minor_version_ops.241452* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #78 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236419** %7 = load %struct.nfs_renamedata.236419*, %struct.nfs_renamedata.236419** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236411* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241452*, %struct.nfs4_minor_version_ops.241452** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241452, %struct.nfs4_minor_version_ops.241452* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #78 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.216899*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #78 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236401** %10 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236428** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241452*, %struct.nfs4_minor_version_ops.241452** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241452, %struct.nfs4_minor_version_ops.241452* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #78 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236428** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236401** %46 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241452*, %struct.nfs4_minor_version_ops.241452** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241452, %struct.nfs4_minor_version_ops.241452* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #78 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #78 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 2 %19 = bitcast %struct.nfs_fh** %16 to %struct.seqcount_spinlock** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236401** %64 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %63, align 16 store %struct.seqcount_spinlock* %18, %struct.seqcount_spinlock** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page** %22, %struct.page*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %34 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi %struct.page** [ %95, %85 ], [ %22, %65 ] %74 = phi i32 [ %96, %85 ], [ 0, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #78 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %74, 0 br i1 %82, label %83, label %166 %84 = zext i32 %74 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %74, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.136327*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #78 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236401** %187 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241452*, %struct.nfs4_minor_version_ops.241452** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241452, %struct.nfs4_minor_version_ops.241452* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #78 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 2 %17 = bitcast %struct.nfs_fh** %14 to %struct.seqcount_spinlock** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %33 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236401** %62 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %61, align 16 store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 store i32* null, i32** %18, align 8 %63 = load i32, i32* %20, align 8 store i32 %63, i32* %19, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %64 = load i64, i64* %31, align 8 store i64 %64, i64* %32, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #78 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #78 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %33, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %109, label %70 %110 = phi i32 [ %99, %107 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %111)) #6 to label %125 [label %111], !srcloc !4 %126 = load %struct.super_block*, %struct.super_block** %11, align 8 %127 = getelementptr inbounds %struct.super_block, %struct.super_block* %126, i64 0, i32 28 %128 = bitcast i8** %127 to %struct.nfs_server.236401** %129 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %128, align 16 %130 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %129, i32 %110, %struct.nfs4_exception* nonnull %8) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241452*, %struct.nfs4_minor_version_ops.241452** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241452, %struct.nfs4_minor_version_ops.241452* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #78 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 2 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %90 [label %76], !srcloc !4 %91 = load %struct.super_block*, %struct.super_block** %13, align 8 %92 = getelementptr inbounds %struct.super_block, %struct.super_block* %91, i64 0, i32 28 %93 = bitcast i8** %92 to %struct.nfs_server.236401** %94 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %93, align 16 %95 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %94, i32 %75, %struct.nfs4_exception* nonnull %7) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241452*, %struct.nfs4_minor_version_ops.241452** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241452, %struct.nfs4_minor_version_ops.241452* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #78 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 7 %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 32 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %58 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 16 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %58 %25 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %25, label %33, label %26 %27 = getelementptr inbounds %struct.nfs_client.241456, %struct.nfs_client.241456* %9, i64 0, i32 31 %28 = load %struct.nfs4_minor_version_ops.241452*, %struct.nfs4_minor_version_ops.241452** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_minor_version_ops.241452, %struct.nfs4_minor_version_ops.241452* %28, i64 0, i32 4 %30 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %29, align 8 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3 %32 = tail call zeroext i1 %30(%struct.nfs4_stateid_struct* %31, %struct.nfs4_stateid_struct* nonnull %1) #78 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236416** %6 = load %struct.nfs_unlinkdata.236416*, %struct.nfs_unlinkdata.236416** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236411* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236419** %7 = load %struct.nfs_renamedata.236419*, %struct.nfs_renamedata.236419** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236411* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.216899*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #78 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236401** %10 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236428** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236428** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236401** %46 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #78 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 2 %19 = bitcast %struct.nfs_fh** %16 to %struct.seqcount_spinlock** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236401** %64 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %63, align 16 store %struct.seqcount_spinlock* %18, %struct.seqcount_spinlock** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page** %22, %struct.page*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %34 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi %struct.page** [ %95, %85 ], [ %22, %65 ] %74 = phi i32 [ %96, %85 ], [ 0, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #78 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %74, 0 br i1 %82, label %83, label %166 %84 = zext i32 %74 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %74, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.136327*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #78 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236401** %187 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 2 %17 = bitcast %struct.nfs_fh** %14 to %struct.seqcount_spinlock** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %33 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236401** %62 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %61, align 16 store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 store i32* null, i32** %18, align 8 %63 = load i32, i32* %20, align 8 store i32 %63, i32* %19, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %64 = load i64, i64* %31, align 8 store i64 %64, i64* %32, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #78 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #78 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %33, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %109, label %70 %110 = phi i32 [ %99, %107 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %111)) #6 to label %125 [label %111], !srcloc !4 %126 = load %struct.super_block*, %struct.super_block** %11, align 8 %127 = getelementptr inbounds %struct.super_block, %struct.super_block* %126, i64 0, i32 28 %128 = bitcast i8** %127 to %struct.nfs_server.236401** %129 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %128, align 16 %130 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %129, i32 %110, %struct.nfs4_exception* nonnull %8) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 2 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %90 [label %76], !srcloc !4 %91 = load %struct.super_block*, %struct.super_block** %13, align 8 %92 = getelementptr inbounds %struct.super_block, %struct.super_block* %91, i64 0, i32 28 %93 = bitcast i8** %92 to %struct.nfs_server.236401** %94 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %93, align 16 %95 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %94, i32 %75, %struct.nfs4_exception* nonnull %7) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236416** %6 = load %struct.nfs_unlinkdata.236416*, %struct.nfs_unlinkdata.236416** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236411* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236419** %7 = load %struct.nfs_renamedata.236419*, %struct.nfs_renamedata.236419** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236411* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.216899*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #78 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236401** %10 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236428** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236428** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236401** %46 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #78 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 2 %19 = bitcast %struct.nfs_fh** %16 to %struct.seqcount_spinlock** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236401** %64 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %63, align 16 store %struct.seqcount_spinlock* %18, %struct.seqcount_spinlock** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page** %22, %struct.page*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %34 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi %struct.page** [ %95, %85 ], [ %22, %65 ] %74 = phi i32 [ %96, %85 ], [ 0, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #78 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %74, 0 br i1 %82, label %83, label %166 %84 = zext i32 %74 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %74, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.136327*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #78 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236401** %187 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 2 %17 = bitcast %struct.nfs_fh** %14 to %struct.seqcount_spinlock** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %33 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236401** %62 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %61, align 16 store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 store i32* null, i32** %18, align 8 %63 = load i32, i32* %20, align 8 store i32 %63, i32* %19, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %64 = load i64, i64* %31, align 8 store i64 %64, i64* %32, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #78 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #78 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %33, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %109, label %70 %110 = phi i32 [ %99, %107 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %111)) #6 to label %125 [label %111], !srcloc !4 %126 = load %struct.super_block*, %struct.super_block** %11, align 8 %127 = getelementptr inbounds %struct.super_block, %struct.super_block* %126, i64 0, i32 28 %128 = bitcast i8** %127 to %struct.nfs_server.236401** %129 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %128, align 16 %130 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %129, i32 %110, %struct.nfs4_exception* nonnull %8) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 2 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %90 [label %76], !srcloc !4 %91 = load %struct.super_block*, %struct.super_block** %13, align 8 %92 = getelementptr inbounds %struct.super_block, %struct.super_block* %91, i64 0, i32 28 %93 = bitcast i8** %92 to %struct.nfs_server.236401** %94 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %93, align 16 %95 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %94, i32 %75, %struct.nfs4_exception* nonnull %7) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %59 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %60 = tail call i32 @bcmp(i8* dereferenceable(12) %59, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236416** %6 = load %struct.nfs_unlinkdata.236416*, %struct.nfs_unlinkdata.236416** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236411* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #78 %89 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238142** %91 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238142* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236419** %7 = load %struct.nfs_renamedata.236419*, %struct.nfs_renamedata.236419** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236411* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #78 %89 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238142** %91 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238142* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.216899*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #78 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236401** %10 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236428** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #78 %89 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238142** %91 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238142* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236428** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236401** %46 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #78 %89 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238142** %91 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238142* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #78 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 2 %19 = bitcast %struct.nfs_fh** %16 to %struct.seqcount_spinlock** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236401** %64 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %63, align 16 store %struct.seqcount_spinlock* %18, %struct.seqcount_spinlock** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page** %22, %struct.page*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %34 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi %struct.page** [ %95, %85 ], [ %22, %65 ] %74 = phi i32 [ %96, %85 ], [ 0, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #78 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %74, 0 br i1 %82, label %83, label %166 %84 = zext i32 %74 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %74, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.136327*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #78 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236401** %187 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #78 %89 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238142** %91 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238142* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 2 %17 = bitcast %struct.nfs_fh** %14 to %struct.seqcount_spinlock** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %33 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236401** %62 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %61, align 16 store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 store i32* null, i32** %18, align 8 %63 = load i32, i32* %20, align 8 store i32 %63, i32* %19, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %64 = load i64, i64* %31, align 8 store i64 %64, i64* %32, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #78 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #78 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %33, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %109, label %70 %110 = phi i32 [ %99, %107 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %111)) #6 to label %125 [label %111], !srcloc !4 %126 = load %struct.super_block*, %struct.super_block** %11, align 8 %127 = getelementptr inbounds %struct.super_block, %struct.super_block* %126, i64 0, i32 28 %128 = bitcast i8** %127 to %struct.nfs_server.236401** %129 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %128, align 16 %130 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %129, i32 %110, %struct.nfs4_exception* nonnull %8) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #78 %89 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238142** %91 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238142* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 2 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %90 [label %76], !srcloc !4 %91 = load %struct.super_block*, %struct.super_block** %13, align 8 %92 = getelementptr inbounds %struct.super_block, %struct.super_block* %91, i64 0, i32 28 %93 = bitcast i8** %92 to %struct.nfs_server.236401** %94 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %93, align 16 %95 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %94, i32 %75, %struct.nfs4_exception* nonnull %7) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #78 %89 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238142** %91 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238142* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #78 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.238083** %7 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %7, i64 0, i32 0 %9 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 78 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head* %13 = bitcast %struct.seqcount_spinlock* %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %138, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 0 %19 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %9, i64 0, i32 22 %20 = bitcast i64* %19 to i8* br label %21 %22 = phi %struct.list_head* [ %14, %16 ], [ %136, %133 ] %23 = phi i8 [ 0, %16 ], [ %134, %133 ] %24 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %25 = bitcast %struct.list_head* %24 to %struct.nfs4_state.238111** %26 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %25, align 8 %27 = icmp eq %struct.nfs4_state.238111* %26, null br i1 %27, label %133, label %28 %29 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %53 %33 = load i32, i32* %18, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %44 = load volatile i64, i64* %43, align 8 %45 = and i64 %44, 512 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %53 %54 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 5 %55 = load volatile i64, i64* %54, align 8 %56 = and i64 %55, 4 %57 = icmp eq i64 %56, 0 br i1 %57, label %82, label %58 %83 = load volatile i64, i64* %54, align 8 %84 = and i64 %83, 1 %85 = icmp eq i64 %84, 0 br i1 %85, label %133, label %86 %87 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 6 %88 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %87, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %88) #78 %89 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %26, i64 0, i32 2 %90 = bitcast %struct.list_head* %89 to %struct.nfs4_lock_state.238142** %91 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %91, i64 0, i32 0 %93 = icmp eq %struct.list_head* %92, %89 br i1 %93, label %119, label %94 %95 = phi %struct.nfs4_lock_state.238142* [ %116, %114 ], [ %91, %86 ] %96 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 2 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 1 %99 = icmp eq i64 %98, 0 br i1 %99, label %114, label %100 %101 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %95, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %102 = tail call i32 @bcmp(i8* dereferenceable(12) %101, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation_on_close 2 nfs4_put_open_state 3 __nfs4_close 4 nfs4_close_sync 5 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %3, align 8 %5 = icmp eq %struct.nfs4_state.236428* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238111*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236428*, i32)*)(%struct.nfs4_state.236428* nonnull %4, i32 %13) #78 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238111* %0, i32 %1, i32 1) #78 Function:__nfs4_close %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 6 %7 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %6, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32* %7) #6, !srcloc !4 %8 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %9 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %8, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %10 = and i32 %1, 3 switch i32 %10, label %23 [ i32 1, label %11 i32 2, label %15 i32 3, label %19 ] %20 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, -1 store i32 %22, i32* %20, align 4 br label %23 %24 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %62 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 10 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %40 %32 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = load volatile i64, i64* %32, align 8 %36 = and i64 %35, 32 %37 = or i64 %36, %34 %38 = icmp ne i64 %37, 0 %39 = zext i1 %38 to i32 br label %40 %41 = phi i32 [ %39, %31 ], [ 0, %27 ] %42 = phi i32 [ 2, %31 ], [ 3, %27 ] %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 11 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %62 %63 = phi i32 [ %58, %60 ], [ %58, %46 ], [ 0, %23 ], [ %41, %40 ] %64 = phi i32 [ 0, %60 ], [ 1, %46 ], [ 3, %23 ], [ %42, %40 ] %65 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 13 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %64 br i1 %67, label %94, label %68 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %95 = bitcast %struct.spinlock* %8 to i8* store volatile i8 0, i8* %95, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %96 = icmp eq i32 %63, 0 br i1 %96, label %97, label %116 tail call void @nfs4_put_open_state(%struct.nfs4_state.238111* %0) #79 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 br i1 %8, label %9, label %49 %10 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 18 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 1, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 1, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %12, align 8 %18 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 0, i32 1 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 0, i32 0 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 1 store %struct.list_head* %19, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 store volatile %struct.list_head* %21, %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %20, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %25, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @nfs4_inode_return_delegation_on_close(%struct.inode* %3) #78 Function:nfs4_inode_return_delegation_on_close %2 = icmp eq %struct.inode* %0, null br i1 %2, label %63, label %3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 88 %6 = bitcast %struct.seqcount_spinlock* %5 to %struct.nfs_delegation.236475** %7 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %6, align 8 %8 = icmp eq %struct.nfs_delegation.236475* %7, null br i1 %8, label %60, label %9 %61 = phi %struct.nfs_delegation.236475* [ %56, %59 ], [ null, %55 ], [ null, %22 ], [ null, %14 ], [ null, %9 ], [ null, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %62 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* nonnull %0, %struct.nfs_delegation.236475* %61, i32 0) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %44 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 %45 = icmp eq %struct.list_head* %44, %35 br i1 %45, label %144, label %46 %47 = phi %struct.list_head* [ %142, %140 ], [ %44, %43 ] %48 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -8 %49 = bitcast %struct.list_head* %48 to %struct.nfs_open_context.241415* %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -2 %51 = bitcast %struct.list_head* %50 to %struct.nfs4_state.241414** %52 = load %struct.nfs4_state.241414*, %struct.nfs4_state.241414** %51, align 8 %53 = icmp eq %struct.nfs4_state.241414* %52, null br i1 %53, label %140, label %54 %55 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 5 %56 = load volatile i64, i64* %55, align 8 %57 = and i64 %56, 2 %58 = icmp eq i64 %57, 0 br i1 %58, label %140, label %59 %60 = load volatile i64, i64* %55, align 8 %61 = and i64 %60, 512 %62 = icmp eq i64 %61, 0 br i1 %62, label %63, label %140 %64 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8, i32 1 %65 = load i32, i32* %64, align 4 %66 = load i32, i32* %37, align 4 %67 = icmp eq i32 %65, %66 br i1 %67, label %68, label %140 %69 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8 %70 = bitcast %struct.nfs4_stateid_struct* %69 to i8* %71 = tail call i32 @bcmp(i8* dereferenceable(16) %70, i8* dereferenceable(16) %38, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 _nfs4_do_setattr 4 nfs4_do_setattr 5 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #78 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236429** %24 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236429* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236429* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236429* %31, %struct.nfs4_label* null) #79 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236401** %15 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236429* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236428* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 2 %27 = bitcast %struct.nfs_fh** %24 to %struct.seqcount_spinlock** %28 = bitcast %struct.nfs_setattrargs* %8 to i8* store %struct.seqcount_spinlock* %26, %struct.seqcount_spinlock** %27, align 8 %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %30 = bitcast %struct.nfs4_stateid_struct* %29 to i8* %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %32, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %34 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %34, i32** %33, align 8 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %35, align 8 %36 = bitcast %struct.nfs_setattrres* %9 to i8* %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 %38 = bitcast %struct.nfs_setattrres* %9 to i8* store %struct.nfs_fattr* %2, %struct.nfs_fattr** %37, align 8 %39 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %39, align 8 %40 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %40, align 8 %41 = bitcast %struct.nfs4_exception* %10 to i8* %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236428* %22, %struct.nfs4_state.236428** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %29, %struct.nfs4_stateid_struct** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = and i32 %49, 6145 %51 = icmp eq i32 %50, 0 %52 = select i1 %51, i64 256, i64 131328 %53 = and i32 %49, 6 %54 = icmp eq i32 %53, 0 %55 = or i64 %52, 4096 %56 = select i1 %54, i64 %52, i64 %55 %57 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 35, i64 0 %58 = bitcast i32* %57 to i8* %59 = icmp eq %struct.inode* %0, null %60 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 38 %61 = bitcast %struct.seqcount_spinlock* %60 to i64* %62 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 0 %64 = icmp eq %struct.nfs4_state.236428* %22, null %65 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %22, i64 0, i32 13 br label %66 br i1 %59, label %92, label %67 %93 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236429* %4) #79 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236401** %14 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %44 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 %45 = icmp eq %struct.list_head* %44, %35 br i1 %45, label %144, label %46 %47 = phi %struct.list_head* [ %142, %140 ], [ %44, %43 ] %48 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -8 %49 = bitcast %struct.list_head* %48 to %struct.nfs_open_context.241415* %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -2 %51 = bitcast %struct.list_head* %50 to %struct.nfs4_state.241414** %52 = load %struct.nfs4_state.241414*, %struct.nfs4_state.241414** %51, align 8 %53 = icmp eq %struct.nfs4_state.241414* %52, null br i1 %53, label %140, label %54 %55 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 5 %56 = load volatile i64, i64* %55, align 8 %57 = and i64 %56, 2 %58 = icmp eq i64 %57, 0 br i1 %58, label %140, label %59 %60 = load volatile i64, i64* %55, align 8 %61 = and i64 %60, 512 %62 = icmp eq i64 %61, 0 br i1 %62, label %63, label %140 %64 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8, i32 1 %65 = load i32, i32* %64, align 4 %66 = load i32, i32* %37, align 4 %67 = icmp eq i32 %65, %66 br i1 %67, label %68, label %140 %69 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8 %70 = bitcast %struct.nfs4_stateid_struct* %69 to i8* %71 = tail call i32 @bcmp(i8* dereferenceable(16) %70, i8* dereferenceable(16) %38, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.236417** %6 = load %struct.nfs_renameargs.236417*, %struct.nfs_renameargs.236417** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.236418** %9 = load %struct.nfs_renameres.236418*, %struct.nfs_renameres.236418** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %44 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 %45 = icmp eq %struct.list_head* %44, %35 br i1 %45, label %144, label %46 %47 = phi %struct.list_head* [ %142, %140 ], [ %44, %43 ] %48 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -8 %49 = bitcast %struct.list_head* %48 to %struct.nfs_open_context.241415* %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -2 %51 = bitcast %struct.list_head* %50 to %struct.nfs4_state.241414** %52 = load %struct.nfs4_state.241414*, %struct.nfs4_state.241414** %51, align 8 %53 = icmp eq %struct.nfs4_state.241414* %52, null br i1 %53, label %140, label %54 %55 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 5 %56 = load volatile i64, i64* %55, align 8 %57 = and i64 %56, 2 %58 = icmp eq i64 %57, 0 br i1 %58, label %140, label %59 %60 = load volatile i64, i64* %55, align 8 %61 = and i64 %60, 512 %62 = icmp eq i64 %61, 0 br i1 %62, label %63, label %140 %64 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8, i32 1 %65 = load i32, i32* %64, align 4 %66 = load i32, i32* %37, align 4 %67 = icmp eq i32 %65, %66 br i1 %67, label %68, label %140 %69 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8 %70 = bitcast %struct.nfs4_stateid_struct* %69 to i8* %71 = tail call i32 @bcmp(i8* dereferenceable(16) %70, i8* dereferenceable(16) %38, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_inode_make_writeable 3 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %44 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 %45 = icmp eq %struct.list_head* %44, %35 br i1 %45, label %144, label %46 %47 = phi %struct.list_head* [ %142, %140 ], [ %44, %43 ] %48 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -8 %49 = bitcast %struct.list_head* %48 to %struct.nfs_open_context.241415* %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -2 %51 = bitcast %struct.list_head* %50 to %struct.nfs4_state.241414** %52 = load %struct.nfs4_state.241414*, %struct.nfs4_state.241414** %51, align 8 %53 = icmp eq %struct.nfs4_state.241414* %52, null br i1 %53, label %140, label %54 %55 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 5 %56 = load volatile i64, i64* %55, align 8 %57 = and i64 %56, 2 %58 = icmp eq i64 %57, 0 br i1 %58, label %140, label %59 %60 = load volatile i64, i64* %55, align 8 %61 = and i64 %60, 512 %62 = icmp eq i64 %61, 0 br i1 %62, label %63, label %140 %64 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8, i32 1 %65 = load i32, i32* %64, align 4 %66 = load i32, i32* %37, align 4 %67 = icmp eq i32 %65, %66 br i1 %67, label %68, label %140 %69 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8 %70 = bitcast %struct.nfs4_stateid_struct* %69 to i8* %71 = tail call i32 @bcmp(i8* dereferenceable(16) %70, i8* dereferenceable(16) %38, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_end_delegation_return 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.236413** %6 = load %struct.nfs_removeargs.236413*, %struct.nfs_removeargs.236413** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.236415** %9 = load %struct.nfs_removeres.236415*, %struct.nfs_removeres.236415** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.236401** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #78 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %44 = load volatile %struct.list_head*, %struct.list_head** %36, align 8 %45 = icmp eq %struct.list_head* %44, %35 br i1 %45, label %144, label %46 %47 = phi %struct.list_head* [ %142, %140 ], [ %44, %43 ] %48 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -8 %49 = bitcast %struct.list_head* %48 to %struct.nfs_open_context.241415* %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -2 %51 = bitcast %struct.list_head* %50 to %struct.nfs4_state.241414** %52 = load %struct.nfs4_state.241414*, %struct.nfs4_state.241414** %51, align 8 %53 = icmp eq %struct.nfs4_state.241414* %52, null br i1 %53, label %140, label %54 %55 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 5 %56 = load volatile i64, i64* %55, align 8 %57 = and i64 %56, 2 %58 = icmp eq i64 %57, 0 br i1 %58, label %140, label %59 %60 = load volatile i64, i64* %55, align 8 %61 = and i64 %60, 512 %62 = icmp eq i64 %61, 0 br i1 %62, label %63, label %140 %64 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8, i32 1 %65 = load i32, i32* %64, align 4 %66 = load i32, i32* %37, align 4 %67 = icmp eq i32 %65, %66 br i1 %67, label %68, label %140 %69 = getelementptr inbounds %struct.nfs4_state.241414, %struct.nfs4_state.241414* %52, i64 0, i32 8 %70 = bitcast %struct.nfs4_stateid_struct* %69 to i8* %71 = tail call i32 @bcmp(i8* dereferenceable(16) %70, i8* dereferenceable(16) %38, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236416** %6 = load %struct.nfs_unlinkdata.236416*, %struct.nfs_unlinkdata.236416** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236411* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236428* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238083*, %struct.nfs4_state.238111*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236401*, %struct.nfs4_state.236428*)*)(%struct.nfs_server.236401* %0, %struct.nfs4_state.236428* nonnull %7) #78 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #78 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236419** %7 = load %struct.nfs_renamedata.236419*, %struct.nfs_renamedata.236419** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236411* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #78 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236428* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238083*, %struct.nfs4_state.238111*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236401*, %struct.nfs4_state.236428*)*)(%struct.nfs_server.236401* %0, %struct.nfs4_state.236428* nonnull %7) #78 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #78 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.216899*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #78 br label %74 %75 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %76 = bitcast {}** %75 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %77 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %76, align 8 %78 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %77, null br i1 %78, label %81, label %79 %82 = call i32 @nfs4_read_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236401** %10 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %9, align 16 %11 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = load i32, i32* %11, align 4 %29 = icmp slt i32 %28, 0 br i1 %29, label %30, label %54 %31 = bitcast %struct.nfs4_exception* %3 to i8* %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %33 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %32, align 8 %34 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %33, i64 0, i32 5 %35 = bitcast %struct.nfs4_state.236428** %34 to i64* %36 = load i64, i64* %35, align 8 %37 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %39 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %40 = load i64, i64* %39, align 8 %41 = bitcast %struct.inode** %38 to i64* store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %43 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %43, %struct.nfs4_stateid_struct** %42, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %46, align 1 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %10, i32 %28, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236428* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238083*, %struct.nfs4_state.238111*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236401*, %struct.nfs4_state.236428*)*)(%struct.nfs_server.236401* %0, %struct.nfs4_state.236428* nonnull %7) #78 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #78 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %26 = bitcast %struct.nfs4_exception* %3 to i8* %27 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %28 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %27, align 8 %29 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %28, i64 0, i32 5 %30 = bitcast %struct.nfs4_state.236428** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %34 = bitcast %struct.nfs_pgio_header.236445* %1 to i64* %35 = load i64, i64* %34, align 8 %36 = bitcast %struct.inode** %33 to i64* store i64 %35, i64* %36, align 8 %37 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %38 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %38, %struct.nfs4_stateid_struct** %37, align 8 %39 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %39, align 8 %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %43 = load %struct.super_block*, %struct.super_block** %42, align 8 %44 = getelementptr inbounds %struct.super_block, %struct.super_block* %43, i64 0, i32 28 %45 = bitcast i8** %44 to %struct.nfs_server.236401** %46 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %45, align 16 %47 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task* %0, %struct.nfs_server.236401* %46, i32 %23, %struct.nfs4_exception* nonnull %3) #79 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %1, i64 0, i32 0 %6 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %1, i32 %2, %struct.nfs4_exception* %3) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236428* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238083*, %struct.nfs4_state.238111*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236401*, %struct.nfs4_state.236428*)*)(%struct.nfs_server.236401* %0, %struct.nfs4_state.236428* nonnull %7) #78 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #78 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %9 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode* %3, i8* %5, i64 %6) #78 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca [16 x %struct.page*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 2 %19 = bitcast %struct.nfs_fh** %16 to %struct.seqcount_spinlock** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %56 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %57 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %56, i64 0, i32 0, i32 0 %58 = bitcast %struct.spinlock* %56 to i8* %59 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %60 %61 = load %struct.super_block*, %struct.super_block** %12, align 8 %62 = getelementptr inbounds %struct.super_block, %struct.super_block* %61, i64 0, i32 28 %63 = bitcast i8** %62 to %struct.nfs_server.236401** %64 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %63, align 16 store %struct.seqcount_spinlock* %18, %struct.seqcount_spinlock** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page** %22, %struct.page*** %21, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 33), %struct.rpc_procinfo** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %166, label %65 %66 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %64, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = and i32 %67, 8 %69 = icmp eq i32 %68, 0 %70 = or i1 %69, %34 %71 = select i1 %69, i32 -95, i32 -34 br i1 %70, label %166, label %72 %73 = phi %struct.page** [ %95, %85 ], [ %22, %65 ] %74 = phi i32 [ %96, %85 ], [ 0, %65 ] %75 = phi i64 [ %94, %85 ], [ %2, %65 ] %76 = phi i8* [ %93, %85 ], [ %1, %65 ] %77 = icmp ult i64 %75, 4096 %78 = select i1 %77, i64 %75, i64 4096 %79 = call %struct.page* @alloc_pages(i32 3264, i32 0) #78 %80 = icmp eq %struct.page* %79, null br i1 %80, label %81, label %85 %82 = icmp sgt i32 %74, 0 br i1 %82, label %83, label %166 %84 = zext i32 %74 to i64 br label %98 %99 = phi i64 [ %84, %83 ], [ %106, %98 ] %100 = phi i32 [ %74, %83 ], [ %101, %98 ] %101 = add nsw i32 %100, -1 %102 = zext i32 %101 to i64 %103 = getelementptr [16 x %struct.page*], [16 x %struct.page*]* %6, i64 0, i64 %102 %104 = load %struct.page*, %struct.page** %103, align 8 call void bitcast (void (%struct.page.136327*, i32)* @__free_pages to void (%struct.page*, i32)*)(%struct.page* %104, i32 0) #78 %105 = icmp sgt i64 %99, 1 %106 = add nsw i64 %99, -1 br i1 %105, label %98, label %166 %167 = phi i32 [ %137, %165 ], [ -22, %60 ], [ %71, %65 ], [ %96, %107 ], [ -12, %81 ], [ -12, %98 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_set_acl, %168)) #6 to label %182 [label %168], !srcloc !8 switch i32 %167, label %183 [ i32 -10039, label %192 i32 -10041, label %192 ] %184 = load %struct.super_block*, %struct.super_block** %12, align 8 %185 = getelementptr inbounds %struct.super_block, %struct.super_block* %184, i64 0, i32 28 %186 = bitcast i8** %185 to %struct.nfs_server.236401** %187 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %186, align 16 %188 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %187, i32 %167, %struct.nfs4_exception* nonnull %10) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236428* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238083*, %struct.nfs4_state.238111*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236401*, %struct.nfs4_state.236428*)*)(%struct.nfs_server.236401* %0, %struct.nfs4_state.236428* nonnull %7) #78 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #78 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 2 %17 = bitcast %struct.nfs_fh** %14 to %struct.seqcount_spinlock** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %33 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236401** %62 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %61, align 16 store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 store i32* null, i32** %18, align 8 %63 = load i32, i32* %20, align 8 store i32 %63, i32* %19, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %64 = load i64, i64* %31, align 8 store i64 %64, i64* %32, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #78 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #78 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %33, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %109, label %70 %110 = phi i32 [ %99, %107 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %111)) #6 to label %125 [label %111], !srcloc !4 %126 = load %struct.super_block*, %struct.super_block** %11, align 8 %127 = getelementptr inbounds %struct.super_block, %struct.super_block* %126, i64 0, i32 28 %128 = bitcast i8** %127 to %struct.nfs_server.236401** %129 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %128, align 16 %130 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %129, i32 %110, %struct.nfs4_exception* nonnull %8) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236428* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238083*, %struct.nfs4_state.238111*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236401*, %struct.nfs4_state.236428*)*)(%struct.nfs_server.236401* %0, %struct.nfs4_state.236428* nonnull %7) #78 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #78 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 2 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page* %2, %struct.page** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %90 [label %76], !srcloc !4 %91 = load %struct.super_block*, %struct.super_block** %13, align 8 %92 = getelementptr inbounds %struct.super_block, %struct.super_block* %91, i64 0, i32 28 %93 = bitcast i8** %92 to %struct.nfs_server.236401** %94 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %93, align 16 %95 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %94, i32 %75, %struct.nfs4_exception* nonnull %7) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236428* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238083*, %struct.nfs4_state.238111*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236401*, %struct.nfs4_state.236428*)*)(%struct.nfs_server.236401* %0, %struct.nfs4_state.236428* nonnull %7) #78 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #78 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs4_schedule_stateid_recovery 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %84 %85 = phi i32 [ 0, %58 ], [ %83, %82 ] %86 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %0, i32 %85, %struct.nfs4_exception* nonnull %9) #79 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.236401* %0, i32 %1, %struct.nfs4_exception* %2) #78 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %5 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.236428* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %109 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10089, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 @nfs_async_inode_return_delegation(%struct.inode* nonnull %9, %struct.nfs4_stateid_struct* %37) #78 %47 = icmp eq i32 %46, 0 br i1 %47, label %106, label %48 %49 = icmp eq %struct.nfs4_stateid_struct* %37, null br i1 %49, label %57, label %50 %51 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %37, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 4 br i1 %53, label %54, label %57 %58 = icmp eq %struct.nfs4_state.236428* %7, null br i1 %58, label %97, label %59 %60 = tail call i32 bitcast (i32 (%struct.nfs_server.238083*, %struct.nfs4_state.238111*)* @nfs4_schedule_stateid_recovery to i32 (%struct.nfs_server.236401*, %struct.nfs4_state.236428*)*)(%struct.nfs_server.236401* %0, %struct.nfs4_state.236428* nonnull %7) #78 Function:nfs4_schedule_stateid_recovery %3 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %0, i64 0, i32 0 %4 = load %struct.nfs_client.238154*, %struct.nfs_client.238154** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 5 %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, 512 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %20 %10 = bitcast i64* %5 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 128, i8* %10) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 -65, i8* %10) #6, !srcloc !5 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 3 %12 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %12, i64 0, i32 7 %14 = bitcast i64* %13 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i32 2, i8* %14) #6, !srcloc !4 %15 = getelementptr inbounds %struct.nfs_client.238154, %struct.nfs_client.238154* %4, i64 0, i32 22 %16 = bitcast i64* %15 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %16, i32 16, i8* %16) #6, !srcloc !4 %17 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 4 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %1, i64 0, i32 8 tail call void @nfs_inode_find_delegation_state_and_recover(%struct.inode* %18, %struct.nfs4_stateid_struct* %19) #78 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %4 = load %struct.super_block*, %struct.super_block** %3, align 8 %5 = getelementptr inbounds %struct.super_block, %struct.super_block* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.241391** %7 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %7, i64 0, i32 0 %9 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 88 %12 = bitcast %struct.seqcount_spinlock* %11 to %struct.nfs_delegation.236475** %13 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %12, align 8 %14 = icmp eq %struct.nfs_delegation.236475* %13, null br i1 %14, label %52, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 autofs_lookup ------------- Path:  Function:autofs_lookup %4 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %143, label %9 %10 = getelementptr inbounds %struct.inode.262604, %struct.inode.262604* %0, i64 0, i32 8 %11 = load %struct.super_block.262585*, %struct.super_block.262585** %10, align 8 %12 = getelementptr inbounds %struct.super_block.262585, %struct.super_block.262585* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.autofs_sb_info.262615** %14 = load %struct.autofs_sb_info.262615*, %struct.autofs_sb_info.262615** %13, align 16 %15 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %1, i64 0, i32 9 %16 = load %struct.super_block.262585*, %struct.super_block.262585** %15, align 8 %17 = getelementptr inbounds %struct.super_block.262585, %struct.super_block.262585* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.autofs_sb_info.262615** %19 = load %struct.autofs_sb_info.262615*, %struct.autofs_sb_info.262615** %18, align 16 %20 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %1, i64 0, i32 3 %21 = load %struct.dentry.262608*, %struct.dentry.262608** %20, align 8 %22 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %1, i64 0, i32 4 %23 = bitcast %struct.qstr* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %1, i64 0, i32 4, i32 1 %26 = load i8*, i8** %25, align 8 %27 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %19, i64 0, i32 17 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %29 = load volatile %struct.list_head*, %struct.list_head** %28, align 8 %30 = icmp eq %struct.list_head* %29, %27 br i1 %30, label %90, label %31 %32 = getelementptr inbounds %struct.autofs_sb_info.262615, %struct.autofs_sb_info.262615* %19, i64 0, i32 16 %33 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %32, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #78 %34 = load %struct.list_head*, %struct.list_head** %28, align 8 %35 = icmp eq %struct.list_head* %34, %27 br i1 %35, label %85, label %36 %37 = zext i32 %7 to i64 br label %38 %39 = phi %struct.list_head* [ %34, %36 ], [ %83, %80 ] %40 = getelementptr %struct.list_head, %struct.list_head* %39, i64 -4, i32 1 %41 = bitcast %struct.list_head** %40 to %struct.dentry.262608** %42 = load %struct.dentry.262608*, %struct.dentry.262608** %41, align 8 %43 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %42, i64 0, i32 7, i32 0 %44 = bitcast %struct.anon.1* %43 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %44) #78 %45 = bitcast %struct.anon.1* %43 to %struct.swap_cluster_info* %46 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %45, i64 0, i32 1 %47 = load i32, i32* %46, align 4 %48 = icmp slt i32 %47, 1 br i1 %48, label %80, label %49 %50 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %42, i64 0, i32 4 %51 = bitcast %struct.qstr* %50 to %struct.util_est* %52 = bitcast %struct.qstr* %50 to i32* %53 = load i32, i32* %52, align 8 %54 = icmp eq i32 %53, %24 br i1 %54, label %55, label %80 %56 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %42, i64 0, i32 3 %57 = load %struct.dentry.262608*, %struct.dentry.262608** %56, align 8 %58 = icmp eq %struct.dentry.262608* %57, %21 br i1 %58, label %59, label %80 %60 = getelementptr inbounds %struct.util_est, %struct.util_est* %51, i64 0, i32 1 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, %7 br i1 %62, label %63, label %80 %64 = getelementptr inbounds %struct.dentry.262608, %struct.dentry.262608* %42, i64 0, i32 4, i32 1 %65 = load i8*, i8** %64, align 8 %66 = tail call i32 @bcmp(i8* %65, i8* %26, i64 %37) #6 ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %70 = inttoptr i64 %63 to i64* %71 = load i64, i64* %70, align 8 %72 = icmp eq i64 %71, 0 br i1 %72, label %242, label %62 %243 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %44, i64 0, i32 4 %244 = load %struct.constraint_node*, %struct.constraint_node** %243, align 8 %245 = icmp eq %struct.constraint_node* %244, null br i1 %245, label %267, label %246 %247 = phi %struct.constraint_node* [ %265, %263 ], [ %244, %242 ] %248 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %247, i64 0, i32 0 %249 = load i32, i32* %248, align 8 %250 = load i32, i32* %17, align 4 %251 = and i32 %250, %249 %252 = icmp eq i32 %251, 0 br i1 %252, label %263, label %253 %254 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %247, i64 0, i32 1 %255 = load %struct.constraint_expr*, %struct.constraint_expr** %254, align 8 %256 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %255) #80 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #78 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %70 = inttoptr i64 %63 to i64* %71 = load i64, i64* %70, align 8 %72 = icmp eq i64 %71, 0 br i1 %72, label %242, label %62 %243 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %44, i64 0, i32 4 %244 = load %struct.constraint_node*, %struct.constraint_node** %243, align 8 %245 = icmp eq %struct.constraint_node* %244, null br i1 %245, label %267, label %246 %247 = phi %struct.constraint_node* [ %265, %263 ], [ %244, %242 ] %248 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %247, i64 0, i32 0 %249 = load i32, i32* %248, align 8 %250 = load i32, i32* %17, align 4 %251 = and i32 %250, %249 %252 = icmp eq i32 %251, 0 br i1 %252, label %263, label %253 %254 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %247, i64 0, i32 1 %255 = load %struct.constraint_expr*, %struct.constraint_expr** %254, align 8 %256 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %255) #80 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #78 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %19 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %20 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %21 = bitcast i16* %8 to i8* store i16 0, i16* %8, align 2 %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %70 = inttoptr i64 %63 to i64* %71 = load i64, i64* %70, align 8 %72 = icmp eq i64 %71, 0 br i1 %72, label %242, label %62 %243 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %44, i64 0, i32 4 %244 = load %struct.constraint_node*, %struct.constraint_node** %243, align 8 %245 = icmp eq %struct.constraint_node* %244, null br i1 %245, label %267, label %246 %247 = phi %struct.constraint_node* [ %265, %263 ], [ %244, %242 ] %248 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %247, i64 0, i32 0 %249 = load i32, i32* %248, align 8 %250 = load i32, i32* %17, align 4 %251 = and i32 %250, %249 %252 = icmp eq i32 %251, 0 br i1 %252, label %263, label %253 %254 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %247, i64 0, i32 1 %255 = load %struct.constraint_expr*, %struct.constraint_expr** %254, align 8 %256 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %255) #80 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #78 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %70 = inttoptr i64 %63 to i64* %71 = load i64, i64* %70, align 8 %72 = icmp eq i64 %71, 0 br i1 %72, label %242, label %62 %243 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %44, i64 0, i32 4 %244 = load %struct.constraint_node*, %struct.constraint_node** %243, align 8 %245 = icmp eq %struct.constraint_node* %244, null br i1 %245, label %267, label %246 %247 = phi %struct.constraint_node* [ %265, %263 ], [ %244, %242 ] %248 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %247, i64 0, i32 0 %249 = load i32, i32* %248, align 8 %250 = load i32, i32* %17, align 4 %251 = and i32 %250, %249 %252 = icmp eq i32 %251, 0 br i1 %252, label %263, label %253 %254 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %247, i64 0, i32 1 %255 = load %struct.constraint_expr*, %struct.constraint_expr** %254, align 8 %256 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %255) #80 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #78 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Good: 1180 Bad: 87 Ignored: 1699 Check Use of Function:ihold Use: =BAD PATH= Call Stack: 0 simple_link ------------- Path:  Function:simple_link %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %0, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = getelementptr inbounds %struct.inode.153945, %struct.inode.153945* %5, i64 0, i32 17 %7 = getelementptr inbounds %struct.inode.153945, %struct.inode.153945* %1, i64 0, i32 17 %8 = getelementptr inbounds %struct.inode.153945, %struct.inode.153945* %1, i64 0, i32 16 %9 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.153945*)*)(%struct.inode.153945* %5) #78 %10 = extractvalue { i64, i64 } %9, 0 %11 = extractvalue { i64, i64 } %9, 1 %12 = getelementptr inbounds %struct.inode.153945, %struct.inode.153945* %1, i64 0, i32 16, i32 0 store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.inode.153945, %struct.inode.153945* %1, i64 0, i32 16, i32 1 store i64 %11, i64* %13, align 8 %14 = bitcast %struct.cpu_itimer* %7 to i8* %15 = bitcast %struct.cpu_itimer* %8 to i8* %16 = bitcast %struct.cpu_itimer* %6 to i8* tail call void bitcast (void (%struct.inode.150604*)* @inc_nlink to void (%struct.inode.153945*)*)(%struct.inode.153945* %5) #78 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode.153945*)*)(%struct.inode.153945* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 shmem_link ------------- Path:  Function:shmem_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 12, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %34, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.shmem_sb_info** %14 = load %struct.shmem_sb_info*, %struct.shmem_sb_info** %13, align 16 %15 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 10 %16 = load i64, i64* %15, align 16 %17 = and i64 %16, 4194304 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %34 %35 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 14 %36 = load i64, i64* %35, align 8 %37 = add i64 %36, 20 store i64 %37, i64* %35, align 8 %38 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 17 %39 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 17 %40 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 16 %41 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode*)*)(%struct.inode* %5) #78 %42 = extractvalue { i64, i64 } %41, 0 %43 = extractvalue { i64, i64 } %41, 1 %44 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 16, i32 0 store i64 %42, i64* %44, align 8 %45 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 16, i32 1 store i64 %43, i64* %45, align 8 %46 = bitcast %struct.cpu_itimer* %39 to i8* %47 = bitcast %struct.cpu_itimer* %40 to i8* %48 = bitcast %struct.cpu_itimer* %38 to i8* tail call void bitcast (void (%struct.inode.150604*)* @inc_nlink to void (%struct.inode*)*)(%struct.inode* %5) #78 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #78 %21 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 0 %22 = load i16, i16* %21, align 8 %23 = and i16 %22, -4096 %24 = icmp eq i16 %23, -32768 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_sync_inode to i32 (%struct.inode*)*)(%struct.inode* %5) #78 br label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 28 %31 = bitcast i8** %30 to %struct.nfs_server.214586** %32 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %31, align 16 %33 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %32, i64 0, i32 0 %34 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %36, i64 0, i32 23 %38 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %37, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %40 = tail call i32 %38(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #78 %21 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 0 %22 = load i16, i16* %21, align 8 %23 = and i16 %22, -4096 %24 = icmp eq i16 %23, -32768 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_sync_inode to i32 (%struct.inode*)*)(%struct.inode* %5) #78 br label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 28 %31 = bitcast i8** %30 to %struct.nfs_server.214586** %32 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %31, align 16 %33 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %32, i64 0, i32 0 %34 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %36, i64 0, i32 23 %38 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %37, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %40 = tail call i32 %38(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_link, %6)) #6 to label %20 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.150061*)* @d_drop to void (%struct.dentry*)*)(%struct.dentry* %2) #78 %21 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 0 %22 = load i16, i16* %21, align 8 %23 = and i16 %22, -4096 %24 = icmp eq i16 %23, -32768 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_sync_inode to i32 (%struct.inode*)*)(%struct.inode* %5) #78 br label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 28 %31 = bitcast i8** %30 to %struct.nfs_server.214586** %32 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %31, align 16 %33 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %32, i64 0, i32 0 %34 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %36, i64 0, i32 23 %38 = load i32 (%struct.inode*, %struct.inode*, %struct.qstr*)*, i32 (%struct.inode*, %struct.inode*, %struct.qstr*)** %37, align 8 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %40 = tail call i32 %38(%struct.inode* %5, %struct.inode* %1, %struct.qstr* %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43 tail call void bitcast (void (%struct.inode.150604*)* @ihold to void (%struct.inode*)*)(%struct.inode* %5) #78 ------------- Good: 22 Bad: 5 Ignored: 8 Check Use of Function:eventfd_read Check Use of Function:ext4_add_entry Check Use of Function:security_transition_sid_user Check Use of Function:__cpuhp_remove_state Check Use of Function:percpu_counter_destroy Check Use of Function:ext4_empty_dir Check Use of Function:snd_timer_user_ioctl_compat Check Use of Function:blk_rq_map_user_iov Check Use of Function:power_supply_changed Check Use of Function:path_openat Check Use of Function:serial8250_release_port Check Use of Function:hrtimer_start_range_ns Use: =BAD PATH= Call Stack: 0 busy_poll_stop 1 napi_busy_loop 2 tcp_recvmsg 3 inet6_recvmsg 4 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %20 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 12 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %15, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 busy_poll_stop 1 napi_busy_loop 2 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %20 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 12 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %15, i64 0, i32 3) #78 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 __pm_runtime_suspend 2 __intel_runtime_pm_put 3 intel_runtime_pm_put_unchecked 4 intel_rps_read_punit_req_frequency 5 intel_rps_get_requested_frequency 6 gt_cur_freq_mhz_show ------------- Path:  Function:gt_cur_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.423982** %8 = load %struct.drm_i915_private.423982*, %struct.drm_i915_private.423982** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.423982, %struct.drm_i915_private.423982* %8, i64 0, i32 102, i32 19 %10 = tail call i32 @intel_rps_get_requested_frequency(%struct.intel_rps* %9) #78 Function:intel_rps_get_requested_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 7 %3 = getelementptr inbounds i32, i32* %2, i64 6 %4 = bitcast i32* %3 to %struct.intel_uc.449265* %5 = getelementptr inbounds i32, i32* %2, i64 9 %6 = load i32, i32* %5, align 4 %7 = icmp sgt i32 %6, 4 br i1 %7, label %8, label %18 %9 = getelementptr inbounds %struct.intel_uc.449265, %struct.intel_uc.449265* %4, i64 0, i32 1, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %18, label %12 %13 = getelementptr inbounds %struct.intel_uc.449265, %struct.intel_uc.449265* %4, i64 0, i32 1, i32 3, i32 3 %14 = load i8, i8* %13, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %18, label %16 %17 = tail call i32 @intel_rps_read_punit_req_frequency(%struct.intel_rps* %0) #78 Function:intel_rps_read_punit_req_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 7 %3 = getelementptr inbounds i32, i32* %2, i64 2 %4 = bitcast i32* %3 to %struct.intel_uncore.449122** %5 = load %struct.intel_uncore.449122*, %struct.intel_uncore.449122** %4, align 8 %6 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %5, i64 0, i32 2 %7 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %6, align 8 %8 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %7) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %5, i64 0, i32 8, i32 6 %12 = load i32 (%struct.intel_uncore.449122*, i32, i1)*, i32 (%struct.intel_uncore.449122*, i32, i1)** %11, align 8 %13 = tail call i32 %12(%struct.intel_uncore.449122* %5, i32 40968, i1 zeroext true) #78 tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %7) #78 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #78 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39258, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39260, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !8 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39263, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !9 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !10 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !11 %39 = tail call i64 @ktime_get_mono_fast_ns() #78 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #78 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #79 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #79 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 __pm_runtime_suspend 2 __intel_runtime_pm_put 3 intel_runtime_pm_put_unchecked 4 intel_rps_read_actual_frequency 5 gt_act_freq_mhz_show ------------- Path:  Function:gt_act_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.423982** %8 = load %struct.drm_i915_private.423982*, %struct.drm_i915_private.423982** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.423982, %struct.drm_i915_private.423982* %8, i64 0, i32 102, i32 19 %10 = tail call i32 @intel_rps_read_actual_frequency(%struct.intel_rps* %9) #78 Function:intel_rps_read_actual_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 7 %3 = getelementptr inbounds i32, i32* %2, i64 2 %4 = bitcast i32* %3 to %struct.intel_uncore.449122** %5 = load %struct.intel_uncore.449122*, %struct.intel_uncore.449122** %4, align 8 %6 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %5, i64 0, i32 2 %7 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %6, align 8 %8 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %7) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %112, label %10 %11 = bitcast i32* %2 to %struct.drm_i915_private.449467** %12 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 13 %13 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 14 %14 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 20 %15 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %11, align 8 %16 = load %struct.intel_uncore.449122*, %struct.intel_uncore.449122** %4, align 8 %17 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %15, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 9437184 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %15, i64 0, i32 3, i32 0 %25 = load i8, i8* %24, align 8 %26 = icmp ugt i8 %25, 5 %27 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %16, i64 0, i32 8, i32 6 %28 = load i32 (%struct.intel_uncore.449122*, i32, i1)*, i32 (%struct.intel_uncore.449122*, i32, i1)** %27, align 8 br i1 %26, label %29, label %31 %32 = tail call i32 %28(%struct.intel_uncore.449122* %16, i32 70136, i1 zeroext true) #78 br label %33 %34 = phi i32 [ %22, %21 ], [ %30, %29 ], [ %32, %31 ] %35 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %11, align 8 %36 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %35, i64 0, i32 4, i32 0, i64 0 %37 = load i32, i32* %36, align 4 %38 = zext i32 %37 to i64 %39 = and i64 %38, 9437184 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %67 %42 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %35, i64 0, i32 3, i32 0 %43 = load i8, i8* %42, align 8 %44 = icmp ugt i8 %43, 8 br i1 %44, label %45, label %47 %46 = lshr i32 %34, 23 br label %73 %74 = phi i32 [ %46, %45 ], [ %69, %67 ] %75 = mul nuw nsw i32 %74, 50 %76 = icmp eq i32 %74, 0 %77 = or i32 %75, 1 %78 = add nsw i32 %75, -1 %79 = select i1 %76, i32 %78, i32 %77 %80 = sdiv i32 %79, 3 br label %110 %111 = phi i32 [ %109, %106 ], [ %80, %73 ], [ %93, %86 ], [ %105, %97 ] tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %7) #78 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #78 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39258, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39260, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !8 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39263, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !9 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !10 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !11 %39 = tail call i64 @ktime_get_mono_fast_ns() #78 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #78 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #79 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #79 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 rpm_idle 2 pm_runtime_set_autosuspend_delay 3 autosuspend_store ------------- Path:  Function:autosuspend_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.6.53981, i64 0, i64 0), i32* nonnull %5) #78 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = add i32 %9, 2147482 %11 = icmp ugt i32 %10, 4294964 %12 = or i1 %8, %11 br i1 %12, label %15, label %13 %14 = mul nsw i32 %9, 1000 call void @pm_runtime_set_autosuspend_delay(%struct.device* %0, i32 %14) #79 Function:pm_runtime_set_autosuspend_delay %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #78 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = lshr i16 %8, 11 %10 = and i16 %9, 1 store i32 %1, i32* %5, align 4 %11 = and i16 %8, 2048 %12 = icmp ne i16 %11, 0 %13 = icmp slt i32 %1, 0 %14 = and i1 %13, %12 br i1 %14, label %15, label %23 %24 = icmp ne i16 %10, 0 %25 = icmp slt i32 %6, 0 %26 = and i1 %25, %24 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32* %28) #6, !srcloc !5 br label %29 %30 = tail call fastcc i32 @rpm_idle(%struct.device* %0, i32 8) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #79 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 rpm_idle 2 __rpm_callback 3 rpm_resume 4 __pm_runtime_resume 5 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.318968* %8 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #78 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.318968* %7) #78 br label %22 %23 = call i32 @__pm_runtime_resume(%struct.device* %0, i32 0) #78 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #78 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #79 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %12 = bitcast i8** %11 to %struct.task_struct** %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %17 = and i32 %1, 3 %18 = icmp eq i32 %17, 0 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %20 = bitcast %struct.spinlock* %19 to i8* %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %24 = and i32 %1, 1 %25 = icmp eq i32 %24, 0 %26 = bitcast %struct.wait_queue_entry* %3 to i64* br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #79 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %23, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %25, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %23, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #79 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #79 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %126, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %126 %19 = tail call i32 @device_links_read_lock() #78 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %125, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #78 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #78 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #78 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %185, label %90 %91 = phi %struct.list_head* [ %123, %117 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = bitcast %struct.list_head* %92 to %struct.device** %94 = load %struct.device*, %struct.device** %93, align 8 %95 = getelementptr inbounds %struct.device, %struct.device* %94, i64 0, i32 11, i32 13, i32 0 %96 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %97 = bitcast %struct.list_head* %96 to %struct.seqcount_spinlock* %98 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %98, label %99, label %117 %100 = load volatile i32, i32* %95, align 4 %101 = icmp sgt i32 %100, 0 br i1 %101, label %102, label %117 %103 = load volatile i32, i32* %95, align 4 %104 = icmp eq i32 %103, 0 br i1 %104, label %115, label %105, !prof !8, !misexpect !9 %106 = phi i32 [ %113, %112 ], [ %103, %102 ] %107 = add i32 %106, -1 %108 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %95, i32 %107, i32* %95, i32 %106) #6, !srcloc !10 %109 = extractvalue { i8, i32 } %108, 0 %110 = and i8 %109, 1 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %115, !prof !8, !misexpect !9 %113 = extractvalue { i8, i32 } %108, 1 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %105, !prof !8, !misexpect !9 %116 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %116, label %99, label %117 %118 = load %struct.device*, %struct.device** %93, align 8 %119 = getelementptr inbounds %struct.device, %struct.device* %118, i64 0, i32 11, i32 3, i32 0, i32 0 %120 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %119) #78 %121 = tail call fastcc i32 @rpm_idle(%struct.device* %118, i32 1) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #79 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 rpm_idle 2 __rpm_callback 3 rpm_resume 4 __pm_runtime_resume 5 __submit_bio 6 submit_bio_noacct 7 __blk_queue_split 8 blk_queue_split 9 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.705679*, align 8 store %struct.bio.705679* %0, %struct.bio.705679** %2, align 8 %3 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 1 %4 = load %struct.block_device.705676*, %struct.block_device.705676** %3, align 8 %5 = getelementptr inbounds %struct.block_device.705676, %struct.block_device.705676* %4, i64 0, i32 16 %6 = load %struct.gendisk.705501*, %struct.gendisk.705501** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.705501, %struct.gendisk.705501* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 39 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #78 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 1 %18 = icmp ne i64 %17, 0 %19 = icmp eq i8* %13, null %20 = or i1 %19, %18 %21 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 2 %22 = load i32, i32* %21, align 8 br i1 %20, label %23, label %51, !prof !4, !misexpect !5 %52 = trunc i32 %22 to i8 switch i8 %52, label %55 [ i8 3, label %53 i8 5, label %53 i8 7, label %53 i8 9, label %53 ] call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.705679**)*)(%struct.bio.705679** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #78 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %37 = icmp eq %struct.device.296127* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %36, i32 1) #78 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #78 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #78 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %54 = icmp eq %struct.device.296127* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %53, i32 1) #78 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #78 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #79 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %12 = bitcast i8** %11 to %struct.task_struct** %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %17 = and i32 %1, 3 %18 = icmp eq i32 %17, 0 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %20 = bitcast %struct.spinlock* %19 to i8* %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %24 = and i32 %1, 1 %25 = icmp eq i32 %24, 0 %26 = bitcast %struct.wait_queue_entry* %3 to i64* br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #79 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %23, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %25, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %23, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #79 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #79 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %126, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %126 %19 = tail call i32 @device_links_read_lock() #78 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %125, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #78 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #78 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #78 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %185, label %90 %91 = phi %struct.list_head* [ %123, %117 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = bitcast %struct.list_head* %92 to %struct.device** %94 = load %struct.device*, %struct.device** %93, align 8 %95 = getelementptr inbounds %struct.device, %struct.device* %94, i64 0, i32 11, i32 13, i32 0 %96 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %97 = bitcast %struct.list_head* %96 to %struct.seqcount_spinlock* %98 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %98, label %99, label %117 %100 = load volatile i32, i32* %95, align 4 %101 = icmp sgt i32 %100, 0 br i1 %101, label %102, label %117 %103 = load volatile i32, i32* %95, align 4 %104 = icmp eq i32 %103, 0 br i1 %104, label %115, label %105, !prof !8, !misexpect !9 %106 = phi i32 [ %113, %112 ], [ %103, %102 ] %107 = add i32 %106, -1 %108 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %95, i32 %107, i32* %95, i32 %106) #6, !srcloc !10 %109 = extractvalue { i8, i32 } %108, 0 %110 = and i8 %109, 1 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %115, !prof !8, !misexpect !9 %113 = extractvalue { i8, i32 } %108, 1 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %105, !prof !8, !misexpect !9 %116 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %116, label %99, label %117 %118 = load %struct.device*, %struct.device** %93, align 8 %119 = getelementptr inbounds %struct.device, %struct.device* %118, i64 0, i32 11, i32 3, i32 0, i32 0 %120 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %119) #78 %121 = tail call fastcc i32 @rpm_idle(%struct.device* %118, i32 1) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #79 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 rpm_suspend 1 rpm_idle 2 __rpm_callback 3 rpm_resume 4 __pm_runtime_resume 5 __submit_bio 6 submit_bio_noacct 7 __blk_queue_split 8 blk_queue_split 9 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.296195*, align 8 store %struct.bio.296195* %0, %struct.bio.296195** %2, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %8 = load %struct.block_device.296192*, %struct.block_device.296192** %7, align 8 %9 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %8, i64 0, i32 16 %10 = load %struct.gendisk.296190*, %struct.gendisk.296190** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.296195**)*)(%struct.bio.296195** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #78 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %37 = icmp eq %struct.device.296127* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %36, i32 1) #78 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #78 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #78 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %54 = icmp eq %struct.device.296127* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %53, i32 1) #78 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #78 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #79 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %12 = bitcast i8** %11 to %struct.task_struct** %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %17 = and i32 %1, 3 %18 = icmp eq i32 %17, 0 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %20 = bitcast %struct.spinlock* %19 to i8* %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %24 = and i32 %1, 1 %25 = icmp eq i32 %24, 0 %26 = bitcast %struct.wait_queue_entry* %3 to i64* br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #79 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %23, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %25, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %23, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #79 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #79 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %126, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %126 %19 = tail call i32 @device_links_read_lock() #78 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %125, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #78 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #78 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #78 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %185, label %90 %91 = phi %struct.list_head* [ %123, %117 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = bitcast %struct.list_head* %92 to %struct.device** %94 = load %struct.device*, %struct.device** %93, align 8 %95 = getelementptr inbounds %struct.device, %struct.device* %94, i64 0, i32 11, i32 13, i32 0 %96 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %97 = bitcast %struct.list_head* %96 to %struct.seqcount_spinlock* %98 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %98, label %99, label %117 %100 = load volatile i32, i32* %95, align 4 %101 = icmp sgt i32 %100, 0 br i1 %101, label %102, label %117 %103 = load volatile i32, i32* %95, align 4 %104 = icmp eq i32 %103, 0 br i1 %104, label %115, label %105, !prof !8, !misexpect !9 %106 = phi i32 [ %113, %112 ], [ %103, %102 ] %107 = add i32 %106, -1 %108 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %95, i32 %107, i32* %95, i32 %106) #6, !srcloc !10 %109 = extractvalue { i8, i32 } %108, 0 %110 = and i8 %109, 1 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %115, !prof !8, !misexpect !9 %113 = extractvalue { i8, i32 } %108, 1 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %105, !prof !8, !misexpect !9 %116 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %116, label %99, label %117 %118 = load %struct.device*, %struct.device** %93, align 8 %119 = getelementptr inbounds %struct.device, %struct.device* %118, i64 0, i32 11, i32 3, i32 0, i32 0 %120 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %119) #78 %121 = tail call fastcc i32 @rpm_idle(%struct.device* %118, i32 1) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %87 = load volatile i32, i32* %17, align 4 %88 = icmp slt i32 %87, 0 br i1 %88, label %107, label %89 %90 = load volatile i64, i64* %18, align 8 %91 = zext i32 %87 to i64 %92 = mul nuw nsw i64 %91, 1000000 %93 = add i64 %90, %92 %94 = call i64 @ktime_get_mono_fast_ns() #79 %95 = icmp ugt i64 %93, %94 br i1 %95, label %96, label %107 store i32 0, i32* %12, align 8 %97 = load i64, i64* %19, align 8 %98 = add i64 %97, -1 %99 = icmp ult i64 %98, %93 br i1 %99, label %104, label %100 %101 = load volatile i32, i32* %17, align 4 %102 = sext i32 %101 to i64 %103 = mul nsw i64 %102, 250000 store i64 %93, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %93, i64 %103, i32 0) #79 ------------- Use: =BAD PATH= Call Stack: 0 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %113, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #78 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = bitcast i8** %23 to %struct.task_struct** %27 = bitcast %struct.wait_queue_entry* %5 to i64* store i64 0, i64* %27, align 8 store %struct.task_struct* %25, %struct.task_struct** %26, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %29, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %29, %struct.list_head** %31, align 8 br label %32 %33 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #78 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = load %struct.list_head*, %struct.list_head** %31, align 8 %40 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 1 store volatile i32 0, i32* %44, align 8 %45 = sext i32 %33 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %38 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %83 = bitcast %struct.timerfd_ctx* %8 to %struct.hrtimer* %84 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %85 = bitcast %struct.rb_node** %84 to %struct.hrtimer_clock_base** %86 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %85, align 8 %87 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %86, i64 0, i32 6 %88 = load i64 ()*, i64 ()** %87, align 16 %89 = call i64 %88() #78 %90 = call i64 @hrtimer_forward(%struct.hrtimer* %83, i64 %89, i64 %70) #78 %91 = add i64 %62, -1 %92 = add i64 %91, %90 %93 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 0, i32 1 %96 = load i64, i64* %95, align 8 %97 = sub i64 %96, %94 call void @hrtimer_start_range_ns(%struct.hrtimer* %83, i64 %94, i64 %97, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88513*, i64, i1, i1)*, void (%struct.k_itimer.88513*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88513* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #79 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15 %6 = bitcast %union.anon.113.88086* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88514* @clock_realtime, %struct.k_clock.88514* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 store %struct.k_clock.88514* %13, %struct.k_clock.88514** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #78 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #78 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #78 br label %26 %27 = phi i64 [ %1, %15 ], [ %25, %18 ] %28 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 0, i32 1 store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %27, i64* %29, align 8 br i1 %3, label %31, label %30 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %6, i64 %27, i64 0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88513*, i64, i1, i1)*, void (%struct.k_itimer.88513*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88513* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #79 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15 %6 = bitcast %union.anon.113.88086* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88514* @clock_realtime, %struct.k_clock.88514* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 store %struct.k_clock.88514* %13, %struct.k_clock.88514** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #78 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #78 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #78 br label %26 %27 = phi i64 [ %1, %15 ], [ %25, %18 ] %28 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 0, i32 1 store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %27, i64* %29, align 8 br i1 %3, label %31, label %30 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %6, i64 %27, i64 0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88513*, i64, i1, i1)*, void (%struct.k_itimer.88513*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88513* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #79 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15 %6 = bitcast %union.anon.113.88086* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88514* @clock_realtime, %struct.k_clock.88514* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 store %struct.k_clock.88514* %13, %struct.k_clock.88514** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #78 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #78 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #78 br label %26 %27 = phi i64 [ %1, %15 ], [ %25, %18 ] %28 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 0, i32 1 store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %27, i64* %29, align 8 br i1 %3, label %31, label %30 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %6, i64 %27, i64 0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_hrtimer_arm 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 %10 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 13 %12 = load i32 (%struct.k_itimer.88513*)*, i32 (%struct.k_itimer.88513*)** %11, align 8 %13 = tail call i32 %12(%struct.k_itimer.88513* %0) #79 %14 = icmp slt i32 %13, 0 br i1 %14, label %69, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 store i32 0, i32* %16, align 8 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 8 %19 = add i32 %18, 2 %20 = and i32 %19, -2 store i32 %20, i32* %17, align 8 %21 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 8 store i64 0, i64* %21, align 8 %22 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %23 = load i64, i64* %22, align 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %29 %26 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %69, label %29 %30 = getelementptr %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = icmp sgt i64 %31, 9223372035 %35 = mul i64 %31, 1000000000 %36 = add i64 %35, %33 %37 = select i1 %34, i64 9223372036854775807, i64 %36, !prof !4 store i64 %37, i64* %10, align 8 %38 = load i64, i64* %22, align 8 %39 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %40 = load i64, i64* %39, align 8 %41 = icmp sgt i64 %38, 9223372035 %42 = mul i64 %38, 1000000000 %43 = add i64 %42, %40 %44 = select i1 %41, i64 9223372036854775807, i64 %43, !prof !4 %45 = and i32 %1, 1 %46 = icmp ne i32 %45, 0 br i1 %46, label %47, label %60 %48 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %49 = inttoptr i64 %48 to %struct.task_struct* %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %49, i64 0, i32 94 %51 = load %struct.nsproxy*, %struct.nsproxy** %50, align 8 %52 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %51, i64 0, i32 6 %53 = load %struct.time_namespace*, %struct.time_namespace** %52, align 8 %54 = icmp eq %struct.time_namespace* %53, @init_time_ns br i1 %54, label %60, label %55, !prof !6, !misexpect !7 %56 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %57 = load i32, i32* %56, align 8 %58 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %53, i64 0, i32 3 %59 = tail call i64 @do_timens_ktime_to_host(i32 %57, i64 %44, %struct.timens_offsets* %58) #79 br label %60 %61 = phi i64 [ %44, %29 ], [ %59, %55 ], [ %44, %47 ] %62 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, 1 %65 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %6, i64 0, i32 14 %66 = load void (%struct.k_itimer.88513*, i64, i1, i1)*, void (%struct.k_itimer.88513*, i64, i1, i1)** %65, align 8 tail call void %66(%struct.k_itimer.88513* %0, i64 %61, i1 zeroext %46, i1 zeroext %64) #79 Function:common_hrtimer_arm %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15 %6 = bitcast %union.anon.113.88086* %5 to %struct.hrtimer* %7 = xor i1 %2, true %8 = zext i1 %7 to i32 %9 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %13 = select i1 %2, %struct.k_clock.88514* @clock_realtime, %struct.k_clock.88514* @clock_monotonic %14 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 store %struct.k_clock.88514* %13, %struct.k_clock.88514** %14, align 8 br label %15 tail call void @hrtimer_init(%struct.hrtimer* %6, i32 %10, i32 %8) #78 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %17 = bitcast %struct.rb_node** %16 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @posix_timer_fn, i32 (%struct.hrtimer*)** %17, align 8 br i1 %2, label %26, label %18 %19 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %20 = bitcast %struct.rb_node** %19 to %struct.hrtimer_clock_base** %21 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %20, align 8 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %21, i64 0, i32 6 %23 = load i64 ()*, i64 ()** %22, align 16 %24 = tail call i64 %23() #78 %25 = tail call i64 @ktime_add_safe(i64 %1, i64 %24) #78 br label %26 %27 = phi i64 [ %1, %15 ], [ %25, %18 ] %28 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 0, i32 1 store i64 %27, i64* %28, align 8 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 15, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %27, i64* %29, align 8 br i1 %3, label %31, label %30 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %6, i64 %27, i64 0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 alarm_restart 1 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %113, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #78 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = bitcast i8** %23 to %struct.task_struct** %27 = bitcast %struct.wait_queue_entry* %5 to i64* store i64 0, i64* %27, align 8 store %struct.task_struct* %25, %struct.task_struct** %26, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %29, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %29, %struct.list_head** %31, align 8 br label %32 %33 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #78 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = load %struct.list_head*, %struct.list_head** %31, align 8 %40 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 1 store volatile i32 0, i32* %44, align 8 %45 = sext i32 %33 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %38 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %78 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0 %79 = call i64 @alarm_forward_now(%struct.alarm* %78, i64 %70) #78 %80 = add i64 %62, -1 %81 = add i64 %80, %79 call void @alarm_restart(%struct.alarm* %78) #78 Function:alarm_restart %2 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %3 = load i32, i32* %2, align 8 %4 = zext i32 %3 to i64 %5 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %4, i32 0, i32 0, i32 0 %6 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %5) #78 %7 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 1, i32 0, i32 1 store i64 %9, i64* %10, align 8 %11 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 1, i32 1 store i64 %9, i64* %11, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %9, i64 0, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_nanosleep 1 __se_sys_nanosleep_time32 2 __ia32_sys_nanosleep_time32 ------------- Path:  Function:__ia32_sys_nanosleep_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_nanosleep_time32(i64 %4, i64 %7) #78 Function:__se_sys_nanosleep_time32 %3 = alloca %struct.hrtimer_sleeper, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %1 to %struct.util_est* %6 = bitcast %struct.cpu_itimer* %4 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %4, i8* %7) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %70, label %14 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp ult i64 %16, 1000000000 br i1 %17, label %18, label %70 %19 = icmp eq i64 %1, 0 %20 = select i1 %19, i32 0, i32 2 %21 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %22 = inttoptr i64 %21 to %struct.task_struct* %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2 %24 = bitcast %union.anon.33* %23 to %struct.anon.28* %25 = getelementptr inbounds %struct.anon.28, %struct.anon.28* %24, i64 0, i32 1 store i32 %20, i32* %25, align 4 %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2, i32 0, i32 1 %27 = bitcast i32* %26 to %struct.util_est** store %struct.util_est* %5, %struct.util_est** %27, align 8 %28 = icmp sgt i64 %12, 9223372035 %29 = mul i64 %12, 1000000000 %30 = add i64 %16, %29 %31 = select i1 %28, i64 9223372036854775807, i64 %30, !prof !5 %32 = bitcast %struct.hrtimer_sleeper* %3 to i8* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %34 = load i32, i32* %33, align 4 %35 = icmp sgt i32 %34, -1 br i1 %35, label %36, label %40 %37 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 160 %38 = load i64, i64* %37, align 16 %39 = icmp sgt i32 %34, 99 br i1 %39, label %41, label %40 br label %41 %42 = phi i64 [ 0, %40 ], [ %38, %36 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %3, i32 1, i32 1) #78 %43 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 1 store i64 %31, i64* %43, align 8 %44 = add i64 %42, %31 %45 = icmp slt i64 %44, 0 %46 = icmp slt i64 %44, %31 %47 = or i1 %45, %46 %48 = icmp slt i64 %44, %42 %49 = or i1 %48, %47 %50 = select i1 %49, i64 9223372036854775807, i64 %44 %51 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 0, i32 1 store i64 %50, i64* %51, align 8 %52 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper* nonnull %3, i32 1) #78 Function:do_nanosleep %3 = alloca %struct.cpu_itimer, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 1 %7 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %8 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %9 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 0, i32 0 br label %13 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #78 %22 = load i32, i32* %11, align 4 %23 = or i32 %22, 1073741824 store i32 %23, i32* %11, align 4 tail call void @schedule() #78 %24 = load i32, i32* %11, align 4 %25 = and i32 %24, -1073741825 store i32 %25, i32* %11, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %26 = tail call i32 @__cond_resched() #78 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !9, !misexpect !7 %30 = tail call zeroext i1 @freezing_slow_path(%struct.task_struct* %5) #78 br i1 %30, label %31, label %33, !prof !6, !misexpect !7 %32 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #78 br label %33 %34 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #78 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %39 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #78 %38 = icmp slt i32 %37, 0 br i1 %38, label %36, label %39 %40 = load %struct.task_struct*, %struct.task_struct** %10, align 8 %41 = icmp eq %struct.task_struct* %40, null br i1 %41, label %50, label %42 %43 = load volatile i64, i64* %12, align 8 %44 = and i64 %43, 131072 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %50, !prof !9, !misexpect !11 %47 = load volatile i64, i64* %12, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %13, label %50 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_nanosleep 1 __se_sys_nanosleep_time32 2 __x64_sys_nanosleep_time32 ------------- Path:  Function:__x64_sys_nanosleep_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_nanosleep_time32(i64 %3, i64 %5) #78 Function:__se_sys_nanosleep_time32 %3 = alloca %struct.hrtimer_sleeper, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %1 to %struct.util_est* %6 = bitcast %struct.cpu_itimer* %4 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i32 @get_old_timespec32(%struct.cpu_itimer* nonnull %4, i8* %7) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %70, label %14 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp ult i64 %16, 1000000000 br i1 %17, label %18, label %70 %19 = icmp eq i64 %1, 0 %20 = select i1 %19, i32 0, i32 2 %21 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %22 = inttoptr i64 %21 to %struct.task_struct* %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2 %24 = bitcast %union.anon.33* %23 to %struct.anon.28* %25 = getelementptr inbounds %struct.anon.28, %struct.anon.28* %24, i64 0, i32 1 store i32 %20, i32* %25, align 4 %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2, i32 0, i32 1 %27 = bitcast i32* %26 to %struct.util_est** store %struct.util_est* %5, %struct.util_est** %27, align 8 %28 = icmp sgt i64 %12, 9223372035 %29 = mul i64 %12, 1000000000 %30 = add i64 %16, %29 %31 = select i1 %28, i64 9223372036854775807, i64 %30, !prof !5 %32 = bitcast %struct.hrtimer_sleeper* %3 to i8* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %34 = load i32, i32* %33, align 4 %35 = icmp sgt i32 %34, -1 br i1 %35, label %36, label %40 %37 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 160 %38 = load i64, i64* %37, align 16 %39 = icmp sgt i32 %34, 99 br i1 %39, label %41, label %40 br label %41 %42 = phi i64 [ 0, %40 ], [ %38, %36 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %3, i32 1, i32 1) #78 %43 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 1 store i64 %31, i64* %43, align 8 %44 = add i64 %42, %31 %45 = icmp slt i64 %44, 0 %46 = icmp slt i64 %44, %31 %47 = or i1 %45, %46 %48 = icmp slt i64 %44, %42 %49 = or i1 %48, %47 %50 = select i1 %49, i64 9223372036854775807, i64 %44 %51 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 0, i32 1 store i64 %50, i64* %51, align 8 %52 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper* nonnull %3, i32 1) #78 Function:do_nanosleep %3 = alloca %struct.cpu_itimer, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 1 %7 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %8 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %9 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 0, i32 0 br label %13 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #78 %22 = load i32, i32* %11, align 4 %23 = or i32 %22, 1073741824 store i32 %23, i32* %11, align 4 tail call void @schedule() #78 %24 = load i32, i32* %11, align 4 %25 = and i32 %24, -1073741825 store i32 %25, i32* %11, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %26 = tail call i32 @__cond_resched() #78 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !9, !misexpect !7 %30 = tail call zeroext i1 @freezing_slow_path(%struct.task_struct* %5) #78 br i1 %30, label %31, label %33, !prof !6, !misexpect !7 %32 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #78 br label %33 %34 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #78 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %39 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #78 %38 = icmp slt i32 %37, 0 br i1 %38, label %36, label %39 %40 = load %struct.task_struct*, %struct.task_struct** %10, align 8 %41 = icmp eq %struct.task_struct* %40, null br i1 %41, label %50, label %42 %43 = load volatile i64, i64* %12, align 8 %44 = and i64 %43, 131072 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %50, !prof !9, !misexpect !11 %47 = load volatile i64, i64* %12, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %13, label %50 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_nanosleep 1 __se_sys_nanosleep 2 __ia32_sys_nanosleep ------------- Path:  Function:__ia32_sys_nanosleep %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_nanosleep(i64 %4, i64 %7) #78 Function:__se_sys_nanosleep %3 = alloca %struct.hrtimer_sleeper, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = inttoptr i64 %1 to %struct.cpu_itimer* %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* %5) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %70, label %14 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp ult i64 %16, 1000000000 br i1 %17, label %18, label %70 %19 = icmp ne i64 %1, 0 %20 = zext i1 %19 to i32 %21 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %22 = inttoptr i64 %21 to %struct.task_struct* %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2 %24 = bitcast %union.anon.33* %23 to %struct.anon.28* %25 = getelementptr inbounds %struct.anon.28, %struct.anon.28* %24, i64 0, i32 1 store i32 %20, i32* %25, align 4 %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2, i32 0, i32 1 %27 = bitcast i32* %26 to %struct.cpu_itimer** store %struct.cpu_itimer* %6, %struct.cpu_itimer** %27, align 8 %28 = icmp sgt i64 %12, 9223372035 %29 = mul i64 %12, 1000000000 %30 = add i64 %16, %29 %31 = select i1 %28, i64 9223372036854775807, i64 %30, !prof !5 %32 = bitcast %struct.hrtimer_sleeper* %3 to i8* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %34 = load i32, i32* %33, align 4 %35 = icmp sgt i32 %34, -1 br i1 %35, label %36, label %40 %37 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 160 %38 = load i64, i64* %37, align 16 %39 = icmp sgt i32 %34, 99 br i1 %39, label %41, label %40 br label %41 %42 = phi i64 [ 0, %40 ], [ %38, %36 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %3, i32 1, i32 1) #78 %43 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 1 store i64 %31, i64* %43, align 8 %44 = add i64 %42, %31 %45 = icmp slt i64 %44, 0 %46 = icmp slt i64 %44, %31 %47 = or i1 %45, %46 %48 = icmp slt i64 %44, %42 %49 = or i1 %48, %47 %50 = select i1 %49, i64 9223372036854775807, i64 %44 %51 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 0, i32 1 store i64 %50, i64* %51, align 8 %52 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper* nonnull %3, i32 1) #78 Function:do_nanosleep %3 = alloca %struct.cpu_itimer, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 1 %7 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %8 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %9 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 0, i32 0 br label %13 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #78 %22 = load i32, i32* %11, align 4 %23 = or i32 %22, 1073741824 store i32 %23, i32* %11, align 4 tail call void @schedule() #78 %24 = load i32, i32* %11, align 4 %25 = and i32 %24, -1073741825 store i32 %25, i32* %11, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %26 = tail call i32 @__cond_resched() #78 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !9, !misexpect !7 %30 = tail call zeroext i1 @freezing_slow_path(%struct.task_struct* %5) #78 br i1 %30, label %31, label %33, !prof !6, !misexpect !7 %32 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #78 br label %33 %34 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #78 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %39 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #78 %38 = icmp slt i32 %37, 0 br i1 %38, label %36, label %39 %40 = load %struct.task_struct*, %struct.task_struct** %10, align 8 %41 = icmp eq %struct.task_struct* %40, null br i1 %41, label %50, label %42 %43 = load volatile i64, i64* %12, align 8 %44 = and i64 %43, 131072 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %50, !prof !9, !misexpect !11 %47 = load volatile i64, i64* %12, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %13, label %50 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_nanosleep 1 __se_sys_nanosleep 2 __x64_sys_nanosleep ------------- Path:  Function:__x64_sys_nanosleep %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_nanosleep(i64 %3, i64 %5) #78 Function:__se_sys_nanosleep %3 = alloca %struct.hrtimer_sleeper, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = inttoptr i64 %1 to %struct.cpu_itimer* %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = call i32 @get_timespec64(%struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* %5) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %70, label %14 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = icmp ult i64 %16, 1000000000 br i1 %17, label %18, label %70 %19 = icmp ne i64 %1, 0 %20 = zext i1 %19 to i32 %21 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %22 = inttoptr i64 %21 to %struct.task_struct* %23 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2 %24 = bitcast %union.anon.33* %23 to %struct.anon.28* %25 = getelementptr inbounds %struct.anon.28, %struct.anon.28* %24, i64 0, i32 1 store i32 %20, i32* %25, align 4 %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 52, i32 2, i32 0, i32 1 %27 = bitcast i32* %26 to %struct.cpu_itimer** store %struct.cpu_itimer* %6, %struct.cpu_itimer** %27, align 8 %28 = icmp sgt i64 %12, 9223372035 %29 = mul i64 %12, 1000000000 %30 = add i64 %16, %29 %31 = select i1 %28, i64 9223372036854775807, i64 %30, !prof !5 %32 = bitcast %struct.hrtimer_sleeper* %3 to i8* %33 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 15 %34 = load i32, i32* %33, align 4 %35 = icmp sgt i32 %34, -1 br i1 %35, label %36, label %40 %37 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %22, i64 0, i32 160 %38 = load i64, i64* %37, align 16 %39 = icmp sgt i32 %34, 99 br i1 %39, label %41, label %40 br label %41 %42 = phi i64 [ 0, %40 ], [ %38, %36 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %3, i32 1, i32 1) #78 %43 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 1 store i64 %31, i64* %43, align 8 %44 = add i64 %42, %31 %45 = icmp slt i64 %44, 0 %46 = icmp slt i64 %44, %31 %47 = or i1 %45, %46 %48 = icmp slt i64 %44, %42 %49 = or i1 %48, %47 %50 = select i1 %49, i64 9223372036854775807, i64 %44 %51 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %3, i64 0, i32 0, i32 0, i32 1 store i64 %50, i64* %51, align 8 %52 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper* nonnull %3, i32 1) #78 Function:do_nanosleep %3 = alloca %struct.cpu_itimer, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 1 %7 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %8 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %9 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 0, i32 0 br label %13 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #78 %22 = load i32, i32* %11, align 4 %23 = or i32 %22, 1073741824 store i32 %23, i32* %11, align 4 tail call void @schedule() #78 %24 = load i32, i32* %11, align 4 %25 = and i32 %24, -1073741825 store i32 %25, i32* %11, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %26 = tail call i32 @__cond_resched() #78 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %33, label %29, !prof !9, !misexpect !7 %30 = tail call zeroext i1 @freezing_slow_path(%struct.task_struct* %5) #78 br i1 %30, label %31, label %33, !prof !6, !misexpect !7 %32 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #78 br label %33 %34 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #78 %35 = icmp slt i32 %34, 0 br i1 %35, label %36, label %39 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #78 %38 = icmp slt i32 %37, 0 br i1 %38, label %36, label %39 %40 = load %struct.task_struct*, %struct.task_struct** %10, align 8 %41 = icmp eq %struct.task_struct* %40, null br i1 %41, label %50, label %42 %43 = load volatile i64, i64* %12, align 8 %44 = and i64 %43, 131072 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %50, !prof !9, !misexpect !11 %47 = load volatile i64, i64* %12, align 8 %48 = and i64 %47, 4 %49 = icmp eq i64 %48, 0 br i1 %49, label %13, label %50 %14 = phi i32 [ %1, %2 ], [ 0, %46 ] %15 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 1, i32* %6) #6, !srcloc !5 %16 = load i64, i64* %8, align 8 %17 = load i64, i64* %9, align 8 %18 = sub i64 %17, %16 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %7, i64 %16, i64 %18, i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 hrtimer_sleeper_start_expires 1 blk_poll 2 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %4 = load %struct.file.294911*, %struct.file.294911** %3, align 8 %5 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %4, i64 0, i32 18 %6 = load %struct.address_space.294992*, %struct.address_space.294992** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %6, i64 0, i32 0 %8 = load %struct.inode.294985*, %struct.inode.294985** %7, align 8 %9 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %8) #78 %10 = getelementptr inbounds %struct.block_device.294846, %struct.block_device.294846* %9, i64 0, i32 16 %11 = load %struct.gendisk.294844*, %struct.gendisk.294844** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.294844, %struct.gendisk.294844* %11, i64 0, i32 9 %13 = load %struct.request_queue.294836*, %struct.request_queue.294836** %12, align 8 %14 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 7 %15 = bitcast %union.anon.68.294590* %14 to i32* %16 = load volatile i32, i32* %15, align 8 %17 = tail call i32 bitcast (i32 (%struct.request_queue.296182*, i32, i1)* @blk_poll to i32 (%struct.request_queue.294836*, i32, i1)*)(%struct.request_queue.294836* %13, i32 %16, i1 zeroext %1) #78 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.300462, align 8 %5 = icmp eq i32 %1, -1 br i1 %5, label %197, label %6 %7 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 11 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %197, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.296233* %14 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %13, i64 0, i32 120 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 16 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 %19 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 8 %20 = load %struct.blk_mq_hw_ctx.296144**, %struct.blk_mq_hw_ctx.296144*** %19, align 8 %21 = lshr i32 %1, 16 %22 = and i32 %21, 32767 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %20, i64 %23 %25 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %24, align 8 br i1 %2, label %26, label %144 %27 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 24 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, -1 br i1 %29, label %144, label %30 %31 = icmp slt i32 %1, 0 br i1 %31, label %47, label %32 %48 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %25, i64 0, i32 20 %49 = load %struct.blk_mq_tags.296139*, %struct.blk_mq_tags.296139** %48, align 8 %50 = and i32 %1, 65535 %51 = getelementptr inbounds %struct.blk_mq_tags.296139, %struct.blk_mq_tags.296139* %49, i64 0, i32 0 %52 = load i32, i32* %51, align 8 %53 = icmp ugt i32 %52, %50 br i1 %53, label %54, label %144 %55 = getelementptr inbounds %struct.blk_mq_tags.296139, %struct.blk_mq_tags.296139* %49, i64 0, i32 7 %56 = load %struct.request.296153**, %struct.request.296153*** %55, align 8 %57 = zext i32 %50 to i64 %58 = getelementptr %struct.request.296153*, %struct.request.296153** %56, i64 %57 %59 = bitcast %struct.request.296153** %58 to i8** %60 = load i8*, i8** %59, align 8 %61 = bitcast i8* %60 to %struct.request.296153* %62 = icmp eq i8* %60, null br i1 %62, label %144, label %63 %64 = phi %struct.request.296153* [ %61, %54 ], [ %46, %39 ], [ null, %32 ] %65 = bitcast %struct.hrtimer_sleeper.300462* %4 to i8* %66 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %64, i64 0, i32 4 %67 = load i32, i32* %66, align 4 %68 = and i32 %67, 1048576 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %142 %71 = icmp sgt i32 %28, 0 br i1 %71, label %109, label %72 %73 = load volatile i64, i64* %7, align 8 %74 = and i64 %73, 2097152 %75 = icmp eq i64 %74, 0 br i1 %75, label %76, label %81 %77 = tail call zeroext i1 @blk_queue_flag_test_and_set(i32 21, %struct.request_queue.296182* %0) #78 br i1 %77, label %81, label %78 %82 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %64, i64 0, i32 3 %83 = load i32, i32* %82, align 8 %84 = and i32 %83, 1 %85 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %64, i64 0, i32 19 %86 = load i16, i16* %85, align 8 %87 = zext i16 %86 to i32 %88 = tail call i32 asm "bsrl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %87, i32 -1) #4, !srcloc !5 %89 = shl i32 %88, 1 %90 = or i32 %89, %84 %91 = icmp slt i32 %90, 0 br i1 %91, label %142, label %92 %93 = icmp sgt i32 %90, 15 %94 = or i32 %84, 14 %95 = select i1 %93, i32 %94, i32 %90 %96 = sext i32 %95 to i64 %97 = getelementptr %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 26, i64 %96, i32 3 %98 = load i32, i32* %97, align 8 %99 = icmp eq i32 %98, 0 br i1 %99, label %142, label %100 %101 = getelementptr %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 26, i64 %96, i32 0 %102 = load i64, i64* %101, align 8 %103 = add i64 %102, 1 %104 = lshr i64 %103, 1 %105 = trunc i64 %104 to i32 %106 = icmp eq i32 %105, 0 br i1 %106, label %142, label %107 %108 = load i32, i32* %66, align 4 br label %109 %110 = phi i32 [ %108, %107 ], [ %67, %70 ] %111 = phi i32 [ %105, %107 ], [ %28, %70 ] %112 = or i32 %110, 1048576 store i32 %112, i32* %66, align 4 %113 = zext i32 %111 to i64 call void bitcast (void (%struct.hrtimer_sleeper*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.300462*, i32, i32)*)(%struct.hrtimer_sleeper.300462* nonnull %4, i32 1, i32 1) #78 %114 = getelementptr inbounds %struct.hrtimer_sleeper.300462, %struct.hrtimer_sleeper.300462* %4, i64 0, i32 0 %115 = getelementptr inbounds %struct.hrtimer_sleeper.300462, %struct.hrtimer_sleeper.300462* %4, i64 0, i32 0, i32 0, i32 1 store i64 %113, i64* %115, align 8 %116 = getelementptr inbounds %struct.hrtimer_sleeper.300462, %struct.hrtimer_sleeper.300462* %4, i64 0, i32 0, i32 1 store i64 %113, i64* %116, align 8 %117 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %64, i64 0, i32 23 %118 = getelementptr inbounds %struct.hrtimer_sleeper.300462, %struct.hrtimer_sleeper.300462* %4, i64 0, i32 1 %119 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %13, i64 0, i32 0, i32 0 %120 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %13, i64 0, i32 1 br label %121 %122 = phi i32 [ 1, %109 ], [ 0, %138 ] %123 = load volatile i32, i32* %117, align 8 %124 = icmp eq i32 %123, 2 br i1 %124, label %143, label %125 %126 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %120, i32 2, i32* %120) #6, !srcloc !6 call void bitcast (void (%struct.hrtimer_sleeper*, i32)* @hrtimer_sleeper_start_expires to void (%struct.hrtimer_sleeper.300462*, i32)*)(%struct.hrtimer_sleeper.300462* nonnull %4, i32 %122) #78 Function:hrtimer_sleeper_start_expires %3 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0 %4 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %0, i64 0, i32 0, i32 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %3, i64 %5, i64 %8, i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout 2 wait_task_inactive 3 ptrace_check_attach 4 __ia32_compat_sys_ptrace ------------- Path:  Function:__ia32_compat_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp eq i32 %9, 0 br i1 %12, label %13, label %16 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %19) #78 %21 = icmp eq %struct.task_struct* %20, null br i1 %21, label %86, label %22 switch i32 %9, label %30 [ i32 16902, label %23 i32 16, label %23 ] %31 = icmp eq i32 %9, 8 %32 = icmp eq i32 %9, 16903 %33 = or i1 %31, %32 %34 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct* nonnull %20, i1 zeroext %33) #78 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 16 %5 = icmp eq i32 %4, 0 br i1 %5, label %57, label %6 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 16 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = icmp eq %struct.task_struct* %8, %10 br i1 %11, label %12, label %57 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %14 = load volatile i32, i32* %13, align 8 %15 = icmp eq i32 %14, 8 br i1 %15, label %16, label %17, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5458, i64 0, i64 0), i32 259, i32 2305, i64 12) #6, !srcloc !7 br label %17 br i1 %1, label %57, label %18 %58 = phi i1 [ true, %2 ], [ true, %48 ], [ true, %6 ], [ true, %18 ], [ true, %51 ], [ true, %54 ], [ false, %45 ], [ false, %17 ] %59 = phi i32 [ -3, %2 ], [ -3, %48 ], [ -3, %6 ], [ -3, %18 ], [ -3, %51 ], [ -3, %54 ], [ 0, %45 ], [ 0, %17 ] %60 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %61 = or i1 %58, %1 %62 = select i1 %58, i32 %59, i32 0 br i1 %61, label %71, label %63 %64 = tail call i64 @wait_task_inactive(%struct.task_struct* %0, i32 8) #78 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %6 = icmp eq i32 %1, 0 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 75 %11 = bitcast i64* %3 to i8* br label %12 %13 = load volatile i32, i32* %4, align 8 %14 = load i32, i32* %5, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %23, label %16 br i1 %6, label %20, label %17 %18 = load volatile i32, i32* %7, align 8 %19 = icmp eq i32 %18, %1 br i1 %19, label %20, label %91, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = load i32, i32* %5, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %16 br label %24 %25 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #78 %26 = load volatile i32, i32* %4, align 8 %27 = zext i32 %26 to i64 %28 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %27 %29 = load i64, i64* %28, align 8 %30 = add i64 %29, ptrtoint (%struct.rq* @runqueues to i64) %31 = inttoptr i64 %30 to %struct.rq* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %32 = getelementptr inbounds %struct.rq, %struct.rq* %31, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %32) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %33 = load volatile i32, i32* %4, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %34 %36 = load i64, i64* %35, align 8 %37 = add i64 %36, ptrtoint (%struct.rq* @runqueues to i64) %38 = inttoptr i64 %37 to %struct.rq* %39 = icmp eq %struct.rq* %31, %38 br i1 %39, label %40, label %43, !prof !4 %41 = load volatile i32, i32* %8, align 8 %42 = icmp eq i32 %41, 2 br i1 %42, label %43, label %51, !prof !9, !misexpect !10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@wait_task_inactive, %52)) #6 to label %66 [label %52], !srcloc !13 %67 = load i32, i32* %5, align 4 %68 = load i32, i32* %8, align 8 %69 = icmp eq i32 %68, 1 br i1 %6, label %73, label %70 %74 = load i64, i64* %10, align 8 %75 = or i64 %74, -9223372036854775808 br label %76 %77 = phi i64 [ %75, %73 ], [ 0, %70 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %78 = inttoptr i64 %30 to i8* store volatile i8 0, i8* %78, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %25) #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %91, label %80, !prof !9, !misexpect !5 %81 = icmp eq i32 %67, 0 br i1 %81, label %84, label %82, !prof !4, !misexpect !5 br i1 %69, label %85, label %91, !prof !9, !misexpect !5 store i64 1000000, i64* %3, align 8 %86 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !18 %87 = inttoptr i64 %86 to %struct.task_struct* %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %87, i64 0, i32 1 %89 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 2, i32* %88) #6, !srcloc !19 %90 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #78 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #78 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #78 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout 2 wait_task_inactive 3 ptrace_check_attach 4 __se_sys_ptrace 5 __ia32_sys_ptrace ------------- Path:  Function:__ia32_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_ptrace(i64 %4, i64 %7, i64 %10, i64 %13) #78 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %10) #78 %12 = icmp eq %struct.task_struct* %11, null br i1 %12, label %73, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct* nonnull %11, i1 zeroext %20) #78 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 16 %5 = icmp eq i32 %4, 0 br i1 %5, label %57, label %6 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 16 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = icmp eq %struct.task_struct* %8, %10 br i1 %11, label %12, label %57 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %14 = load volatile i32, i32* %13, align 8 %15 = icmp eq i32 %14, 8 br i1 %15, label %16, label %17, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5458, i64 0, i64 0), i32 259, i32 2305, i64 12) #6, !srcloc !7 br label %17 br i1 %1, label %57, label %18 %58 = phi i1 [ true, %2 ], [ true, %48 ], [ true, %6 ], [ true, %18 ], [ true, %51 ], [ true, %54 ], [ false, %45 ], [ false, %17 ] %59 = phi i32 [ -3, %2 ], [ -3, %48 ], [ -3, %6 ], [ -3, %18 ], [ -3, %51 ], [ -3, %54 ], [ 0, %45 ], [ 0, %17 ] %60 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %61 = or i1 %58, %1 %62 = select i1 %58, i32 %59, i32 0 br i1 %61, label %71, label %63 %64 = tail call i64 @wait_task_inactive(%struct.task_struct* %0, i32 8) #78 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %6 = icmp eq i32 %1, 0 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 75 %11 = bitcast i64* %3 to i8* br label %12 %13 = load volatile i32, i32* %4, align 8 %14 = load i32, i32* %5, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %23, label %16 br i1 %6, label %20, label %17 %18 = load volatile i32, i32* %7, align 8 %19 = icmp eq i32 %18, %1 br i1 %19, label %20, label %91, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = load i32, i32* %5, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %16 br label %24 %25 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #78 %26 = load volatile i32, i32* %4, align 8 %27 = zext i32 %26 to i64 %28 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %27 %29 = load i64, i64* %28, align 8 %30 = add i64 %29, ptrtoint (%struct.rq* @runqueues to i64) %31 = inttoptr i64 %30 to %struct.rq* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %32 = getelementptr inbounds %struct.rq, %struct.rq* %31, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %32) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %33 = load volatile i32, i32* %4, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %34 %36 = load i64, i64* %35, align 8 %37 = add i64 %36, ptrtoint (%struct.rq* @runqueues to i64) %38 = inttoptr i64 %37 to %struct.rq* %39 = icmp eq %struct.rq* %31, %38 br i1 %39, label %40, label %43, !prof !4 %41 = load volatile i32, i32* %8, align 8 %42 = icmp eq i32 %41, 2 br i1 %42, label %43, label %51, !prof !9, !misexpect !10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@wait_task_inactive, %52)) #6 to label %66 [label %52], !srcloc !13 %67 = load i32, i32* %5, align 4 %68 = load i32, i32* %8, align 8 %69 = icmp eq i32 %68, 1 br i1 %6, label %73, label %70 %74 = load i64, i64* %10, align 8 %75 = or i64 %74, -9223372036854775808 br label %76 %77 = phi i64 [ %75, %73 ], [ 0, %70 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %78 = inttoptr i64 %30 to i8* store volatile i8 0, i8* %78, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %25) #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %91, label %80, !prof !9, !misexpect !5 %81 = icmp eq i32 %67, 0 br i1 %81, label %84, label %82, !prof !4, !misexpect !5 br i1 %69, label %85, label %91, !prof !9, !misexpect !5 store i64 1000000, i64* %3, align 8 %86 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !18 %87 = inttoptr i64 %86 to %struct.task_struct* %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %87, i64 0, i32 1 %89 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 2, i32* %88) #6, !srcloc !19 %90 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #78 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #78 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #78 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout 2 wait_task_inactive 3 ptrace_check_attach 4 __se_sys_ptrace 5 __x64_sys_ptrace ------------- Path:  Function:__x64_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_ptrace(i64 %3, i64 %5, i64 %7, i64 %9) #78 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct* @find_get_task_by_vpid(i32 %10) #78 %12 = icmp eq %struct.task_struct* %11, null br i1 %12, label %73, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct* nonnull %11, i1 zeroext %20) #78 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 16 %5 = icmp eq i32 %4, 0 br i1 %5, label %57, label %6 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 16 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = icmp eq %struct.task_struct* %8, %10 br i1 %11, label %12, label %57 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %14 = load volatile i32, i32* %13, align 8 %15 = icmp eq i32 %14, 8 br i1 %15, label %16, label %17, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5458, i64 0, i64 0), i32 259, i32 2305, i64 12) #6, !srcloc !7 br label %17 br i1 %1, label %57, label %18 %58 = phi i1 [ true, %2 ], [ true, %48 ], [ true, %6 ], [ true, %18 ], [ true, %51 ], [ true, %54 ], [ false, %45 ], [ false, %17 ] %59 = phi i32 [ -3, %2 ], [ -3, %48 ], [ -3, %6 ], [ -3, %18 ], [ -3, %51 ], [ -3, %54 ], [ 0, %45 ], [ 0, %17 ] %60 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %61 = or i1 %58, %1 %62 = select i1 %58, i32 %59, i32 0 br i1 %61, label %71, label %63 %64 = tail call i64 @wait_task_inactive(%struct.task_struct* %0, i32 8) #78 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %6 = icmp eq i32 %1, 0 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 75 %11 = bitcast i64* %3 to i8* br label %12 %13 = load volatile i32, i32* %4, align 8 %14 = load i32, i32* %5, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %23, label %16 br i1 %6, label %20, label %17 %18 = load volatile i32, i32* %7, align 8 %19 = icmp eq i32 %18, %1 br i1 %19, label %20, label %91, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = load i32, i32* %5, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %16 br label %24 %25 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %9) #78 %26 = load volatile i32, i32* %4, align 8 %27 = zext i32 %26 to i64 %28 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %27 %29 = load i64, i64* %28, align 8 %30 = add i64 %29, ptrtoint (%struct.rq* @runqueues to i64) %31 = inttoptr i64 %30 to %struct.rq* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %32 = getelementptr inbounds %struct.rq, %struct.rq* %31, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %32) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %33 = load volatile i32, i32* %4, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %34 %36 = load i64, i64* %35, align 8 %37 = add i64 %36, ptrtoint (%struct.rq* @runqueues to i64) %38 = inttoptr i64 %37 to %struct.rq* %39 = icmp eq %struct.rq* %31, %38 br i1 %39, label %40, label %43, !prof !4 %41 = load volatile i32, i32* %8, align 8 %42 = icmp eq i32 %41, 2 br i1 %42, label %43, label %51, !prof !9, !misexpect !10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@wait_task_inactive, %52)) #6 to label %66 [label %52], !srcloc !13 %67 = load i32, i32* %5, align 4 %68 = load i32, i32* %8, align 8 %69 = icmp eq i32 %68, 1 br i1 %6, label %73, label %70 %74 = load i64, i64* %10, align 8 %75 = or i64 %74, -9223372036854775808 br label %76 %77 = phi i64 [ %75, %73 ], [ 0, %70 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %78 = inttoptr i64 %30 to i8* store volatile i8 0, i8* %78, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %9, i64 %25) #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %91, label %80, !prof !9, !misexpect !5 %81 = icmp eq i32 %67, 0 br i1 %81, label %84, label %82, !prof !4, !misexpect !5 br i1 %69, label %85, label %91, !prof !9, !misexpect !5 store i64 1000000, i64* %3, align 8 %86 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !18 %87 = inttoptr i64 %86 to %struct.task_struct* %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %87, i64 0, i32 1 %89 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %88, i32 2, i32* %88) #6, !srcloc !19 %90 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #78 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #78 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #78 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_sys_poll 3 __se_sys_poll 4 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.174* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #78 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #78 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.174* %5, i32 %6, %struct.cpu_itimer* %28) #78 Function:do_sys_poll %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = alloca [32 x i64], align 16 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = bitcast [32 x i64]* %6 to i8* %9 = bitcast [32 x i64]* %6 to %struct.poll_list* %10 = getelementptr inbounds [32 x i64], [32 x i64]* %6, i64 0, i64 1 %11 = bitcast i64* %10 to i32* %12 = bitcast [32 x i64]* %6 to %struct.poll_list** %13 = zext i32 %1 to i64 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 95 %17 = load %struct.signal_struct*, %struct.signal_struct** %16, align 32 %18 = getelementptr %struct.signal_struct, %struct.signal_struct* %17, i64 0, i32 49, i64 7, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = icmp ult i64 %19, %13 br i1 %20, label %292, label %21 %22 = icmp ult i32 %1, 30 %23 = getelementptr %struct.anon.174, %struct.anon.174* %0, i64 %13 %24 = select i1 %22, i32 %1, i32 30 br label %25 %26 = phi i64 [ %50, %52 ], [ %13, %21 ] %27 = phi %struct.poll_list* [ %59, %52 ], [ %9, %21 ] %28 = phi i32 [ %55, %52 ], [ %24, %21 ] %29 = phi %struct.poll_list** [ %62, %52 ], [ %12, %21 ] %30 = phi i32* [ %61, %52 ], [ %11, %21 ] store %struct.poll_list* null, %struct.poll_list** %29, align 8 store i32 %28, i32* %30, align 8 %31 = icmp eq i32 %28, 0 br i1 %31, label %65, label %32 %33 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %27, i64 0, i32 1 %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = shl nsw i64 %35, 3 %37 = icmp ugt i64 %36, 2147483647 br i1 %37, label %38, label %39, !prof !5, !misexpect !6 %40 = sub i64 0, %26 %41 = getelementptr %struct.anon.174, %struct.anon.174* %23, i64 %40 %42 = bitcast %struct.anon.174* %41 to i8* %43 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %27, i64 0, i32 2, i64 0 %44 = bitcast %struct.anon.174* %43 to i8* %45 = call i64 @_copy_from_user(i8* %44, i8* %42, i64 %36) #78 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %281 %48 = load i32, i32* %33, align 8 %49 = sext i32 %48 to i64 %50 = sub i64 %26, %49 %51 = icmp eq i64 %50, 0 br i1 %51, label %65, label %52 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %70, align 4 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %72, align 8 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %74 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %75 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %76 = icmp eq i32 %75, 0 %77 = select i1 %76, i32 0, i32 32768 %78 = icmp eq %struct.cpu_itimer* %2, null br i1 %78, label %90, label %79 %80 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %88 %84 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %87, label %88 %89 = call i64 @select_estimate_accuracy(%struct.cpu_itimer* nonnull %2) #78 br label %90 %91 = phi i32 [ 0, %88 ], [ 1, %87 ], [ 0, %65 ] %92 = phi i64 [ %89, %88 ], [ 0, %87 ], [ 0, %65 ] %93 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %94 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %95 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 0, i32 0 %96 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 1 br label %97 %98 = phi i64* [ null, %90 ], [ %232, %238 ] %99 = phi i32 [ %91, %90 ], [ %239, %238 ] %100 = phi i32 [ 0, %90 ], [ %197, %238 ] %101 = phi i32 [ %77, %90 ], [ 0, %238 ] %102 = phi i64 [ 0, %90 ], [ %107, %238 ] br label %103 %104 = phi i32 [ %99, %97 ], [ 0, %207 ] %105 = phi i32 [ %100, %97 ], [ %197, %207 ] %106 = phi i32 [ %101, %97 ], [ %179, %207 ] %107 = phi i64 [ %102, %97 ], [ %210, %207 ] %108 = icmp eq i64 %107, 0 br label %109 %110 = phi i32 [ 0, %214 ], [ %104, %103 ] %111 = phi i32 [ %197, %214 ], [ %105, %103 ] %112 = phi i32 [ %179, %214 ], [ %106, %103 ] br label %113 %114 = phi %struct.poll_list* [ %181, %176 ], [ %9, %109 ] %115 = phi i32 [ %179, %176 ], [ %112, %109 ] %116 = phi i32 [ %178, %176 ], [ %111, %109 ] %117 = phi i8 [ %177, %176 ], [ 0, %109 ] %118 = phi i32* [ %182, %176 ], [ %11, %109 ] %119 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %114, i64 0, i32 2, i64 0 %120 = load i32, i32* %118, align 8 %121 = sext i32 %120 to i64 %122 = getelementptr %struct.poll_list, %struct.poll_list* %114, i64 0, i32 2, i64 %121 %123 = icmp eq %struct.anon.174* %119, %122 br i1 %123, label %176, label %124 %125 = phi %struct.anon.174* [ %174, %170 ], [ %119, %113 ] %126 = phi i32 [ %173, %170 ], [ %115, %113 ] %127 = phi i32 [ %172, %170 ], [ %116, %113 ] %128 = phi i8 [ %171, %170 ], [ %117, %113 ] %129 = getelementptr inbounds %struct.anon.174, %struct.anon.174* %125, i64 0, i32 0 %130 = load i32, i32* %129, align 4 %131 = icmp slt i32 %130, 0 br i1 %131, label %132, label %134 %135 = call i64 @__fdget(i32 %130) #78 %136 = and i64 %135, -4 %137 = inttoptr i64 %136 to %struct.file* %138 = icmp eq i64 %136, 0 br i1 %138, label %139, label %141 %142 = getelementptr inbounds %struct.anon.174, %struct.anon.174* %125, i64 0, i32 1 %143 = load i16, i16* %142, align 4 %144 = and i16 %143, 10215 %145 = or i16 %144, 24 %146 = zext i16 %145 to i32 %147 = or i32 %126, %146 store i32 %147, i32* %67, align 8 %148 = getelementptr inbounds %struct.file, %struct.file* %137, i64 0, i32 3 %149 = load %struct.file_operations*, %struct.file_operations** %148, align 8 %150 = getelementptr inbounds %struct.file_operations, %struct.file_operations* %149, i64 0, i32 9 %151 = load i32 (%struct.file*, %struct.poll_table_struct*)*, i32 (%struct.file*, %struct.poll_table_struct*)** %150, align 8 %152 = icmp eq i32 (%struct.file*, %struct.poll_table_struct*)* %151, null br i1 %152, label %155, label %153, !prof !5, !misexpect !6 %154 = call i32 %151(%struct.file* nonnull %137, %struct.poll_table_struct* nonnull %73) #78 br label %155 %156 = phi i32 [ %154, %153 ], [ 325, %141 ] %157 = and i32 %156, %126 %158 = icmp eq i32 %157, 0 %159 = select i1 %158, i8 %128, i8 1 %160 = and i32 %156, %146 %161 = and i64 %135, 1 %162 = icmp eq i64 %161, 0 br i1 %162, label %164, label %163 call void bitcast (void (%struct.file.145046*)* @fput to void (%struct.file*)*)(%struct.file* nonnull %137) #78 br label %164 %165 = trunc i32 %160 to i16 %166 = getelementptr inbounds %struct.anon.174, %struct.anon.174* %125, i64 0, i32 2 store i16 %165, i16* %166, align 2 %167 = icmp eq i32 %160, 0 br i1 %167, label %170, label %168 %169 = add i32 %127, 1 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %66, align 8 br label %170 %171 = phi i8 [ %159, %164 ], [ 0, %168 ], [ %128, %132 ] %172 = phi i32 [ %127, %164 ], [ %169, %168 ], [ %127, %132 ] %173 = phi i32 [ %126, %164 ], [ 0, %168 ], [ %126, %132 ] %174 = getelementptr %struct.anon.174, %struct.anon.174* %125, i64 1 %175 = icmp eq %struct.anon.174* %174, %122 br i1 %175, label %176, label %124 %177 = phi i8 [ %117, %113 ], [ %171, %170 ] %178 = phi i32 [ %116, %113 ], [ %172, %170 ] %179 = phi i32 [ %115, %113 ], [ %173, %170 ] %180 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %114, i64 0, i32 0 %181 = load %struct.poll_list*, %struct.poll_list** %180, align 8 %182 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %181, i64 0, i32 1 %183 = icmp eq %struct.poll_list* %181, null br i1 %183, label %184, label %113 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %66, align 8 %185 = icmp eq i32 %178, 0 br i1 %185, label %186, label %196 %187 = load i32, i32* %70, align 4 %188 = load volatile i64, i64* %95, align 8 %189 = and i64 %188, 131072 %190 = icmp eq i64 %189, 0 br i1 %190, label %191, label %196, !prof !8, !misexpect !6 %192 = load volatile i64, i64* %95, align 8 %193 = and i64 %192, 4 %194 = icmp eq i64 %193, 0 %195 = select i1 %194, i32 %187, i32 -514 br label %196 %197 = phi i32 [ %178, %184 ], [ -514, %186 ], [ %195, %191 ] %198 = or i32 %197, %110 %199 = icmp eq i32 %198, 0 br i1 %199, label %200, label %245 %201 = icmp eq i8 %177, 0 br i1 %201, label %221, label %202 %203 = load volatile i64, i64* %95, align 8 %204 = and i64 %203, 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %206, label %221 br i1 %108, label %207, label %211 %212 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %213 = icmp eq i32 %212, 0 br i1 %213, label %221, label %214 %215 = zext i32 %212 to i64 %216 = add nuw nsw i64 %107, %215 %217 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %218 = call i64 @sched_clock_cpu(i32 %217) #78 %219 = lshr i64 %218, 10 %220 = icmp ult i64 %216, %219 br i1 %220, label %221, label %109 %222 = icmp ne i64* %98, null %223 = or i1 %78, %222 br i1 %223, label %231, label %224 %225 = load i64, i64* %93, align 8 %226 = load i64, i64* %94, align 8 %227 = icmp sgt i64 %225, 9223372035 %228 = mul i64 %225, 1000000000 %229 = add i64 %228, %226 %230 = select i1 %227, i64 9223372036854775807, i64 %229, !prof !5 store i64 %230, i64* %4, align 8 br label %231 %232 = phi i64* [ %98, %221 ], [ %4, %224 ] %233 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %96, i32 1, i32* %96) #6, !srcloc !10 %234 = load i32, i32* %69, align 8 %235 = icmp eq i32 %234, 0 br i1 %235, label %240, label %236 %241 = call i32 @schedule_hrtimeout_range(i64* %232, i64 %92, i32 0) #78 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #78 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #78 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_sys_poll 3 __se_sys_poll 4 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.174* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #78 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #78 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.174* %5, i32 %6, %struct.cpu_itimer* %28) #78 Function:do_sys_poll %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = alloca [32 x i64], align 16 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = bitcast [32 x i64]* %6 to i8* %9 = bitcast [32 x i64]* %6 to %struct.poll_list* %10 = getelementptr inbounds [32 x i64], [32 x i64]* %6, i64 0, i64 1 %11 = bitcast i64* %10 to i32* %12 = bitcast [32 x i64]* %6 to %struct.poll_list** %13 = zext i32 %1 to i64 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 95 %17 = load %struct.signal_struct*, %struct.signal_struct** %16, align 32 %18 = getelementptr %struct.signal_struct, %struct.signal_struct* %17, i64 0, i32 49, i64 7, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = icmp ult i64 %19, %13 br i1 %20, label %292, label %21 %22 = icmp ult i32 %1, 30 %23 = getelementptr %struct.anon.174, %struct.anon.174* %0, i64 %13 %24 = select i1 %22, i32 %1, i32 30 br label %25 %26 = phi i64 [ %50, %52 ], [ %13, %21 ] %27 = phi %struct.poll_list* [ %59, %52 ], [ %9, %21 ] %28 = phi i32 [ %55, %52 ], [ %24, %21 ] %29 = phi %struct.poll_list** [ %62, %52 ], [ %12, %21 ] %30 = phi i32* [ %61, %52 ], [ %11, %21 ] store %struct.poll_list* null, %struct.poll_list** %29, align 8 store i32 %28, i32* %30, align 8 %31 = icmp eq i32 %28, 0 br i1 %31, label %65, label %32 %33 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %27, i64 0, i32 1 %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = shl nsw i64 %35, 3 %37 = icmp ugt i64 %36, 2147483647 br i1 %37, label %38, label %39, !prof !5, !misexpect !6 %40 = sub i64 0, %26 %41 = getelementptr %struct.anon.174, %struct.anon.174* %23, i64 %40 %42 = bitcast %struct.anon.174* %41 to i8* %43 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %27, i64 0, i32 2, i64 0 %44 = bitcast %struct.anon.174* %43 to i8* %45 = call i64 @_copy_from_user(i8* %44, i8* %42, i64 %36) #78 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %281 %48 = load i32, i32* %33, align 8 %49 = sext i32 %48 to i64 %50 = sub i64 %26, %49 %51 = icmp eq i64 %50, 0 br i1 %51, label %65, label %52 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %70, align 4 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %72, align 8 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %74 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %75 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %76 = icmp eq i32 %75, 0 %77 = select i1 %76, i32 0, i32 32768 %78 = icmp eq %struct.cpu_itimer* %2, null br i1 %78, label %90, label %79 %80 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %88 %84 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %87, label %88 %89 = call i64 @select_estimate_accuracy(%struct.cpu_itimer* nonnull %2) #78 br label %90 %91 = phi i32 [ 0, %88 ], [ 1, %87 ], [ 0, %65 ] %92 = phi i64 [ %89, %88 ], [ 0, %87 ], [ 0, %65 ] %93 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %94 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %95 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 0, i32 0 %96 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 1 br label %97 %98 = phi i64* [ null, %90 ], [ %232, %238 ] %99 = phi i32 [ %91, %90 ], [ %239, %238 ] %100 = phi i32 [ 0, %90 ], [ %197, %238 ] %101 = phi i32 [ %77, %90 ], [ 0, %238 ] %102 = phi i64 [ 0, %90 ], [ %107, %238 ] br label %103 %104 = phi i32 [ %99, %97 ], [ 0, %207 ] %105 = phi i32 [ %100, %97 ], [ %197, %207 ] %106 = phi i32 [ %101, %97 ], [ %179, %207 ] %107 = phi i64 [ %102, %97 ], [ %210, %207 ] %108 = icmp eq i64 %107, 0 br label %109 %110 = phi i32 [ 0, %214 ], [ %104, %103 ] %111 = phi i32 [ %197, %214 ], [ %105, %103 ] %112 = phi i32 [ %179, %214 ], [ %106, %103 ] br label %113 %114 = phi %struct.poll_list* [ %181, %176 ], [ %9, %109 ] %115 = phi i32 [ %179, %176 ], [ %112, %109 ] %116 = phi i32 [ %178, %176 ], [ %111, %109 ] %117 = phi i8 [ %177, %176 ], [ 0, %109 ] %118 = phi i32* [ %182, %176 ], [ %11, %109 ] %119 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %114, i64 0, i32 2, i64 0 %120 = load i32, i32* %118, align 8 %121 = sext i32 %120 to i64 %122 = getelementptr %struct.poll_list, %struct.poll_list* %114, i64 0, i32 2, i64 %121 %123 = icmp eq %struct.anon.174* %119, %122 br i1 %123, label %176, label %124 %125 = phi %struct.anon.174* [ %174, %170 ], [ %119, %113 ] %126 = phi i32 [ %173, %170 ], [ %115, %113 ] %127 = phi i32 [ %172, %170 ], [ %116, %113 ] %128 = phi i8 [ %171, %170 ], [ %117, %113 ] %129 = getelementptr inbounds %struct.anon.174, %struct.anon.174* %125, i64 0, i32 0 %130 = load i32, i32* %129, align 4 %131 = icmp slt i32 %130, 0 br i1 %131, label %132, label %134 %135 = call i64 @__fdget(i32 %130) #78 %136 = and i64 %135, -4 %137 = inttoptr i64 %136 to %struct.file* %138 = icmp eq i64 %136, 0 br i1 %138, label %139, label %141 %142 = getelementptr inbounds %struct.anon.174, %struct.anon.174* %125, i64 0, i32 1 %143 = load i16, i16* %142, align 4 %144 = and i16 %143, 10215 %145 = or i16 %144, 24 %146 = zext i16 %145 to i32 %147 = or i32 %126, %146 store i32 %147, i32* %67, align 8 %148 = getelementptr inbounds %struct.file, %struct.file* %137, i64 0, i32 3 %149 = load %struct.file_operations*, %struct.file_operations** %148, align 8 %150 = getelementptr inbounds %struct.file_operations, %struct.file_operations* %149, i64 0, i32 9 %151 = load i32 (%struct.file*, %struct.poll_table_struct*)*, i32 (%struct.file*, %struct.poll_table_struct*)** %150, align 8 %152 = icmp eq i32 (%struct.file*, %struct.poll_table_struct*)* %151, null br i1 %152, label %155, label %153, !prof !5, !misexpect !6 %154 = call i32 %151(%struct.file* nonnull %137, %struct.poll_table_struct* nonnull %73) #78 br label %155 %156 = phi i32 [ %154, %153 ], [ 325, %141 ] %157 = and i32 %156, %126 %158 = icmp eq i32 %157, 0 %159 = select i1 %158, i8 %128, i8 1 %160 = and i32 %156, %146 %161 = and i64 %135, 1 %162 = icmp eq i64 %161, 0 br i1 %162, label %164, label %163 call void bitcast (void (%struct.file.145046*)* @fput to void (%struct.file*)*)(%struct.file* nonnull %137) #78 br label %164 %165 = trunc i32 %160 to i16 %166 = getelementptr inbounds %struct.anon.174, %struct.anon.174* %125, i64 0, i32 2 store i16 %165, i16* %166, align 2 %167 = icmp eq i32 %160, 0 br i1 %167, label %170, label %168 %169 = add i32 %127, 1 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %66, align 8 br label %170 %171 = phi i8 [ %159, %164 ], [ 0, %168 ], [ %128, %132 ] %172 = phi i32 [ %127, %164 ], [ %169, %168 ], [ %127, %132 ] %173 = phi i32 [ %126, %164 ], [ 0, %168 ], [ %126, %132 ] %174 = getelementptr %struct.anon.174, %struct.anon.174* %125, i64 1 %175 = icmp eq %struct.anon.174* %174, %122 br i1 %175, label %176, label %124 %177 = phi i8 [ %117, %113 ], [ %171, %170 ] %178 = phi i32 [ %116, %113 ], [ %172, %170 ] %179 = phi i32 [ %115, %113 ], [ %173, %170 ] %180 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %114, i64 0, i32 0 %181 = load %struct.poll_list*, %struct.poll_list** %180, align 8 %182 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %181, i64 0, i32 1 %183 = icmp eq %struct.poll_list* %181, null br i1 %183, label %184, label %113 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %66, align 8 %185 = icmp eq i32 %178, 0 br i1 %185, label %186, label %196 %187 = load i32, i32* %70, align 4 %188 = load volatile i64, i64* %95, align 8 %189 = and i64 %188, 131072 %190 = icmp eq i64 %189, 0 br i1 %190, label %191, label %196, !prof !8, !misexpect !6 %192 = load volatile i64, i64* %95, align 8 %193 = and i64 %192, 4 %194 = icmp eq i64 %193, 0 %195 = select i1 %194, i32 %187, i32 -514 br label %196 %197 = phi i32 [ %178, %184 ], [ -514, %186 ], [ %195, %191 ] %198 = or i32 %197, %110 %199 = icmp eq i32 %198, 0 br i1 %199, label %200, label %245 %201 = icmp eq i8 %177, 0 br i1 %201, label %221, label %202 %203 = load volatile i64, i64* %95, align 8 %204 = and i64 %203, 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %206, label %221 br i1 %108, label %207, label %211 %212 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %213 = icmp eq i32 %212, 0 br i1 %213, label %221, label %214 %215 = zext i32 %212 to i64 %216 = add nuw nsw i64 %107, %215 %217 = call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %218 = call i64 @sched_clock_cpu(i32 %217) #78 %219 = lshr i64 %218, 10 %220 = icmp ult i64 %216, %219 br i1 %220, label %221, label %109 %222 = icmp ne i64* %98, null %223 = or i1 %78, %222 br i1 %223, label %231, label %224 %225 = load i64, i64* %93, align 8 %226 = load i64, i64* %94, align 8 %227 = icmp sgt i64 %225, 9223372035 %228 = mul i64 %225, 1000000000 %229 = add i64 %228, %226 %230 = select i1 %227, i64 9223372036854775807, i64 %229, !prof !5 store i64 %230, i64* %4, align 8 br label %231 %232 = phi i64* [ %98, %221 ], [ %4, %224 ] %233 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %96, i32 1, i32* %96) #6, !srcloc !10 %234 = load i32, i32* %69, align 8 %235 = icmp eq i32 %234, 0 br i1 %235, label %240, label %236 %241 = call i32 @schedule_hrtimeout_range(i64* %232, i64 %92, i32 0) #78 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #78 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #78 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_select 3 compat_core_sys_select 4 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.gnet_stats_queue, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = bitcast %struct.gnet_stats_queue* %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = call i64 @_copy_from_user(i8* nonnull %8, i8* %9, i64 20) #78 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %71 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = inttoptr i64 %17 to i32* %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = inttoptr i64 %21 to i32* %23 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = inttoptr i64 %25 to i32* %27 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = zext i32 %28 to i64 %30 = inttoptr i64 %29 to i8* %31 = bitcast i64* %3 to %struct.util_est* %32 = bitcast %struct.cpu_itimer* %2 to i8* %33 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %34 = icmp eq i32 %28, 0 br i1 %34, label %64, label %35 %36 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %30, i64 8) #78 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %69 %39 = bitcast i64* %3 to i32* %40 = load i32, i32* %39, align 8 %41 = sext i32 %40 to i64 %42 = getelementptr inbounds %struct.util_est, %struct.util_est* %31, i64 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = sdiv i64 %44, 1000000 %46 = add nsw i64 %45, %41 %47 = srem i64 %44, 1000000 %48 = mul nsw i64 %47, 1000 %49 = icmp sgt i64 %46, -1 %50 = icmp ult i64 %48, 1000000000 %51 = and i1 %49, %50 br i1 %51, label %52, label %69 %53 = or i64 %48, %46 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %56 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %2) #78 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %58 = load i64, i64* %57, align 8 %59 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %60 = load i64, i64* %59, align 8 %61 = call { i64, i64 } @timespec64_add_safe(i64 %58, i64 %60, i64 %46, i64 %48) #78 %62 = extractvalue { i64, i64 } %61, 0 %63 = extractvalue { i64, i64 } %61, 1 store i64 %62, i64* %57, align 8 store i64 %63, i64* %59, align 8 br label %64 %65 = phi %struct.cpu_itimer* [ null, %12 ], [ %2, %56 ], [ %2, %55 ] %66 = call fastcc i32 @compat_core_sys_select(i32 %14, i32* %18, i32* %22, i32* %26, %struct.cpu_itimer* %65) #78 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !7, !misexpect !8 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #78 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #78 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #79 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = sext i32 %0 to i64 %12 = and i64 %11, 63 %13 = lshr i64 %11, 6 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 92 %17 = load %struct.files_struct*, %struct.files_struct** %16, align 8 %18 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %17, i64 0, i32 3 %19 = load volatile %struct.fdtable*, %struct.fdtable** %18, align 32 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 3 %21 = load i64*, i64** %20, align 8 %22 = getelementptr i64, i64* %21, i64 %13 %23 = icmp eq i64 %12, 0 br i1 %23, label %48, label %24 %49 = phi i32 [ %96, %93 ], [ 0, %24 ], [ 0, %3 ] %50 = phi i64* [ %85, %93 ], [ %22, %24 ], [ %22, %3 ] %51 = phi i64 [ %86, %93 ], [ %13, %24 ], [ %13, %3 ] %52 = icmp eq i64 %51, 0 br i1 %52, label %97, label %53 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %55 = load i64*, i64** %54, align 8 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %59 = load i64*, i64** %58, align 8 %60 = icmp eq i32 %49, 0 br label %61 %62 = phi i64 [ %51, %53 ], [ %65, %75 ] %63 = phi i64* [ %50, %53 ], [ %64, %75 ] %64 = getelementptr i64, i64* %63, i64 -1 %65 = add i64 %62, -1 %66 = getelementptr i64, i64* %55, i64 %65 %67 = load i64, i64* %66, align 8 %68 = getelementptr i64, i64* %57, i64 %65 %69 = load i64, i64* %68, align 8 %70 = or i64 %69, %67 %71 = getelementptr i64, i64* %59, i64 %65 %72 = load i64, i64* %71, align 8 %73 = or i64 %70, %72 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %77 %78 = load i64, i64* %64, align 8 %79 = xor i64 %78, -1 %80 = and i64 %73, %79 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %97 br i1 %60, label %83, label %75 %76 = icmp eq i64 %65, 0 br i1 %76, label %97, label %61 %98 = phi i32 [ -9, %43 ], [ %49, %48 ], [ %49, %75 ], [ -9, %77 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %99 = icmp slt i32 %98, 0 br i1 %99, label %370, label %100 %101 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %102 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %102, align 8 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %105, align 4 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %109 = icmp eq %struct.cpu_itimer* %2, null br i1 %109, label %121, label %110 %111 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %112 = load i64, i64* %111, align 8 %113 = icmp eq i64 %112, 0 br i1 %113, label %114, label %119 %115 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %119 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 br label %121 %122 = phi i32 [ 0, %119 ], [ 1, %118 ], [ 0, %100 ] %123 = phi i64 [ %120, %119 ], [ 0, %118 ], [ 0, %100 ] %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 0, i32 0 %125 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %126 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %127 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %128 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %129 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %130 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %131 = icmp sgt i32 %98, 0 %132 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %133 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %134 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 1 br label %135 %136 = phi i32 [ 0, %330 ], [ %122, %121 ] %137 = phi i32 [ %307, %330 ], [ %10, %121 ] %138 = phi i64 [ %333, %330 ], [ 0, %121 ] %139 = phi i64* [ %144, %330 ], [ null, %121 ] %140 = icmp eq i64 %138, 0 br label %141 %142 = phi i32 [ %136, %135 ], [ %362, %361 ] %143 = phi i32 [ %137, %135 ], [ 0, %361 ] %144 = phi i64* [ %139, %135 ], [ %355, %361 ] br label %145 %146 = phi i32 [ 0, %337 ], [ %142, %141 ] %147 = phi i32 [ %307, %337 ], [ %143, %141 ] br i1 %131, label %148, label %305 %149 = load i64*, i64** %130, align 8 %150 = load i64*, i64** %129, align 8 %151 = load i64*, i64** %128, align 8 %152 = load i64*, i64** %127, align 8 %153 = load i64*, i64** %126, align 8 %154 = load i64*, i64** %125, align 8 br label %155 %156 = phi i8 [ %300, %296 ], [ 0, %148 ] %157 = phi i64* [ %170, %296 ], [ %152, %148 ] %158 = phi i64* [ %168, %296 ], [ %153, %148 ] %159 = phi i64* [ %166, %296 ], [ %154, %148 ] %160 = phi i64* [ %303, %296 ], [ %149, %148 ] %161 = phi i64* [ %302, %296 ], [ %150, %148 ] %162 = phi i64* [ %301, %296 ], [ %151, %148 ] %163 = phi i32 [ %299, %296 ], [ %147, %148 ] %164 = phi i32 [ %298, %296 ], [ 0, %148 ] %165 = phi i32 [ %297, %296 ], [ 0, %148 ] %166 = getelementptr i64, i64* %159, i64 1 %167 = load i64, i64* %159, align 8 %168 = getelementptr i64, i64* %158, i64 1 %169 = load i64, i64* %158, align 8 %170 = getelementptr i64, i64* %157, i64 1 %171 = load i64, i64* %157, align 8 %172 = or i64 %169, %167 %173 = or i64 %172, %171 %174 = icmp eq i64 %173, 0 br i1 %174, label %180, label %175 %176 = icmp slt i32 %98, %164 %177 = sub i32 %98, %164 %178 = select i1 %176, i32 0, i32 %177 %179 = zext i32 %178 to i64 br label %182 %183 = phi i64 [ %273, %267 ], [ 0, %175 ] %184 = phi i64 [ %272, %267 ], [ 0, %175 ] %185 = phi i64 [ %271, %267 ], [ 0, %175 ] %186 = phi i64 [ %274, %267 ], [ 0, %175 ] %187 = phi i64 [ %276, %267 ], [ 1, %175 ] %188 = phi i8 [ %270, %267 ], [ %156, %175 ] %189 = phi i32 [ %269, %267 ], [ %163, %175 ] %190 = phi i32 [ %275, %267 ], [ %164, %175 ] %191 = phi i32 [ %268, %267 ], [ %165, %175 ] %192 = icmp eq i64 %186, %179 br i1 %192, label %278, label %193 %194 = and i64 %187, %173 %195 = icmp eq i64 %194, 0 br i1 %195, label %267, label %196 %268 = phi i32 [ 0, %263 ], [ %256, %261 ], [ %191, %193 ] %269 = phi i32 [ %189, %263 ], [ 0, %261 ], [ %189, %193 ] %270 = phi i8 [ %266, %263 ], [ 0, %261 ], [ %188, %193 ] %271 = phi i64 [ %236, %263 ], [ %236, %261 ], [ %185, %193 ] %272 = phi i64 [ %246, %263 ], [ %246, %261 ], [ %184, %193 ] %273 = phi i64 [ %258, %263 ], [ %258, %261 ], [ %183, %193 ] %274 = add nuw nsw i64 %186, 1 %275 = add nsw i32 %190, 1 %276 = shl i64 %187, 1 %277 = icmp eq i64 %274, 64 br i1 %277, label %278, label %182 %279 = phi i32 [ %191, %182 ], [ %268, %267 ] %280 = phi i32 [ %190, %182 ], [ %275, %267 ] %281 = phi i32 [ %189, %182 ], [ %269, %267 ] %282 = phi i8 [ %188, %182 ], [ %270, %267 ] %283 = phi i64 [ %185, %182 ], [ %271, %267 ] %284 = phi i64 [ %184, %182 ], [ %272, %267 ] %285 = phi i64 [ %183, %182 ], [ %273, %267 ] %286 = icmp eq i64 %283, 0 br i1 %286, label %288, label %287 %289 = icmp eq i64 %284, 0 br i1 %289, label %291, label %290 %292 = icmp eq i64 %285, 0 br i1 %292, label %294, label %293 %295 = call i32 @__cond_resched() #78 br label %296 %297 = phi i32 [ %165, %180 ], [ %279, %294 ] %298 = phi i32 [ %181, %180 ], [ %280, %294 ] %299 = phi i32 [ %163, %180 ], [ %281, %294 ] %300 = phi i8 [ %156, %180 ], [ %282, %294 ] %301 = getelementptr i64, i64* %162, i64 1 %302 = getelementptr i64, i64* %161, i64 1 %303 = getelementptr i64, i64* %160, i64 1 %304 = icmp slt i32 %298, %98 br i1 %304, label %155, label %305 %306 = phi i32 [ 0, %145 ], [ %297, %296 ] %307 = phi i32 [ %147, %145 ], [ %299, %296 ] %308 = phi i8 [ 0, %145 ], [ %300, %296 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %309 = or i32 %306, %146 %310 = icmp eq i32 %309, 0 br i1 %310, label %311, label %368 %312 = load volatile i64, i64* %124, align 8 %313 = and i64 %312, 131072 %314 = icmp eq i64 %313, 0 br i1 %314, label %315, label %368, !prof !9, !misexpect !8 %316 = load volatile i64, i64* %124, align 8 %317 = and i64 %316, 4 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %368 %320 = load i32, i32* %105, align 4 %321 = icmp eq i32 %320, 0 br i1 %321, label %322, label %368 %323 = and i8 %308, 1 %324 = icmp eq i8 %323, 0 br i1 %324, label %344, label %325 %326 = load volatile i64, i64* %124, align 8 %327 = and i64 %326, 8 %328 = icmp eq i64 %327, 0 br i1 %328, label %329, label %344 %345 = icmp ne i64* %144, null %346 = or i1 %109, %345 br i1 %346, label %354, label %347 %355 = phi i64* [ %144, %344 ], [ %4, %347 ] %356 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %134, i32 1, i32* %134) #6, !srcloc !11 %357 = load i32, i32* %104, align 8 %358 = icmp eq i32 %357, 0 br i1 %358, label %363, label %359 %364 = call i32 @schedule_hrtimeout_range(i64* %355, i64 %123, i32 0) #78 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #78 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #78 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_select 3 compat_core_sys_select 4 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to i32* %20 = inttoptr i64 %11 to i32* %21 = inttoptr i64 %14 to i32* %22 = bitcast i64* %3 to %struct.util_est* %23 = bitcast %struct.cpu_itimer* %2 to i8* %24 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %25 = icmp eq i64 %17, 0 %26 = inttoptr i64 %17 to i8* br i1 %25, label %56, label %27 %28 = call i64 @_copy_from_user(i8* nonnull %24, i8* nonnull %26, i64 8) #78 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %61 %31 = bitcast i64* %3 to i32* %32 = load i32, i32* %31, align 8 %33 = sext i32 %32 to i64 %34 = getelementptr inbounds %struct.util_est, %struct.util_est* %22, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = sdiv i64 %36, 1000000 %38 = add nsw i64 %37, %33 %39 = srem i64 %36, 1000000 %40 = mul nsw i64 %39, 1000 %41 = icmp sgt i64 %38, -1 %42 = icmp ult i64 %40, 1000000000 %43 = and i1 %41, %42 br i1 %43, label %44, label %61 %45 = or i64 %40, %38 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %48 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %2) #78 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %38, i64 %40) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 store i64 %54, i64* %49, align 8 store i64 %55, i64* %51, align 8 br label %56 %57 = phi %struct.cpu_itimer* [ null, %1 ], [ %2, %48 ], [ %2, %47 ] %58 = call fastcc i32 @compat_core_sys_select(i32 %18, i32* %19, i32* %20, i32* %21, %struct.cpu_itimer* %57) #78 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !7, !misexpect !8 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #78 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #78 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #79 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = sext i32 %0 to i64 %12 = and i64 %11, 63 %13 = lshr i64 %11, 6 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 92 %17 = load %struct.files_struct*, %struct.files_struct** %16, align 8 %18 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %17, i64 0, i32 3 %19 = load volatile %struct.fdtable*, %struct.fdtable** %18, align 32 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 3 %21 = load i64*, i64** %20, align 8 %22 = getelementptr i64, i64* %21, i64 %13 %23 = icmp eq i64 %12, 0 br i1 %23, label %48, label %24 %49 = phi i32 [ %96, %93 ], [ 0, %24 ], [ 0, %3 ] %50 = phi i64* [ %85, %93 ], [ %22, %24 ], [ %22, %3 ] %51 = phi i64 [ %86, %93 ], [ %13, %24 ], [ %13, %3 ] %52 = icmp eq i64 %51, 0 br i1 %52, label %97, label %53 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %55 = load i64*, i64** %54, align 8 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %59 = load i64*, i64** %58, align 8 %60 = icmp eq i32 %49, 0 br label %61 %62 = phi i64 [ %51, %53 ], [ %65, %75 ] %63 = phi i64* [ %50, %53 ], [ %64, %75 ] %64 = getelementptr i64, i64* %63, i64 -1 %65 = add i64 %62, -1 %66 = getelementptr i64, i64* %55, i64 %65 %67 = load i64, i64* %66, align 8 %68 = getelementptr i64, i64* %57, i64 %65 %69 = load i64, i64* %68, align 8 %70 = or i64 %69, %67 %71 = getelementptr i64, i64* %59, i64 %65 %72 = load i64, i64* %71, align 8 %73 = or i64 %70, %72 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %77 %78 = load i64, i64* %64, align 8 %79 = xor i64 %78, -1 %80 = and i64 %73, %79 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %97 br i1 %60, label %83, label %75 %76 = icmp eq i64 %65, 0 br i1 %76, label %97, label %61 %98 = phi i32 [ -9, %43 ], [ %49, %48 ], [ %49, %75 ], [ -9, %77 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %99 = icmp slt i32 %98, 0 br i1 %99, label %370, label %100 %101 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %102 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %102, align 8 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %105, align 4 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %109 = icmp eq %struct.cpu_itimer* %2, null br i1 %109, label %121, label %110 %111 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %112 = load i64, i64* %111, align 8 %113 = icmp eq i64 %112, 0 br i1 %113, label %114, label %119 %115 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %119 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 br label %121 %122 = phi i32 [ 0, %119 ], [ 1, %118 ], [ 0, %100 ] %123 = phi i64 [ %120, %119 ], [ 0, %118 ], [ 0, %100 ] %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 0, i32 0 %125 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %126 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %127 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %128 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %129 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %130 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %131 = icmp sgt i32 %98, 0 %132 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %133 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %134 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 1 br label %135 %136 = phi i32 [ 0, %330 ], [ %122, %121 ] %137 = phi i32 [ %307, %330 ], [ %10, %121 ] %138 = phi i64 [ %333, %330 ], [ 0, %121 ] %139 = phi i64* [ %144, %330 ], [ null, %121 ] %140 = icmp eq i64 %138, 0 br label %141 %142 = phi i32 [ %136, %135 ], [ %362, %361 ] %143 = phi i32 [ %137, %135 ], [ 0, %361 ] %144 = phi i64* [ %139, %135 ], [ %355, %361 ] br label %145 %146 = phi i32 [ 0, %337 ], [ %142, %141 ] %147 = phi i32 [ %307, %337 ], [ %143, %141 ] br i1 %131, label %148, label %305 %149 = load i64*, i64** %130, align 8 %150 = load i64*, i64** %129, align 8 %151 = load i64*, i64** %128, align 8 %152 = load i64*, i64** %127, align 8 %153 = load i64*, i64** %126, align 8 %154 = load i64*, i64** %125, align 8 br label %155 %156 = phi i8 [ %300, %296 ], [ 0, %148 ] %157 = phi i64* [ %170, %296 ], [ %152, %148 ] %158 = phi i64* [ %168, %296 ], [ %153, %148 ] %159 = phi i64* [ %166, %296 ], [ %154, %148 ] %160 = phi i64* [ %303, %296 ], [ %149, %148 ] %161 = phi i64* [ %302, %296 ], [ %150, %148 ] %162 = phi i64* [ %301, %296 ], [ %151, %148 ] %163 = phi i32 [ %299, %296 ], [ %147, %148 ] %164 = phi i32 [ %298, %296 ], [ 0, %148 ] %165 = phi i32 [ %297, %296 ], [ 0, %148 ] %166 = getelementptr i64, i64* %159, i64 1 %167 = load i64, i64* %159, align 8 %168 = getelementptr i64, i64* %158, i64 1 %169 = load i64, i64* %158, align 8 %170 = getelementptr i64, i64* %157, i64 1 %171 = load i64, i64* %157, align 8 %172 = or i64 %169, %167 %173 = or i64 %172, %171 %174 = icmp eq i64 %173, 0 br i1 %174, label %180, label %175 %176 = icmp slt i32 %98, %164 %177 = sub i32 %98, %164 %178 = select i1 %176, i32 0, i32 %177 %179 = zext i32 %178 to i64 br label %182 %183 = phi i64 [ %273, %267 ], [ 0, %175 ] %184 = phi i64 [ %272, %267 ], [ 0, %175 ] %185 = phi i64 [ %271, %267 ], [ 0, %175 ] %186 = phi i64 [ %274, %267 ], [ 0, %175 ] %187 = phi i64 [ %276, %267 ], [ 1, %175 ] %188 = phi i8 [ %270, %267 ], [ %156, %175 ] %189 = phi i32 [ %269, %267 ], [ %163, %175 ] %190 = phi i32 [ %275, %267 ], [ %164, %175 ] %191 = phi i32 [ %268, %267 ], [ %165, %175 ] %192 = icmp eq i64 %186, %179 br i1 %192, label %278, label %193 %194 = and i64 %187, %173 %195 = icmp eq i64 %194, 0 br i1 %195, label %267, label %196 %268 = phi i32 [ 0, %263 ], [ %256, %261 ], [ %191, %193 ] %269 = phi i32 [ %189, %263 ], [ 0, %261 ], [ %189, %193 ] %270 = phi i8 [ %266, %263 ], [ 0, %261 ], [ %188, %193 ] %271 = phi i64 [ %236, %263 ], [ %236, %261 ], [ %185, %193 ] %272 = phi i64 [ %246, %263 ], [ %246, %261 ], [ %184, %193 ] %273 = phi i64 [ %258, %263 ], [ %258, %261 ], [ %183, %193 ] %274 = add nuw nsw i64 %186, 1 %275 = add nsw i32 %190, 1 %276 = shl i64 %187, 1 %277 = icmp eq i64 %274, 64 br i1 %277, label %278, label %182 %279 = phi i32 [ %191, %182 ], [ %268, %267 ] %280 = phi i32 [ %190, %182 ], [ %275, %267 ] %281 = phi i32 [ %189, %182 ], [ %269, %267 ] %282 = phi i8 [ %188, %182 ], [ %270, %267 ] %283 = phi i64 [ %185, %182 ], [ %271, %267 ] %284 = phi i64 [ %184, %182 ], [ %272, %267 ] %285 = phi i64 [ %183, %182 ], [ %273, %267 ] %286 = icmp eq i64 %283, 0 br i1 %286, label %288, label %287 %289 = icmp eq i64 %284, 0 br i1 %289, label %291, label %290 %292 = icmp eq i64 %285, 0 br i1 %292, label %294, label %293 %295 = call i32 @__cond_resched() #78 br label %296 %297 = phi i32 [ %165, %180 ], [ %279, %294 ] %298 = phi i32 [ %181, %180 ], [ %280, %294 ] %299 = phi i32 [ %163, %180 ], [ %281, %294 ] %300 = phi i8 [ %156, %180 ], [ %282, %294 ] %301 = getelementptr i64, i64* %162, i64 1 %302 = getelementptr i64, i64* %161, i64 1 %303 = getelementptr i64, i64* %160, i64 1 %304 = icmp slt i32 %298, %98 br i1 %304, label %155, label %305 %306 = phi i32 [ 0, %145 ], [ %297, %296 ] %307 = phi i32 [ %147, %145 ], [ %299, %296 ] %308 = phi i8 [ 0, %145 ], [ %300, %296 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %309 = or i32 %306, %146 %310 = icmp eq i32 %309, 0 br i1 %310, label %311, label %368 %312 = load volatile i64, i64* %124, align 8 %313 = and i64 %312, 131072 %314 = icmp eq i64 %313, 0 br i1 %314, label %315, label %368, !prof !9, !misexpect !8 %316 = load volatile i64, i64* %124, align 8 %317 = and i64 %316, 4 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %368 %320 = load i32, i32* %105, align 4 %321 = icmp eq i32 %320, 0 br i1 %321, label %322, label %368 %323 = and i8 %308, 1 %324 = icmp eq i8 %323, 0 br i1 %324, label %344, label %325 %326 = load volatile i64, i64* %124, align 8 %327 = and i64 %326, 8 %328 = icmp eq i64 %327, 0 br i1 %328, label %329, label %344 %345 = icmp ne i64* %144, null %346 = or i1 %109, %345 br i1 %346, label %354, label %347 %355 = phi i64* [ %144, %344 ], [ %4, %347 ] %356 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %134, i32 1, i32* %134) #6, !srcloc !11 %357 = load i32, i32* %104, align 8 %358 = icmp eq i32 %357, 0 br i1 %358, label %363, label %359 %364 = call i32 @schedule_hrtimeout_range(i64* %355, i64 %123, i32 0) #78 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #78 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #78 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_select 3 core_sys_select 4 __se_sys_select 5 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #78 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #78 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #78 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #78 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !7, !misexpect !8 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #78 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !7, !misexpect !8 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #78 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !7, !misexpect !8 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #78 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #79 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = sext i32 %0 to i64 %12 = and i64 %11, 63 %13 = lshr i64 %11, 6 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 92 %17 = load %struct.files_struct*, %struct.files_struct** %16, align 8 %18 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %17, i64 0, i32 3 %19 = load volatile %struct.fdtable*, %struct.fdtable** %18, align 32 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 3 %21 = load i64*, i64** %20, align 8 %22 = getelementptr i64, i64* %21, i64 %13 %23 = icmp eq i64 %12, 0 br i1 %23, label %48, label %24 %49 = phi i32 [ %96, %93 ], [ 0, %24 ], [ 0, %3 ] %50 = phi i64* [ %85, %93 ], [ %22, %24 ], [ %22, %3 ] %51 = phi i64 [ %86, %93 ], [ %13, %24 ], [ %13, %3 ] %52 = icmp eq i64 %51, 0 br i1 %52, label %97, label %53 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %55 = load i64*, i64** %54, align 8 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %59 = load i64*, i64** %58, align 8 %60 = icmp eq i32 %49, 0 br label %61 %62 = phi i64 [ %51, %53 ], [ %65, %75 ] %63 = phi i64* [ %50, %53 ], [ %64, %75 ] %64 = getelementptr i64, i64* %63, i64 -1 %65 = add i64 %62, -1 %66 = getelementptr i64, i64* %55, i64 %65 %67 = load i64, i64* %66, align 8 %68 = getelementptr i64, i64* %57, i64 %65 %69 = load i64, i64* %68, align 8 %70 = or i64 %69, %67 %71 = getelementptr i64, i64* %59, i64 %65 %72 = load i64, i64* %71, align 8 %73 = or i64 %70, %72 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %77 %78 = load i64, i64* %64, align 8 %79 = xor i64 %78, -1 %80 = and i64 %73, %79 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %97 br i1 %60, label %83, label %75 %76 = icmp eq i64 %65, 0 br i1 %76, label %97, label %61 %98 = phi i32 [ -9, %43 ], [ %49, %48 ], [ %49, %75 ], [ -9, %77 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %99 = icmp slt i32 %98, 0 br i1 %99, label %370, label %100 %101 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %102 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %102, align 8 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %105, align 4 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %109 = icmp eq %struct.cpu_itimer* %2, null br i1 %109, label %121, label %110 %111 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %112 = load i64, i64* %111, align 8 %113 = icmp eq i64 %112, 0 br i1 %113, label %114, label %119 %115 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %119 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 br label %121 %122 = phi i32 [ 0, %119 ], [ 1, %118 ], [ 0, %100 ] %123 = phi i64 [ %120, %119 ], [ 0, %118 ], [ 0, %100 ] %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 0, i32 0 %125 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %126 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %127 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %128 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %129 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %130 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %131 = icmp sgt i32 %98, 0 %132 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %133 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %134 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 1 br label %135 %136 = phi i32 [ 0, %330 ], [ %122, %121 ] %137 = phi i32 [ %307, %330 ], [ %10, %121 ] %138 = phi i64 [ %333, %330 ], [ 0, %121 ] %139 = phi i64* [ %144, %330 ], [ null, %121 ] %140 = icmp eq i64 %138, 0 br label %141 %142 = phi i32 [ %136, %135 ], [ %362, %361 ] %143 = phi i32 [ %137, %135 ], [ 0, %361 ] %144 = phi i64* [ %139, %135 ], [ %355, %361 ] br label %145 %146 = phi i32 [ 0, %337 ], [ %142, %141 ] %147 = phi i32 [ %307, %337 ], [ %143, %141 ] br i1 %131, label %148, label %305 %149 = load i64*, i64** %130, align 8 %150 = load i64*, i64** %129, align 8 %151 = load i64*, i64** %128, align 8 %152 = load i64*, i64** %127, align 8 %153 = load i64*, i64** %126, align 8 %154 = load i64*, i64** %125, align 8 br label %155 %156 = phi i8 [ %300, %296 ], [ 0, %148 ] %157 = phi i64* [ %170, %296 ], [ %152, %148 ] %158 = phi i64* [ %168, %296 ], [ %153, %148 ] %159 = phi i64* [ %166, %296 ], [ %154, %148 ] %160 = phi i64* [ %303, %296 ], [ %149, %148 ] %161 = phi i64* [ %302, %296 ], [ %150, %148 ] %162 = phi i64* [ %301, %296 ], [ %151, %148 ] %163 = phi i32 [ %299, %296 ], [ %147, %148 ] %164 = phi i32 [ %298, %296 ], [ 0, %148 ] %165 = phi i32 [ %297, %296 ], [ 0, %148 ] %166 = getelementptr i64, i64* %159, i64 1 %167 = load i64, i64* %159, align 8 %168 = getelementptr i64, i64* %158, i64 1 %169 = load i64, i64* %158, align 8 %170 = getelementptr i64, i64* %157, i64 1 %171 = load i64, i64* %157, align 8 %172 = or i64 %169, %167 %173 = or i64 %172, %171 %174 = icmp eq i64 %173, 0 br i1 %174, label %180, label %175 %176 = icmp slt i32 %98, %164 %177 = sub i32 %98, %164 %178 = select i1 %176, i32 0, i32 %177 %179 = zext i32 %178 to i64 br label %182 %183 = phi i64 [ %273, %267 ], [ 0, %175 ] %184 = phi i64 [ %272, %267 ], [ 0, %175 ] %185 = phi i64 [ %271, %267 ], [ 0, %175 ] %186 = phi i64 [ %274, %267 ], [ 0, %175 ] %187 = phi i64 [ %276, %267 ], [ 1, %175 ] %188 = phi i8 [ %270, %267 ], [ %156, %175 ] %189 = phi i32 [ %269, %267 ], [ %163, %175 ] %190 = phi i32 [ %275, %267 ], [ %164, %175 ] %191 = phi i32 [ %268, %267 ], [ %165, %175 ] %192 = icmp eq i64 %186, %179 br i1 %192, label %278, label %193 %194 = and i64 %187, %173 %195 = icmp eq i64 %194, 0 br i1 %195, label %267, label %196 %268 = phi i32 [ 0, %263 ], [ %256, %261 ], [ %191, %193 ] %269 = phi i32 [ %189, %263 ], [ 0, %261 ], [ %189, %193 ] %270 = phi i8 [ %266, %263 ], [ 0, %261 ], [ %188, %193 ] %271 = phi i64 [ %236, %263 ], [ %236, %261 ], [ %185, %193 ] %272 = phi i64 [ %246, %263 ], [ %246, %261 ], [ %184, %193 ] %273 = phi i64 [ %258, %263 ], [ %258, %261 ], [ %183, %193 ] %274 = add nuw nsw i64 %186, 1 %275 = add nsw i32 %190, 1 %276 = shl i64 %187, 1 %277 = icmp eq i64 %274, 64 br i1 %277, label %278, label %182 %279 = phi i32 [ %191, %182 ], [ %268, %267 ] %280 = phi i32 [ %190, %182 ], [ %275, %267 ] %281 = phi i32 [ %189, %182 ], [ %269, %267 ] %282 = phi i8 [ %188, %182 ], [ %270, %267 ] %283 = phi i64 [ %185, %182 ], [ %271, %267 ] %284 = phi i64 [ %184, %182 ], [ %272, %267 ] %285 = phi i64 [ %183, %182 ], [ %273, %267 ] %286 = icmp eq i64 %283, 0 br i1 %286, label %288, label %287 %289 = icmp eq i64 %284, 0 br i1 %289, label %291, label %290 %292 = icmp eq i64 %285, 0 br i1 %292, label %294, label %293 %295 = call i32 @__cond_resched() #78 br label %296 %297 = phi i32 [ %165, %180 ], [ %279, %294 ] %298 = phi i32 [ %181, %180 ], [ %280, %294 ] %299 = phi i32 [ %163, %180 ], [ %281, %294 ] %300 = phi i8 [ %156, %180 ], [ %282, %294 ] %301 = getelementptr i64, i64* %162, i64 1 %302 = getelementptr i64, i64* %161, i64 1 %303 = getelementptr i64, i64* %160, i64 1 %304 = icmp slt i32 %298, %98 br i1 %304, label %155, label %305 %306 = phi i32 [ 0, %145 ], [ %297, %296 ] %307 = phi i32 [ %147, %145 ], [ %299, %296 ] %308 = phi i8 [ 0, %145 ], [ %300, %296 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %309 = or i32 %306, %146 %310 = icmp eq i32 %309, 0 br i1 %310, label %311, label %368 %312 = load volatile i64, i64* %124, align 8 %313 = and i64 %312, 131072 %314 = icmp eq i64 %313, 0 br i1 %314, label %315, label %368, !prof !9, !misexpect !8 %316 = load volatile i64, i64* %124, align 8 %317 = and i64 %316, 4 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %368 %320 = load i32, i32* %105, align 4 %321 = icmp eq i32 %320, 0 br i1 %321, label %322, label %368 %323 = and i8 %308, 1 %324 = icmp eq i8 %323, 0 br i1 %324, label %344, label %325 %326 = load volatile i64, i64* %124, align 8 %327 = and i64 %326, 8 %328 = icmp eq i64 %327, 0 br i1 %328, label %329, label %344 %345 = icmp ne i64* %144, null %346 = or i1 %109, %345 br i1 %346, label %354, label %347 %355 = phi i64* [ %144, %344 ], [ %4, %347 ] %356 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %134, i32 1, i32* %134) #6, !srcloc !11 %357 = load i32, i32* %104, align 8 %358 = icmp eq i32 %357, 0 br i1 %358, label %363, label %359 %364 = call i32 @schedule_hrtimeout_range(i64* %355, i64 %123, i32 0) #78 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #78 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #78 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 schedule_hrtimeout_range_clock 1 schedule_hrtimeout_range 2 do_select 3 core_sys_select 4 __se_sys_select 5 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #78 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #78 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #78 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #78 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !7, !misexpect !8 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #78 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !7, !misexpect !8 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #78 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !7, !misexpect !8 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #78 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #79 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = sext i32 %0 to i64 %12 = and i64 %11, 63 %13 = lshr i64 %11, 6 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 92 %17 = load %struct.files_struct*, %struct.files_struct** %16, align 8 %18 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %17, i64 0, i32 3 %19 = load volatile %struct.fdtable*, %struct.fdtable** %18, align 32 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 3 %21 = load i64*, i64** %20, align 8 %22 = getelementptr i64, i64* %21, i64 %13 %23 = icmp eq i64 %12, 0 br i1 %23, label %48, label %24 %49 = phi i32 [ %96, %93 ], [ 0, %24 ], [ 0, %3 ] %50 = phi i64* [ %85, %93 ], [ %22, %24 ], [ %22, %3 ] %51 = phi i64 [ %86, %93 ], [ %13, %24 ], [ %13, %3 ] %52 = icmp eq i64 %51, 0 br i1 %52, label %97, label %53 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %55 = load i64*, i64** %54, align 8 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %59 = load i64*, i64** %58, align 8 %60 = icmp eq i32 %49, 0 br label %61 %62 = phi i64 [ %51, %53 ], [ %65, %75 ] %63 = phi i64* [ %50, %53 ], [ %64, %75 ] %64 = getelementptr i64, i64* %63, i64 -1 %65 = add i64 %62, -1 %66 = getelementptr i64, i64* %55, i64 %65 %67 = load i64, i64* %66, align 8 %68 = getelementptr i64, i64* %57, i64 %65 %69 = load i64, i64* %68, align 8 %70 = or i64 %69, %67 %71 = getelementptr i64, i64* %59, i64 %65 %72 = load i64, i64* %71, align 8 %73 = or i64 %70, %72 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %77 %78 = load i64, i64* %64, align 8 %79 = xor i64 %78, -1 %80 = and i64 %73, %79 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %97 br i1 %60, label %83, label %75 %76 = icmp eq i64 %65, 0 br i1 %76, label %97, label %61 %98 = phi i32 [ -9, %43 ], [ %49, %48 ], [ %49, %75 ], [ -9, %77 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %99 = icmp slt i32 %98, 0 br i1 %99, label %370, label %100 %101 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %102 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %102, align 8 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %105, align 4 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %109 = icmp eq %struct.cpu_itimer* %2, null br i1 %109, label %121, label %110 %111 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %112 = load i64, i64* %111, align 8 %113 = icmp eq i64 %112, 0 br i1 %113, label %114, label %119 %115 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %119 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 br label %121 %122 = phi i32 [ 0, %119 ], [ 1, %118 ], [ 0, %100 ] %123 = phi i64 [ %120, %119 ], [ 0, %118 ], [ 0, %100 ] %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 0, i32 0 %125 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %126 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %127 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %128 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %129 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %130 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %131 = icmp sgt i32 %98, 0 %132 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %133 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %134 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 1 br label %135 %136 = phi i32 [ 0, %330 ], [ %122, %121 ] %137 = phi i32 [ %307, %330 ], [ %10, %121 ] %138 = phi i64 [ %333, %330 ], [ 0, %121 ] %139 = phi i64* [ %144, %330 ], [ null, %121 ] %140 = icmp eq i64 %138, 0 br label %141 %142 = phi i32 [ %136, %135 ], [ %362, %361 ] %143 = phi i32 [ %137, %135 ], [ 0, %361 ] %144 = phi i64* [ %139, %135 ], [ %355, %361 ] br label %145 %146 = phi i32 [ 0, %337 ], [ %142, %141 ] %147 = phi i32 [ %307, %337 ], [ %143, %141 ] br i1 %131, label %148, label %305 %149 = load i64*, i64** %130, align 8 %150 = load i64*, i64** %129, align 8 %151 = load i64*, i64** %128, align 8 %152 = load i64*, i64** %127, align 8 %153 = load i64*, i64** %126, align 8 %154 = load i64*, i64** %125, align 8 br label %155 %156 = phi i8 [ %300, %296 ], [ 0, %148 ] %157 = phi i64* [ %170, %296 ], [ %152, %148 ] %158 = phi i64* [ %168, %296 ], [ %153, %148 ] %159 = phi i64* [ %166, %296 ], [ %154, %148 ] %160 = phi i64* [ %303, %296 ], [ %149, %148 ] %161 = phi i64* [ %302, %296 ], [ %150, %148 ] %162 = phi i64* [ %301, %296 ], [ %151, %148 ] %163 = phi i32 [ %299, %296 ], [ %147, %148 ] %164 = phi i32 [ %298, %296 ], [ 0, %148 ] %165 = phi i32 [ %297, %296 ], [ 0, %148 ] %166 = getelementptr i64, i64* %159, i64 1 %167 = load i64, i64* %159, align 8 %168 = getelementptr i64, i64* %158, i64 1 %169 = load i64, i64* %158, align 8 %170 = getelementptr i64, i64* %157, i64 1 %171 = load i64, i64* %157, align 8 %172 = or i64 %169, %167 %173 = or i64 %172, %171 %174 = icmp eq i64 %173, 0 br i1 %174, label %180, label %175 %176 = icmp slt i32 %98, %164 %177 = sub i32 %98, %164 %178 = select i1 %176, i32 0, i32 %177 %179 = zext i32 %178 to i64 br label %182 %183 = phi i64 [ %273, %267 ], [ 0, %175 ] %184 = phi i64 [ %272, %267 ], [ 0, %175 ] %185 = phi i64 [ %271, %267 ], [ 0, %175 ] %186 = phi i64 [ %274, %267 ], [ 0, %175 ] %187 = phi i64 [ %276, %267 ], [ 1, %175 ] %188 = phi i8 [ %270, %267 ], [ %156, %175 ] %189 = phi i32 [ %269, %267 ], [ %163, %175 ] %190 = phi i32 [ %275, %267 ], [ %164, %175 ] %191 = phi i32 [ %268, %267 ], [ %165, %175 ] %192 = icmp eq i64 %186, %179 br i1 %192, label %278, label %193 %194 = and i64 %187, %173 %195 = icmp eq i64 %194, 0 br i1 %195, label %267, label %196 %268 = phi i32 [ 0, %263 ], [ %256, %261 ], [ %191, %193 ] %269 = phi i32 [ %189, %263 ], [ 0, %261 ], [ %189, %193 ] %270 = phi i8 [ %266, %263 ], [ 0, %261 ], [ %188, %193 ] %271 = phi i64 [ %236, %263 ], [ %236, %261 ], [ %185, %193 ] %272 = phi i64 [ %246, %263 ], [ %246, %261 ], [ %184, %193 ] %273 = phi i64 [ %258, %263 ], [ %258, %261 ], [ %183, %193 ] %274 = add nuw nsw i64 %186, 1 %275 = add nsw i32 %190, 1 %276 = shl i64 %187, 1 %277 = icmp eq i64 %274, 64 br i1 %277, label %278, label %182 %279 = phi i32 [ %191, %182 ], [ %268, %267 ] %280 = phi i32 [ %190, %182 ], [ %275, %267 ] %281 = phi i32 [ %189, %182 ], [ %269, %267 ] %282 = phi i8 [ %188, %182 ], [ %270, %267 ] %283 = phi i64 [ %185, %182 ], [ %271, %267 ] %284 = phi i64 [ %184, %182 ], [ %272, %267 ] %285 = phi i64 [ %183, %182 ], [ %273, %267 ] %286 = icmp eq i64 %283, 0 br i1 %286, label %288, label %287 %289 = icmp eq i64 %284, 0 br i1 %289, label %291, label %290 %292 = icmp eq i64 %285, 0 br i1 %292, label %294, label %293 %295 = call i32 @__cond_resched() #78 br label %296 %297 = phi i32 [ %165, %180 ], [ %279, %294 ] %298 = phi i32 [ %181, %180 ], [ %280, %294 ] %299 = phi i32 [ %163, %180 ], [ %281, %294 ] %300 = phi i8 [ %156, %180 ], [ %282, %294 ] %301 = getelementptr i64, i64* %162, i64 1 %302 = getelementptr i64, i64* %161, i64 1 %303 = getelementptr i64, i64* %160, i64 1 %304 = icmp slt i32 %298, %98 br i1 %304, label %155, label %305 %306 = phi i32 [ 0, %145 ], [ %297, %296 ] %307 = phi i32 [ %147, %145 ], [ %299, %296 ] %308 = phi i8 [ 0, %145 ], [ %300, %296 ] store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* null, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %309 = or i32 %306, %146 %310 = icmp eq i32 %309, 0 br i1 %310, label %311, label %368 %312 = load volatile i64, i64* %124, align 8 %313 = and i64 %312, 131072 %314 = icmp eq i64 %313, 0 br i1 %314, label %315, label %368, !prof !9, !misexpect !8 %316 = load volatile i64, i64* %124, align 8 %317 = and i64 %316, 4 %318 = icmp eq i64 %317, 0 br i1 %318, label %319, label %368 %320 = load i32, i32* %105, align 4 %321 = icmp eq i32 %320, 0 br i1 %321, label %322, label %368 %323 = and i8 %308, 1 %324 = icmp eq i8 %323, 0 br i1 %324, label %344, label %325 %326 = load volatile i64, i64* %124, align 8 %327 = and i64 %326, 8 %328 = icmp eq i64 %327, 0 br i1 %328, label %329, label %344 %345 = icmp ne i64* %144, null %346 = or i1 %109, %345 br i1 %346, label %354, label %347 %355 = phi i64* [ %144, %344 ], [ %4, %347 ] %356 = call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %134, i32 1, i32* %134) #6, !srcloc !11 %357 = load i32, i32* %104, align 8 %358 = icmp eq i32 %357, 0 br i1 %358, label %363, label %359 %364 = call i32 @schedule_hrtimeout_range(i64* %355, i64 %123, i32 0) #78 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #78 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper, align 8 %6 = bitcast %struct.hrtimer_sleeper* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %15, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %16 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper* nonnull %5, i32 %3, i32 %2) #78 %17 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0 %18 = load i64, i64* %0, align 8 %19 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 1 store i64 %18, i64* %19, align 8 %20 = add i64 %18, %1 %21 = icmp slt i64 %20, 0 %22 = icmp slt i64 %20, %18 %23 = or i1 %21, %22 %24 = icmp slt i64 %20, %1 %25 = or i1 %24, %23 %26 = select i1 %25, i64 9223372036854775807, i64 %20 %27 = getelementptr inbounds %struct.hrtimer_sleeper, %struct.hrtimer_sleeper* %5, i64 0, i32 0, i32 0, i32 1 store i64 %26, i64* %27, align 8 %28 = sub i64 %26, %18 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %17, i64 %18, i64 %28, i32 %2) #78 ------------- Good: 1742 Bad: 28 Ignored: 1765 Check Use of Function:netlbl_calipso_genl_init Check Use of Function:dev_set_alias Check Use of Function:snd_hwdep_ioctl_compat Check Use of Function:replace_mm_exe_file Check Use of Function:ext4_mark_recovery_complete Check Use of Function:rhashtable_destroy Check Use of Function:request_threaded_irq Check Use of Function:dma_buf_ioctl Check Use of Function:ext4_xattr_block_find Check Use of Function:__getblk_gfp Check Use of Function:drm_modeset_drop_locks Check Use of Function:dm_ctl_ioctl Use: =BAD PATH= Call Stack: 0 dm_compat_ctl_ioctl ------------- Path:  Function:dm_compat_ctl_ioctl %4 = and i64 %2, 4294967295 %5 = tail call i64 @dm_ctl_ioctl(%struct.file.296258* %0, i32 %1, i64 %4) #78 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:swsusp_swap_in_use Check Use of Function:nv_stop_rxtx Check Use of Function:ptep_clear_flush Check Use of Function:local_bh_enable.71943 Check Use of Function:unregister_netdevice_queue Check Use of Function:ieee80211_remove_interfaces Check Use of Function:e1000_power_up_phy Check Use of Function:ext4_orphan_del Check Use of Function:fat_dir_ioctl Check Use of Function:tty_ioctl Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %15 = and i64 %2, 4294967295 %16 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %15 = and i64 %2, 4294967295 %16 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %15) #78 ------------- Good: 3 Bad: 4 Ignored: 6 Check Use of Function:ieee80211_setup_sdata Check Use of Function:proc_misc_d_revalidate Check Use of Function:thermal_zone_device_critical Check Use of Function:mpage_map_one_extent Check Use of Function:__detach_mounts Check Use of Function:signal_wake_up_state Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #78 store i32 0, i32* %2, align 16 tail call void bitcast (void (%struct.task_struct.51970*, i64)* @task_clear_jobctl_pending to void (%struct.task_struct*, i64)*)(%struct.task_struct* %0, i64 1572864) #78 tail call void bitcast (void (%struct.task_struct.51970*)* @task_clear_jobctl_trapping to void (%struct.task_struct*)*)(%struct.task_struct* %0) #78 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void bitcast (void (%struct.task_struct.51970*, i32)* @signal_wake_up_state to void (%struct.task_struct*, i32)*)(%struct.task_struct* %0, i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #78 store i32 0, i32* %2, align 16 tail call void bitcast (void (%struct.task_struct.51970*, i64)* @task_clear_jobctl_pending to void (%struct.task_struct*, i64)*)(%struct.task_struct* %0, i64 1572864) #78 tail call void bitcast (void (%struct.task_struct.51970*)* @task_clear_jobctl_trapping to void (%struct.task_struct*)*)(%struct.task_struct* %0) #78 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void bitcast (void (%struct.task_struct.51970*, i32)* @signal_wake_up_state to void (%struct.task_struct*, i32)*)(%struct.task_struct* %0, i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #78 store i32 0, i32* %2, align 16 tail call void bitcast (void (%struct.task_struct.51970*, i64)* @task_clear_jobctl_pending to void (%struct.task_struct*, i64)*)(%struct.task_struct* %0, i64 1572864) #78 tail call void bitcast (void (%struct.task_struct.51970*)* @task_clear_jobctl_trapping to void (%struct.task_struct*)*)(%struct.task_struct* %0) #78 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void bitcast (void (%struct.task_struct.51970*, i32)* @signal_wake_up_state to void (%struct.task_struct*, i32)*)(%struct.task_struct* %0, i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #78 store i32 0, i32* %2, align 16 tail call void bitcast (void (%struct.task_struct.51970*, i64)* @task_clear_jobctl_pending to void (%struct.task_struct*, i64)*)(%struct.task_struct* %0, i64 1572864) #78 tail call void bitcast (void (%struct.task_struct.51970*)* @task_clear_jobctl_trapping to void (%struct.task_struct*)*)(%struct.task_struct* %0) #78 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void bitcast (void (%struct.task_struct.51970*, i32)* @signal_wake_up_state to void (%struct.task_struct*, i32)*)(%struct.task_struct* %0, i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #78 store i32 0, i32* %2, align 16 tail call void bitcast (void (%struct.task_struct.51970*, i64)* @task_clear_jobctl_pending to void (%struct.task_struct*, i64)*)(%struct.task_struct* %0, i64 1572864) #78 tail call void bitcast (void (%struct.task_struct.51970*)* @task_clear_jobctl_trapping to void (%struct.task_struct*)*)(%struct.task_struct* %0) #78 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void bitcast (void (%struct.task_struct.51970*, i32)* @signal_wake_up_state to void (%struct.task_struct*, i32)*)(%struct.task_struct* %0, i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_compat_sys_waitid 5 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #78 store i32 0, i32* %2, align 16 tail call void bitcast (void (%struct.task_struct.51970*, i64)* @task_clear_jobctl_pending to void (%struct.task_struct*, i64)*)(%struct.task_struct* %0, i64 1572864) #78 tail call void bitcast (void (%struct.task_struct.51970*)* @task_clear_jobctl_trapping to void (%struct.task_struct*)*)(%struct.task_struct* %0) #78 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void bitcast (void (%struct.task_struct.51970*, i32)* @signal_wake_up_state to void (%struct.task_struct*, i32)*)(%struct.task_struct* %0, i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #78 store i32 0, i32* %2, align 16 tail call void bitcast (void (%struct.task_struct.51970*, i64)* @task_clear_jobctl_pending to void (%struct.task_struct*, i64)*)(%struct.task_struct* %0, i64 1572864) #78 tail call void bitcast (void (%struct.task_struct.51970*)* @task_clear_jobctl_trapping to void (%struct.task_struct*)*)(%struct.task_struct* %0) #78 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void bitcast (void (%struct.task_struct.51970*, i32)* @signal_wake_up_state to void (%struct.task_struct*, i32)*)(%struct.task_struct* %0, i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 96 %32 = load %struct.sighand_struct*, %struct.sighand_struct** %31, align 8 %33 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %32, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %33) #78 store i32 0, i32* %2, align 16 tail call void bitcast (void (%struct.task_struct.51970*, i64)* @task_clear_jobctl_pending to void (%struct.task_struct*, i64)*)(%struct.task_struct* %0, i64 1572864) #78 tail call void bitcast (void (%struct.task_struct.51970*)* @task_clear_jobctl_trapping to void (%struct.task_struct*)*)(%struct.task_struct* %0) #78 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 4 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %57 %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %40 = load %struct.signal_struct*, %struct.signal_struct** %39, align 32 %41 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 12 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %49 %46 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %40, i64 0, i32 11 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %51 = load i64, i64* %50, align 32 %52 = or i64 %51, 131072 store i64 %52, i64* %50, align 32 %53 = and i64 %51, 65535 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %57 %58 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 46 %59 = load i64, i64* %58, align 32 %60 = and i64 %59, 131072 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %64 = load volatile i32, i32* %63, align 8 %65 = and i32 %64, 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 tail call void bitcast (void (%struct.task_struct.51970*, i32)* @signal_wake_up_state to void (%struct.task_struct*, i32)*)(%struct.task_struct* %0, i32 8) #78 ------------- Good: 17 Bad: 8 Ignored: 38 Check Use of Function:drm_dev_get Check Use of Function:tg3_phy_start Check Use of Function:__ieee80211_unschedule_txq Check Use of Function:copy_string_kernel Use: =BAD PATH= Call Stack: 0 load_misc_binary ------------- Path:  Function:load_misc_binary %2 = load i1, i1* @enabled, align 4 br i1 %2, label %198, label %3 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @entries_lock) #78 %4 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 15 %5 = load i8*, i8** %4, align 8 %6 = tail call i8* @strrchr(i8* %5, i32 46) #78 %7 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @entries, i64 0, i32 0), align 8 %8 = icmp eq %struct.list_head* %7, @entries br i1 %8, label %109, label %9 %10 = icmp eq i8* %6, null %11 = getelementptr i8, i8* %6, i64 1 br label %12 %13 = phi %struct.list_head* [ %7, %9 ], [ %91, %89 ] %14 = bitcast %struct.list_head* %13 to %struct.Node* %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 1 %16 = bitcast %struct.list_head* %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 1 %19 = icmp eq i64 %18, 0 br i1 %19, label %89, label %20 %21 = load volatile i64, i64* %16, align 8 %22 = and i64 %21, 2 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %31 br i1 %10, label %89, label %25 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 2 %27 = bitcast %struct.list_head* %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = tail call i32 @strcmp(i8* %28, i8* %11) #78 %30 = icmp eq i32 %29, 0 br i1 %30, label %93, label %89 %94 = bitcast %struct.list_head* %15 to i64* %95 = icmp eq %struct.list_head* %13, null br i1 %95, label %109, label %96 %97 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 4 %98 = bitcast %struct.list_head* %97 to %struct.dentry** %99 = load %struct.dentry*, %struct.dentry** %98, align 8 %100 = icmp eq %struct.dentry* %99, null br i1 %100, label %103, label %101 %104 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @entries_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @entries_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %105 = getelementptr inbounds %struct.linux_binprm, %struct.linux_binprm* %0, i64 0, i32 17 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 4 %108 = icmp eq i32 %107, 0 br i1 %108, label %111, label %195 %112 = load i64, i64* %94, align 8 %113 = trunc i64 %112 to i32 %114 = icmp sgt i32 %113, -1 br i1 %114, label %117, label %115 %118 = tail call i32 @remove_arg_zero(%struct.linux_binprm* %0) #78 %119 = icmp eq i32 %118, 0 br i1 %119, label %120, label %195 %121 = load i64, i64* %94, align 8 %122 = and i64 %121, 1073741824 %123 = icmp eq i64 %122, 0 br i1 %123, label %128, label %124 %129 = load i8*, i8** %4, align 8 %130 = tail call i32 @copy_string_kernel(i8* %129, %struct.linux_binprm* %0) #78 ------------- Good: 9 Bad: 1 Ignored: 2 Check Use of Function:ext4_xattr_inode_update_ref Check Use of Function:shmem_rename2 Check Use of Function:drm_lease_held Check Use of Function:ext4_handle_dirty_dx_node Check Use of Function:drm_primary_helper_disable Check Use of Function:drm_connector_set_obj_prop Check Use of Function:fifo_init Check Use of Function:vfs_fchown Check Use of Function:__mnt_want_write Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_readonly_mmap ------------- Path:  Function:generic_file_readonly_mmap %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 40 %6 = icmp eq i64 %5, 40 br i1 %6, label %24, label %7 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 9 %11 = load %struct.address_space_operations*, %struct.address_space_operations** %10, align 8 %12 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %11, i64 0, i32 1 %13 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %12, align 8 %14 = icmp eq i32 (%struct.file*, %struct.page*)* %13, null br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 262144 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %21) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #78 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #79 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter 2 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %4 = load %struct.file.294911*, %struct.file.294911** %3, align 8 %5 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %4, i64 0, i32 18 %6 = load %struct.address_space.294992*, %struct.address_space.294992** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %6, i64 0, i32 0 %8 = load %struct.inode.294985*, %struct.inode.294985** %7, align 8 %9 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #78 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #79 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap ------------- Path:  Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap 2 nfs_file_mmap ------------- Path:  Function:nfs_file_mmap %3 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 2 %4 = load %struct.inode.215256*, %struct.inode.215256** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, %struct.vm_area_struct*)* @generic_file_mmap to i32 (%struct.file.215264*, %struct.vm_area_struct.215280*)*)(%struct.file.215264* %0, %struct.vm_area_struct.215280* %1) #78 Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_mmap ------------- Path:  Function:shmem_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 6, i32 4, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.shmem_inode_info* %7 = getelementptr inbounds %struct.shmem_inode_info, %struct.shmem_inode_info* %6, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 16 %10 = icmp eq i32 %9, 0 br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 8 %15 = icmp eq i64 %14, 0 %16 = and i64 %13, 10 %17 = icmp eq i64 %16, 10 %18 = or i1 %17, %15 br i1 %18, label %21, label %19 br i1 %17, label %31, label %22 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 262144 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %28) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ 0, %23 ], [ %100, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ %16, %23 ], [ %103, %124 ] %32 = icmp ne i64 %31, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %31, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #78 switch i32 %40, label %129 [ i32 0, label %41 i32 -22, label %134 ] %135 = phi i64 [ %31, %70 ], [ %31, %56 ], [ %31, %55 ], [ %16, %2 ], [ %130, %129 ], [ %31, %36 ] %136 = phi i64 [ %30, %70 ], [ %30, %56 ], [ %30, %55 ], [ %17, %2 ], [ %131, %129 ], [ %30, %36 ] %137 = phi i32 [ 0, %70 ], [ 0, %56 ], [ 0, %55 ], [ 0, %2 ], [ %132, %129 ], [ 0, %36 ] %138 = phi i64 [ %29, %70 ], [ %29, %56 ], [ %29, %55 ], [ 0, %2 ], [ %133, %129 ], [ %29, %36 ] %139 = shl i64 %135, 12 %140 = add i64 %139, %136 store i64 %140, i64* %10, align 8 %141 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 7 %142 = load i32, i32* %141, align 8 %143 = and i32 %142, 262144 %144 = icmp eq i32 %143, 0 br i1 %144, label %145, label %147 %146 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %146) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 1 call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path.154739*)*)(%struct.path.154739* %91) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 1 call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path.154739*)*)(%struct.path.154739* %91) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read 2 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*, i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.155109*, i64*, %struct.pipe_inode_info.155195*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273585*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*)(%struct.file.273585* %0, i64* %1, %struct.pipe_inode_info.273524* %2, i64 %3, i32 %4) #78 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 1 call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path.154739*)*)(%struct.path.154739* %91) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Good: 34 Bad: 10 Ignored: 64 Check Use of Function:nfs_rmdir Check Use of Function:codel_dequeue_func Check Use of Function:sta_info_insert Check Use of Function:dec_rlimit_ucounts Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.49224* %2) #78 Function:release_task br label %2 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 %15 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br label %19 %20 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 63 %27 = load %struct.pid.48786*, %struct.pid.48786** %26, align 32 %28 = icmp eq %struct.pid.48786* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %42 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #78 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 10 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %61) #78 br label %63 %64 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 5 %65 = load %struct.task_struct.49224*, %struct.task_struct.49224** %64, align 8 %66 = icmp eq %struct.task_struct.49224* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.49224** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.49184* [ %51, %49 ], [ null, %67 ], [ null, %63 ] %74 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i64 8) #78 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #78 %81 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %84 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 0) #78 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 1) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 2) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 3) #78 %170 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store volatile %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !13 br label %183 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %200 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #78 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #78 %202 = bitcast %struct.task_struct.49224* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !17 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 60 %207 = load %struct.task_struct.49224*, %struct.task_struct.49224** %206, align 8 %208 = icmp eq %struct.task_struct.49224* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 tail call void bitcast (void (%struct.task_struct.103284*)* @seccomp_filter_release to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 tail call void bitcast (void (%struct.pid.177248*)* @proc_flush_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.task_struct.12423*)* @release_thread to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 %225 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !21 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.49224* %2) #78 Function:release_task br label %2 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 %15 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br label %19 %20 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 63 %27 = load %struct.pid.48786*, %struct.pid.48786** %26, align 32 %28 = icmp eq %struct.pid.48786* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %42 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #78 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 10 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %61) #78 br label %63 %64 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 5 %65 = load %struct.task_struct.49224*, %struct.task_struct.49224** %64, align 8 %66 = icmp eq %struct.task_struct.49224* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.49224** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.49184* [ %51, %49 ], [ null, %67 ], [ null, %63 ] %74 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i64 8) #78 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #78 %81 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %84 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 0) #78 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 1) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 2) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 3) #78 %170 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store volatile %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !13 br label %183 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %200 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #78 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #78 %202 = bitcast %struct.task_struct.49224* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !17 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 60 %207 = load %struct.task_struct.49224*, %struct.task_struct.49224** %206, align 8 %208 = icmp eq %struct.task_struct.49224* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 tail call void bitcast (void (%struct.task_struct.103284*)* @seccomp_filter_release to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 tail call void bitcast (void (%struct.pid.177248*)* @proc_flush_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.task_struct.12423*)* @release_thread to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 %225 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !21 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.49224* %2) #78 Function:release_task br label %2 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 %15 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br label %19 %20 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 63 %27 = load %struct.pid.48786*, %struct.pid.48786** %26, align 32 %28 = icmp eq %struct.pid.48786* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %42 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #78 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 10 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %61) #78 br label %63 %64 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 5 %65 = load %struct.task_struct.49224*, %struct.task_struct.49224** %64, align 8 %66 = icmp eq %struct.task_struct.49224* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.49224** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.49184* [ %51, %49 ], [ null, %67 ], [ null, %63 ] %74 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i64 8) #78 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #78 %81 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %84 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 0) #78 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 1) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 2) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 3) #78 %170 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store volatile %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !13 br label %183 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %200 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #78 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #78 %202 = bitcast %struct.task_struct.49224* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !17 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 60 %207 = load %struct.task_struct.49224*, %struct.task_struct.49224** %206, align 8 %208 = icmp eq %struct.task_struct.49224* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 tail call void bitcast (void (%struct.task_struct.103284*)* @seccomp_filter_release to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 tail call void bitcast (void (%struct.pid.177248*)* @proc_flush_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.task_struct.12423*)* @release_thread to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 %225 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !21 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.49224* %2) #78 Function:release_task br label %2 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 %15 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br label %19 %20 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 63 %27 = load %struct.pid.48786*, %struct.pid.48786** %26, align 32 %28 = icmp eq %struct.pid.48786* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %42 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #78 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 10 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %61) #78 br label %63 %64 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 5 %65 = load %struct.task_struct.49224*, %struct.task_struct.49224** %64, align 8 %66 = icmp eq %struct.task_struct.49224* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.49224** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.49184* [ %51, %49 ], [ null, %67 ], [ null, %63 ] %74 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i64 8) #78 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #78 %81 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %84 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 0) #78 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 1) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 2) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 3) #78 %170 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store volatile %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !13 br label %183 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %200 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #78 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #78 %202 = bitcast %struct.task_struct.49224* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !17 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 60 %207 = load %struct.task_struct.49224*, %struct.task_struct.49224** %206, align 8 %208 = icmp eq %struct.task_struct.49224* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 tail call void bitcast (void (%struct.task_struct.103284*)* @seccomp_filter_release to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 tail call void bitcast (void (%struct.pid.177248*)* @proc_flush_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.task_struct.12423*)* @release_thread to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 %225 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !21 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.49224* %2) #78 Function:release_task br label %2 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 %15 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br label %19 %20 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 63 %27 = load %struct.pid.48786*, %struct.pid.48786** %26, align 32 %28 = icmp eq %struct.pid.48786* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %42 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #78 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 10 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %61) #78 br label %63 %64 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 5 %65 = load %struct.task_struct.49224*, %struct.task_struct.49224** %64, align 8 %66 = icmp eq %struct.task_struct.49224* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.49224** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.49184* [ %51, %49 ], [ null, %67 ], [ null, %63 ] %74 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i64 8) #78 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #78 %81 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %84 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 0) #78 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 1) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 2) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 3) #78 %170 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store volatile %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !13 br label %183 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %200 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #78 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #78 %202 = bitcast %struct.task_struct.49224* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !17 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 60 %207 = load %struct.task_struct.49224*, %struct.task_struct.49224** %206, align 8 %208 = icmp eq %struct.task_struct.49224* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 tail call void bitcast (void (%struct.task_struct.103284*)* @seccomp_filter_release to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 tail call void bitcast (void (%struct.pid.177248*)* @proc_flush_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.task_struct.12423*)* @release_thread to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 %225 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !21 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_compat_sys_waitid 5 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.49224* %2) #78 Function:release_task br label %2 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 %15 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br label %19 %20 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 63 %27 = load %struct.pid.48786*, %struct.pid.48786** %26, align 32 %28 = icmp eq %struct.pid.48786* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %42 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #78 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 10 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %61) #78 br label %63 %64 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 5 %65 = load %struct.task_struct.49224*, %struct.task_struct.49224** %64, align 8 %66 = icmp eq %struct.task_struct.49224* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.49224** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.49184* [ %51, %49 ], [ null, %67 ], [ null, %63 ] %74 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i64 8) #78 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #78 %81 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %84 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 0) #78 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 1) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 2) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 3) #78 %170 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store volatile %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !13 br label %183 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %200 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #78 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #78 %202 = bitcast %struct.task_struct.49224* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !17 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 60 %207 = load %struct.task_struct.49224*, %struct.task_struct.49224** %206, align 8 %208 = icmp eq %struct.task_struct.49224* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 tail call void bitcast (void (%struct.task_struct.103284*)* @seccomp_filter_release to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 tail call void bitcast (void (%struct.pid.177248*)* @proc_flush_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.task_struct.12423*)* @release_thread to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 %225 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !21 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.49224* %2) #78 Function:release_task br label %2 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 %15 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br label %19 %20 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 63 %27 = load %struct.pid.48786*, %struct.pid.48786** %26, align 32 %28 = icmp eq %struct.pid.48786* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %42 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #78 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 10 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %61) #78 br label %63 %64 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 5 %65 = load %struct.task_struct.49224*, %struct.task_struct.49224** %64, align 8 %66 = icmp eq %struct.task_struct.49224* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.49224** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.49184* [ %51, %49 ], [ null, %67 ], [ null, %63 ] %74 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i64 8) #78 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #78 %81 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %84 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 0) #78 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 1) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 2) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 3) #78 %170 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store volatile %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !13 br label %183 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %200 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #78 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #78 %202 = bitcast %struct.task_struct.49224* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !17 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 60 %207 = load %struct.task_struct.49224*, %struct.task_struct.49224** %206, align 8 %208 = icmp eq %struct.task_struct.49224* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 tail call void bitcast (void (%struct.task_struct.103284*)* @seccomp_filter_release to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 tail call void bitcast (void (%struct.pid.177248*)* @proc_flush_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.task_struct.12423*)* @release_thread to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 %225 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !21 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 release_task 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 %359 = select i1 %358, i32 16, i32 32 store i32 %359, i32* %6, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 br label %360 %361 = phi i32 [ %359, %356 ], [ %146, %339 ] %362 = icmp eq i32 %361, 16 br i1 %362, label %363, label %364 call void @release_task(%struct.task_struct.49224* %2) #78 Function:release_task br label %2 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 %15 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 5 %16 = load i32, i32* %15, align 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %19, label %18, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br label %19 %20 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 62 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %25, label %24, !prof !6, !misexpect !7 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 63 %27 = load %struct.pid.48786*, %struct.pid.48786** %26, align 32 %28 = icmp eq %struct.pid.48786* %27, null br i1 %28, label %40, label %29 %41 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %42 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %41, align 32 %43 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 44 %44 = load i32, i32* %43, align 4 %45 = icmp sgt i32 %44, -1 %46 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %47 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %46, align 8 %48 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %47, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %48) #78 tail call void bitcast (void (%struct.task_struct*)* @posix_cpu_timers_exit to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 br i1 %45, label %49, label %52 %53 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 9 %54 = load i32, i32* %53, align 4 %55 = icmp sgt i32 %54, 0 br i1 %55, label %56, label %63 %57 = add nsw i32 %54, -1 store i32 %57, i32* %53, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %63 %60 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 10 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 8 %62 = tail call i32 bitcast (i32 (%struct.task_struct*)* @wake_up_process to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %61) #78 br label %63 %64 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 5 %65 = load %struct.task_struct.49224*, %struct.task_struct.49224** %64, align 8 %66 = icmp eq %struct.task_struct.49224* %65, %3 br i1 %66, label %67, label %72 %68 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %69 = load volatile %struct.list_head*, %struct.list_head** %68, align 8 %70 = getelementptr %struct.list_head, %struct.list_head* %69, i64 -91, i32 1 %71 = bitcast %struct.task_struct.49224** %64 to %struct.list_head*** store %struct.list_head** %70, %struct.list_head*** %71, align 8 br label %72 %73 = phi %struct.tty_struct.49184* [ %51, %49 ], [ null, %67 ], [ null, %63 ] %74 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 21, i32 5 %75 = bitcast i64* %74 to i8* tail call void @add_device_randomness(i8* %75, i64 8) #78 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 71 %77 = load i64, i64* %76, align 8 %78 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 72 %79 = load i64, i64* %78, align 16 %80 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %80) #78 %81 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 0, i32 0, i32 0 %82 = load i32, i32* %81, align 4 %83 = add i32 %82, 1 store i32 %83, i32* %81, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %84 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 26 %85 = load i64, i64* %84, align 8 %86 = add i64 %85, %77 store i64 %86, i64* %84, align 8 %87 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 27 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %79 store i64 %89, i64* %87, align 8 %90 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 73 %91 = load i64, i64* %90, align 8 %92 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 30 %93 = load i64, i64* %92, align 8 %94 = add i64 %93, %91 store i64 %94, i64* %92, align 8 %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 79 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 37 %98 = load i64, i64* %97, align 8 %99 = add i64 %98, %96 store i64 %99, i64* %97, align 8 %100 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 80 %101 = load i64, i64* %100, align 64 %102 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 38 %103 = load i64, i64* %102, align 8 %104 = add i64 %103, %101 store i64 %104, i64* %102, align 8 %105 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 75 %106 = load i64, i64* %105, align 8 %107 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 33 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, %106 store i64 %109, i64* %107, align 8 %110 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 76 %111 = load i64, i64* %110, align 32 %112 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 34 %113 = load i64, i64* %112, align 8 %114 = add i64 %113, %111 store i64 %114, i64* %112, align 8 %115 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 4 %116 = load i64, i64* %115, align 8 %117 = lshr i64 %116, 9 %118 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 41 %119 = load i64, i64* %118, align 8 %120 = add i64 %119, %117 store i64 %120, i64* %118, align 8 %121 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 5 %122 = load i64, i64* %121, align 8 %123 = lshr i64 %122, 9 %124 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 42 %125 = load i64, i64* %124, align 8 %126 = add i64 %125, %123 store i64 %126, i64* %124, align 8 %127 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 0 %128 = load i64, i64* %127, align 8 %129 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 0 %130 = load i64, i64* %129, align 8 %131 = add i64 %130, %128 store i64 %131, i64* %129, align 8 %132 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 1 %133 = load i64, i64* %132, align 8 %134 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 1 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %133 store i64 %136, i64* %134, align 8 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 2 %138 = load i64, i64* %137, align 8 %139 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 2 %140 = load i64, i64* %139, align 8 %141 = add i64 %140, %138 store i64 %141, i64* %139, align 8 %142 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 3 %143 = load i64, i64* %142, align 8 %144 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 3 %145 = load i64, i64* %144, align 8 %146 = add i64 %145, %143 store i64 %146, i64* %144, align 8 %147 = load i64, i64* %115, align 8 %148 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 4 %149 = load i64, i64* %148, align 8 %150 = add i64 %149, %147 store i64 %150, i64* %148, align 8 %151 = load i64, i64* %121, align 8 %152 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 5 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %151 store i64 %154, i64* %152, align 8 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 127, i32 6 %156 = load i64, i64* %155, align 8 %157 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 47, i32 6 %158 = load i64, i64* %157, align 8 %159 = add i64 %158, %156 store i64 %159, i64* %157, align 8 %160 = load i64, i64* %74, align 8 %161 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 48 %162 = load i64, i64* %161, align 8 %163 = add i64 %162, %160 store i64 %163, i64* %161, align 8 %164 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 2 %165 = load i32, i32* %164, align 8 %166 = add i32 %165, -1 store i32 %166, i32* %164, align 8 %167 = load i32, i32* @nr_threads, align 4 %168 = add i32 %167, -1 store i32 %168, i32* @nr_threads, align 4 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 0) #78 br i1 %45, label %169, label %183 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 1) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 2) #78 tail call void bitcast (void (%struct.task_struct*, i32)* @detach_pid to void (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %3, i32 3) #78 %170 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 1 %171 = load %struct.list_head*, %struct.list_head** %170, align 8 %172 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 35, i32 0 %173 = load %struct.list_head*, %struct.list_head** %172, align 8 %174 = getelementptr inbounds %struct.list_head, %struct.list_head* %173, i64 0, i32 1 store %struct.list_head* %171, %struct.list_head** %174, align 8 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %171, i64 0, i32 0 store volatile %struct.list_head* %173, %struct.list_head** %175, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %170, align 8 %176 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59 %177 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 59, i32 1 %178 = load %struct.list_head*, %struct.list_head** %177, align 8 %179 = getelementptr inbounds %struct.list_head, %struct.list_head* %176, i64 0, i32 0 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = getelementptr inbounds %struct.list_head, %struct.list_head* %180, i64 0, i32 1 store %struct.list_head* %178, %struct.list_head** %181, align 8 %182 = getelementptr inbounds %struct.list_head, %struct.list_head* %178, i64 0, i32 0 store volatile %struct.list_head* %180, %struct.list_head** %182, align 8 store volatile %struct.list_head* %176, %struct.list_head** %179, align 8 store volatile %struct.list_head* %176, %struct.list_head** %177, align 8 tail call void asm "decq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @process_counts, i64* nonnull @process_counts) #6, !srcloc !13 br label %183 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 1 %185 = load %struct.list_head*, %struct.list_head** %184, align 8 %186 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65, i32 0 %187 = load %struct.list_head*, %struct.list_head** %186, align 8 %188 = getelementptr inbounds %struct.list_head, %struct.list_head* %187, i64 0, i32 1 store %struct.list_head* %185, %struct.list_head** %188, align 8 %189 = getelementptr inbounds %struct.list_head, %struct.list_head* %185, i64 0, i32 0 store volatile %struct.list_head* %187, %struct.list_head** %189, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %184, align 8 %190 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 1 %191 = load %struct.list_head*, %struct.list_head** %190, align 8 %192 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 66, i32 0 %193 = load %struct.list_head*, %struct.list_head** %192, align 8 %194 = getelementptr inbounds %struct.list_head, %struct.list_head* %193, i64 0, i32 1 store %struct.list_head* %191, %struct.list_head** %194, align 8 %195 = getelementptr inbounds %struct.list_head, %struct.list_head* %191, i64 0, i32 0 store volatile %struct.list_head* %193, %struct.list_head** %195, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %190, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %196 = load i32, i32* %81, align 4 %197 = add i32 %196, 1 store i32 %197, i32* %81, align 4 %198 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %42, i64 0, i32 25, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %199 = bitcast %struct.spinlock* %198 to i8* store volatile i8 0, i8* %199, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %200 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 100 tail call void @flush_sigqueue(%struct.sigpending* %200) #78 store %struct.sighand_struct* null, %struct.sighand_struct** %46, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %201 = bitcast %struct.sighand_struct* %47 to i8* store volatile i8 0, i8* %201, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 tail call void @__cleanup_sighand(%struct.sighand_struct* %47) #78 %202 = bitcast %struct.task_struct.49224* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %202, i32 -5, i8* %202) #6, !srcloc !17 br i1 %45, label %203, label %205 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 60 %207 = load %struct.task_struct.49224*, %struct.task_struct.49224** %206, align 8 %208 = icmp eq %struct.task_struct.49224* %207, %3 br i1 %208, label %223, label %209 %210 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %207, i64 0, i32 65 %211 = getelementptr inbounds %struct.list_head, %struct.list_head* %210, i64 0, i32 0 %212 = load volatile %struct.list_head*, %struct.list_head** %211, align 8 %213 = icmp eq %struct.list_head* %212, %210 br i1 %213, label %214, label %223 %224 = phi i1 [ true, %209 ], [ true, %205 ], [ true, %218 ], [ false, %222 ], [ true, %214 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 tail call void bitcast (void (%struct.task_struct.103284*)* @seccomp_filter_release to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 tail call void bitcast (void (%struct.pid.177248*)* @proc_flush_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.pid*)* @put_pid to void (%struct.pid.48786*)*)(%struct.pid.48786* %27) #78 tail call void bitcast (void (%struct.task_struct.12423*)* @release_thread to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 %225 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 153 %226 = bitcast %union.anon.46* %225 to %struct.seqcount_spinlock* %227 = bitcast %union.anon.46* %225 to i32* %228 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %227, i32 -1, i32* %227) #6, !srcloc !21 %229 = icmp eq i32 %228, 1 br i1 %229, label %235, label %230 %231 = add i32 %228, -1 %232 = or i32 %231, %228 %233 = icmp sgt i32 %232, -1 br i1 %233, label %237, label %234, !prof !6, !misexpect !7 br i1 %224, label %238, label %2, !prof !6, !misexpect !7 %3 = phi %struct.task_struct.49224* [ %0, %1 ], [ %207, %237 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 84 %5 = load volatile %struct.cred*, %struct.cred** %4, align 8 %6 = getelementptr inbounds %struct.cred, %struct.cred* %5, i64 0, i32 23 %7 = load %struct.ucounts*, %struct.ucounts** %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %8 = tail call zeroext i1 @dec_rlimit_ucounts(%struct.ucounts* %7, i32 10, i64 1) #78 ------------- Good: 45 Bad: 8 Ignored: 24 Check Use of Function:crypto_shash_update Check Use of Function:ata_cmd_ioctl Check Use of Function:drm_atomic_get_plane_state Check Use of Function:kernfs_iop_rename Check Use of Function:mon_bin_compat_ioctl Check Use of Function:___ieee80211_stop_tx_ba_session Check Use of Function:drm_get_mode_status_name Check Use of Function:vfat_unlink Check Use of Function:scsi_try_bus_reset Check Use of Function:kernfs_iop_lookup Check Use of Function:__cpuhp_setup_state Check Use of Function:pci_disable_device Check Use of Function:__ext4_journal_get_write_access Check Use of Function:hex_to_bin Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 zeroext %115) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 zeroext %115) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 zeroext %115) #78 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 zeroext %132) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 zeroext %115) #78 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 zeroext %132) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 zeroext %115) #78 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 zeroext %132) #78 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 zeroext %149) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 zeroext %115) #78 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 zeroext %132) #78 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 zeroext %149) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 flow_limit_cpu_sysctl ------------- Path:  Function:flow_limit_cpu_sysctl %6 = alloca [1 x %struct.cpumask], align 8 %7 = alloca [128 x i8], align 16 %8 = bitcast [1 x %struct.cpumask]* %6 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %6, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = icmp eq i32 %1, 0 br i1 %10, label %58, label %11 %12 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %9, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 zeroext %115) #78 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 zeroext %132) #78 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 zeroext %149) #78 %160 = icmp slt i32 %159, 0 br i1 %160, label %183, label %161 %162 = shl i32 %159, 28 %163 = or i32 %162, %146 %164 = icmp ult i8* %158, %0 br i1 %164, label %178, label %165 %166 = load i8, i8* %158, align 1 %167 = zext i8 %166 to i64 %168 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %167 %169 = load i8, i8* %168, align 1 %170 = and i8 %169, 32 %171 = icmp ne i8 %170, 0 %172 = icmp eq i8 %166, 44 %173 = or i1 %172, %171 br i1 %173, label %178, label %174 %175 = getelementptr i8, i8* %32, i64 -9 %176 = tail call i32 @hex_to_bin(i8 zeroext %166) #78 ------------- Use: =BAD PATH= Call Stack: 0 bitmap_parse 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 Function:bitmap_parse %5 = zext i32 %1 to i64 %6 = tail call i8* @strnchrnul(i8* %0, i64 %5, i32 10) #78 %7 = getelementptr i8, i8* %6, i64 -1 %8 = sext i32 %3 to i64 %9 = add nsw i64 %8, 31 %10 = lshr i64 %9, 5 %11 = trunc i64 %10 to i32 %12 = bitcast i64* %2 to i32* br label %13 %14 = phi i8* [ %7, %4 ], [ %180, %178 ] %15 = phi i32 [ %11, %4 ], [ %35, %178 ] %16 = phi i32 [ 0, %4 ], [ %182, %178 ] %17 = icmp ult i8* %14, %0 br i1 %17, label %31, label %18 %19 = phi i8* [ %29, %28 ], [ %14, %13 ] %20 = load i8, i8* %19, align 1 %21 = zext i8 %20 to i64 %22 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %21 %23 = load i8, i8* %22, align 1 %24 = and i8 %23, 32 %25 = icmp ne i8 %24, 0 %26 = icmp eq i8 %20, 44 %27 = or i1 %26, %25 br i1 %27, label %28, label %31 %32 = phi i8* [ %14, %13 ], [ %19, %18 ], [ %29, %28 ] %33 = icmp ult i8* %32, %0 br i1 %33, label %187, label %34 %35 = add i32 %15, -1 %36 = icmp eq i32 %15, 0 br i1 %36, label %237, label %37 %38 = sext i32 %16 to i64 %39 = getelementptr i32, i32* %12, i64 %38 %40 = getelementptr i8, i8* %32, i64 -1 %41 = load i8, i8* %32, align 1 %42 = tail call i32 @hex_to_bin(i8 zeroext %41) #78 %43 = icmp slt i32 %42, 0 br i1 %43, label %183, label %48 %49 = icmp ult i8* %40, %0 br i1 %49, label %178, label %50 %51 = load i8, i8* %40, align 1 %52 = zext i8 %51 to i64 %53 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %52 %54 = load i8, i8* %53, align 1 %55 = and i8 %54, 32 %56 = icmp ne i8 %55, 0 %57 = icmp eq i8 %51, 44 %58 = or i1 %57, %56 br i1 %58, label %178, label %44 %45 = getelementptr i8, i8* %32, i64 -2 %46 = tail call i32 @hex_to_bin(i8 zeroext %51) #78 %47 = icmp slt i32 %46, 0 br i1 %47, label %183, label %59 %60 = shl i32 %46, 4 %61 = or i32 %60, %42 %62 = icmp ult i8* %45, %0 br i1 %62, label %178, label %63 %64 = load i8, i8* %45, align 1 %65 = zext i8 %64 to i64 %66 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %65 %67 = load i8, i8* %66, align 1 %68 = and i8 %67, 32 %69 = icmp ne i8 %68, 0 %70 = icmp eq i8 %64, 44 %71 = or i1 %70, %69 br i1 %71, label %178, label %72 %73 = getelementptr i8, i8* %32, i64 -3 %74 = tail call i32 @hex_to_bin(i8 zeroext %64) #78 %75 = icmp slt i32 %74, 0 br i1 %75, label %183, label %76 %77 = shl i32 %74, 8 %78 = or i32 %77, %61 %79 = icmp ult i8* %73, %0 br i1 %79, label %178, label %80 %81 = load i8, i8* %73, align 1 %82 = zext i8 %81 to i64 %83 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %82 %84 = load i8, i8* %83, align 1 %85 = and i8 %84, 32 %86 = icmp ne i8 %85, 0 %87 = icmp eq i8 %81, 44 %88 = or i1 %87, %86 br i1 %88, label %178, label %89 %90 = getelementptr i8, i8* %32, i64 -4 %91 = tail call i32 @hex_to_bin(i8 zeroext %81) #78 %92 = icmp slt i32 %91, 0 br i1 %92, label %183, label %93 %94 = shl i32 %91, 12 %95 = or i32 %94, %78 %96 = icmp ult i8* %90, %0 br i1 %96, label %178, label %97 %98 = load i8, i8* %90, align 1 %99 = zext i8 %98 to i64 %100 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %99 %101 = load i8, i8* %100, align 1 %102 = and i8 %101, 32 %103 = icmp ne i8 %102, 0 %104 = icmp eq i8 %98, 44 %105 = or i1 %104, %103 br i1 %105, label %178, label %106 %107 = getelementptr i8, i8* %32, i64 -5 %108 = tail call i32 @hex_to_bin(i8 zeroext %98) #78 %109 = icmp slt i32 %108, 0 br i1 %109, label %183, label %110 %111 = shl i32 %108, 16 %112 = or i32 %111, %95 %113 = icmp ult i8* %107, %0 br i1 %113, label %178, label %114 %115 = load i8, i8* %107, align 1 %116 = zext i8 %115 to i64 %117 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %116 %118 = load i8, i8* %117, align 1 %119 = and i8 %118, 32 %120 = icmp ne i8 %119, 0 %121 = icmp eq i8 %115, 44 %122 = or i1 %121, %120 br i1 %122, label %178, label %123 %124 = getelementptr i8, i8* %32, i64 -6 %125 = tail call i32 @hex_to_bin(i8 zeroext %115) #78 %126 = icmp slt i32 %125, 0 br i1 %126, label %183, label %127 %128 = shl i32 %125, 20 %129 = or i32 %128, %112 %130 = icmp ult i8* %124, %0 br i1 %130, label %178, label %131 %132 = load i8, i8* %124, align 1 %133 = zext i8 %132 to i64 %134 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %133 %135 = load i8, i8* %134, align 1 %136 = and i8 %135, 32 %137 = icmp ne i8 %136, 0 %138 = icmp eq i8 %132, 44 %139 = or i1 %138, %137 br i1 %139, label %178, label %140 %141 = getelementptr i8, i8* %32, i64 -7 %142 = tail call i32 @hex_to_bin(i8 zeroext %132) #78 %143 = icmp slt i32 %142, 0 br i1 %143, label %183, label %144 %145 = shl i32 %142, 24 %146 = or i32 %145, %129 %147 = icmp ult i8* %141, %0 br i1 %147, label %178, label %148 %149 = load i8, i8* %141, align 1 %150 = zext i8 %149 to i64 %151 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %150 %152 = load i8, i8* %151, align 1 %153 = and i8 %152, 32 %154 = icmp ne i8 %153, 0 %155 = icmp eq i8 %149, 44 %156 = or i1 %155, %154 br i1 %156, label %178, label %157 %158 = getelementptr i8, i8* %32, i64 -8 %159 = tail call i32 @hex_to_bin(i8 zeroext %149) #78 %160 = icmp slt i32 %159, 0 br i1 %160, label %183, label %161 %162 = shl i32 %159, 28 %163 = or i32 %162, %146 %164 = icmp ult i8* %158, %0 br i1 %164, label %178, label %165 %166 = load i8, i8* %158, align 1 %167 = zext i8 %166 to i64 %168 = getelementptr [0 x i8], [0 x i8]* bitcast ([256 x i8]* @_ctype to [0 x i8]*), i64 0, i64 %167 %169 = load i8, i8* %168, align 1 %170 = and i8 %169, 32 %171 = icmp ne i8 %170, 0 %172 = icmp eq i8 %166, 44 %173 = or i1 %172, %171 br i1 %173, label %178, label %174 %175 = getelementptr i8, i8* %32, i64 -9 %176 = tail call i32 @hex_to_bin(i8 zeroext %166) #78 ------------- Good: 142 Bad: 18 Ignored: 179 Check Use of Function:ext4_wait_for_tail_page_commit Check Use of Function:pci_walk_bus Use: =BAD PATH= Call Stack: 0 pci_bridge_d3_update 1 pci_d3cold_disable 2 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.318968* %8 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #78 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.318968* %7) #78 Function:pci_d3cold_disable %2 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 33 %3 = bitcast i24* %2 to i32* %4 = load i32, i32* %3, align 2 %5 = and i32 %4, 512 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 %8 = or i32 %4, 512 store i32 %8, i32* %3, align 2 tail call void @pci_bridge_d3_update(%struct.pci_dev.318968* %0) #78 Function:pci_bridge_d3_update %2 = alloca i8, align 1 %3 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46, i32 0, i32 7 %4 = load i8, i8* %3, align 4 %5 = and i8 %4, 2 %6 = icmp eq i8 %5, 0 store i8 1, i8* %2, align 1 %7 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 1 %8 = load %struct.pci_bus.318970*, %struct.pci_bus.318970** %7, align 8 %9 = getelementptr inbounds %struct.pci_bus.318970, %struct.pci_bus.318970* %8, i64 0, i32 1 %10 = load %struct.pci_bus.318970*, %struct.pci_bus.318970** %9, align 8 %11 = icmp eq %struct.pci_bus.318970* %10, null br i1 %11, label %78, label %12 %13 = getelementptr inbounds %struct.pci_bus.318970, %struct.pci_bus.318970* %8, i64 0, i32 4 %14 = load %struct.pci_dev.318968*, %struct.pci_dev.318968** %13, align 8 %15 = icmp eq %struct.pci_dev.318968* %14, null br i1 %15, label %78, label %16 %17 = tail call zeroext i1 @pci_bridge_d3_possible(%struct.pci_dev.318968* nonnull %14) #78 br i1 %17, label %18, label %78 br i1 %6, label %19, label %25 %26 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 33 %27 = bitcast i24* %26 to i32* %28 = load i32, i32* %27, align 2 %29 = and i32 %28, 2560 %30 = icmp eq i32 %29, 2048 br i1 %30, label %31, label %54 %32 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46, i32 11, i32 1 %33 = load i16, i16* %32, align 4 %34 = and i16 %33, 1 %35 = icmp eq i16 %34, 0 br i1 %35, label %47, label %36 %37 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46, i32 11, i32 6 %38 = load %struct.wakeup_source*, %struct.wakeup_source** %37, align 8 %39 = icmp eq %struct.wakeup_source* %38, null br i1 %39, label %47, label %40 %41 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 32 %42 = load i8, i8* %41, align 1 %43 = icmp ne i8 %42, 0 %44 = and i32 %28, 16 %45 = icmp ne i32 %44, 0 %46 = and i1 %45, %43 br i1 %46, label %47, label %54 %48 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 2 %49 = load %struct.pci_bus.318970*, %struct.pci_bus.318970** %48, align 8 %50 = icmp eq %struct.pci_bus.318970* %49, null %51 = and i32 %28, 1024 %52 = icmp ne i32 %51, 0 %53 = or i1 %52, %50 br i1 %53, label %55, label %54 %56 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %14, i64 0, i32 33 %57 = bitcast i24* %56 to i32* %58 = load i32, i32* %57, align 2 %59 = and i32 %58, 1024 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %66 %62 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %14, i64 0, i32 2 %63 = load %struct.pci_bus.318970*, %struct.pci_bus.318970** %62, align 8 call void bitcast (void (%struct.pci_bus.319326*, i32 (%struct.pci_dev.319324*, i8*)*, i8*)* @pci_walk_bus to void (%struct.pci_bus.318970*, i32 (%struct.pci_dev.318968*, i8*)*, i8*)*)(%struct.pci_bus.318970* %63, i32 (%struct.pci_dev.318968*, i8*)* nonnull @pci_dev_check_d3cold, i8* nonnull %2) #79 ------------- Good: 22 Bad: 1 Ignored: 17 Check Use of Function:mq_find Check Use of Function:uprobe_copy_process Check Use of Function:i915_gem_ww_ctx_init Check Use of Function:evdev_ioctl Check Use of Function:bitmap_zalloc Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = ptrtoint i8* %2 to i64 %16 = bitcast i64* %7 to i8* %17 = load i64, i64* %3, align 8 store i64 %17, i64* %7, align 8 %18 = getelementptr inbounds %struct.ctl_table.50051, %struct.ctl_table.50051* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = sext i32 %19 to i64 %21 = getelementptr inbounds %struct.ctl_table.50051, %struct.ctl_table.50051* %0, i64 0, i32 1 %22 = bitcast i8** %21 to i64*** %23 = load i64**, i64*** %22, align 8 %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %26 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 store i8 0, i8* %10, align 1 %27 = icmp ne i64* %24, null %28 = icmp ne i32 %19, 0 %29 = and i1 %28, %27 %30 = icmp ne i64 %17, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %37 %33 = load i64, i64* %4, align 8 %34 = icmp eq i64 %33, 0 %35 = icmp ne i32 %1, 0 %36 = or i1 %35, %34 br i1 %36, label %38, label %37 br i1 %35, label %41, label %39 %42 = bitcast i8** %11 to i8* %43 = bitcast i8** %11 to i64* store i64 %15, i64* %43, align 8 %44 = icmp ugt i64 %17, 4095 br i1 %44, label %45, label %47 store i64 4095, i64* %7, align 8 %46 = add i64 %17, -4095 br label %47 %48 = phi i64 [ 4095, %45 ], [ %17, %41 ] %49 = phi i64 [ %46, %45 ], [ 0, %41 ] %50 = tail call i64* @bitmap_zalloc(i32 %19, i32 3264) #78 ------------- Good: 17 Bad: 1 Ignored: 17 Check Use of Function:__pagevec_release Check Use of Function:regulatory_exit Check Use of Function:ext4_should_retry_alloc Check Use of Function:path_lookupat Check Use of Function:xt_request_find_target Check Use of Function:ext4_alloc_file_blocks Check Use of Function:fifo_hd_init Check Use of Function:intel_irq_uninstall Check Use of Function:rtnl_fdb_notify Check Use of Function:drop_super_exclusive Check Use of Function:ext4_compat_ioctl Check Use of Function:tracefs_syscall_rmdir Check Use of Function:gen_replace_estimator Check Use of Function:bitmap_free Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = ptrtoint i8* %2 to i64 %16 = bitcast i64* %7 to i8* %17 = load i64, i64* %3, align 8 store i64 %17, i64* %7, align 8 %18 = getelementptr inbounds %struct.ctl_table.50051, %struct.ctl_table.50051* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = sext i32 %19 to i64 %21 = getelementptr inbounds %struct.ctl_table.50051, %struct.ctl_table.50051* %0, i64 0, i32 1 %22 = bitcast i8** %21 to i64*** %23 = load i64**, i64*** %22, align 8 %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %26 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 store i8 0, i8* %10, align 1 %27 = icmp ne i64* %24, null %28 = icmp ne i32 %19, 0 %29 = and i1 %28, %27 %30 = icmp ne i64 %17, 0 %31 = and i1 %30, %29 br i1 %31, label %32, label %37 %33 = load i64, i64* %4, align 8 %34 = icmp eq i64 %33, 0 %35 = icmp ne i32 %1, 0 %36 = or i1 %35, %34 br i1 %36, label %38, label %37 br i1 %35, label %41, label %39 %42 = bitcast i8** %11 to i8* %43 = bitcast i8** %11 to i64* store i64 %15, i64* %43, align 8 %44 = icmp ugt i64 %17, 4095 br i1 %44, label %45, label %47 store i64 4095, i64* %7, align 8 %46 = add i64 %17, -4095 br label %47 %48 = phi i64 [ 4095, %45 ], [ %17, %41 ] %49 = phi i64 [ %46, %45 ], [ 0, %41 ] %50 = tail call i64* @bitmap_zalloc(i32 %19, i32 3264) #78 %51 = icmp eq i64* %50, null br i1 %51, label %140, label %52 %53 = getelementptr i8, i8* %2, i64 %48 br label %54 %55 = phi i8* [ %61, %59 ], [ %2, %52 ] %56 = phi i64 [ %60, %59 ], [ %48, %52 ] %57 = load i8, i8* %55, align 1 %58 = icmp eq i8 %57, 10 br i1 %58, label %59, label %64 store i8* %55, i8** %11, align 8 %65 = bitcast i64* %12 to i8* %66 = bitcast i64* %13 to i8* %67 = icmp ne i64 %49, 0 br label %69 %70 = phi i64 [ %56, %64 ], [ %138, %137 ] store i64 0, i64* %12, align 8 store i64 0, i64* %13, align 8 store i8 0, i8* %14, align 1 %71 = call fastcc i32 @proc_get_long(i8** nonnull %11, i64* nonnull %7, i64* nonnull %12, i8* nonnull %14, i8* nonnull %25, i8* nonnull %10) #79 %72 = load i64, i64* %7, align 8 %73 = icmp ult i64 %72, 2 %74 = and i1 %67, %73 br i1 %74, label %75, label %76 %77 = icmp eq i32 %71, 0 br i1 %77, label %78, label %201 %202 = phi i64 [ %70, %98 ], [ %70, %75 ], [ %95, %101 ], [ %95, %99 ], [ %72, %78 ], [ %72, %76 ] %203 = phi i32 [ %94, %98 ], [ %71, %75 ], [ -22, %101 ], [ %94, %99 ], [ -22, %78 ], [ %71, %76 ] %204 = add i64 %202, %49 store i64 %204, i64* %7, align 8 %205 = icmp eq i32 %203, 0 br i1 %205, label %206, label %225 %226 = phi i64* [ %50, %201 ], [ %207, %219 ] %227 = phi i32 [ %203, %201 ], [ 0, %219 ] call void @bitmap_free(i64* %226) #78 ------------- Good: 55 Bad: 1 Ignored: 2 Check Use of Function:simple_rename Check Use of Function:netlink_rcv_skb Use: =BAD PATH= Call Stack: 0 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff* %0, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #78 ------------- Use: =BAD PATH= Call Stack: 0 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 bitcast (i32 (%struct.sk_buff*, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)* @netlink_rcv_skb to i32 (%struct.sk_buff.756266*, i32 (%struct.sk_buff.756266*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)*)(%struct.sk_buff.756266* %0, i32 (%struct.sk_buff.756266*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #78 ------------- Good: 4 Bad: 2 Ignored: 0 Check Use of Function:unregister_pernet_device Check Use of Function:scsi_init_command Check Use of Function:vfs_mknod Check Use of Function:drm_property_replace_blob Check Use of Function:nfs_lookup Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %10, i64 0, i32 0 %12 = bitcast %struct.wait_queue_head* %6 to i64* store i64 0, i64* %12, align 8 store %struct.list_head* %10, %struct.list_head** %11, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %10, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr* %7 to i8* %15 = getelementptr inbounds %struct.iattr, %struct.iattr* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.inode* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %318 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %32, label %27 %28 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 268435456 %31 = icmp eq i32 %30, 0 br i1 %31, label %318, label %250 %251 = phi %struct.dentry* [ %92, %203 ], [ %92, %159 ], [ %92, %159 ], [ %1, %27 ] %252 = phi i32 [ 0, %203 ], [ 0, %159 ], [ 0, %159 ], [ 258, %27 ] %253 = phi i8 [ %94, %203 ], [ %94, %159 ], [ %94, %159 ], [ 0, %27 ] %254 = call %struct.dentry* @nfs_lookup(%struct.inode* %0, %struct.dentry* %251, i32 %252) #79 ------------- Good: 0 Bad: 1 Ignored: 4 Check Use of Function:maybe_link Check Use of Function:netif_receive_skb_list Check Use of Function:mb_cache_entry_touch Check Use of Function:__mb_cache_entry_free Check Use of Function:selinux_policy_genfs_sid Check Use of Function:do_trace_netlink_extack Use: =BAD PATH= Call Stack: 0 __neigh_update 1 neigh_update 2 ndisc_update 3 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.903079, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.903079* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %58 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.902571*, %struct.inet6_dev.902571** %58, align 16 %60 = icmp eq %struct.inet6_dev.902571* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.905443*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.902651*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.902651* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #78 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %79 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %102 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.902525** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %109 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.902548*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %122 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121) #78 %123 = icmp eq %struct.neighbour.902458* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121, i1 zeroext true) #78 %126 = icmp ugt %struct.neighbour.902458* %125, inttoptr (i64 -4096 to %struct.neighbour.902458*) %127 = icmp eq %struct.neighbour.902458* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.902458* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.905443*, %struct.neighbour.904925*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.902651*, %struct.neighbour.902458*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.902651* %131, %struct.neighbour.902458* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #78 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.904925*, i8*, i8, i32, i32)*)(%struct.neighbour.904925* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #78 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #78 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 tail call void @do_trace_netlink_extack(i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__neigh_update.__msg, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 __neigh_update 1 neigh_update 2 ndisc_update 3 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.903079, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.903079* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %58 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.902571*, %struct.inet6_dev.902571** %58, align 16 %60 = icmp eq %struct.inet6_dev.902571* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.905443*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.902651*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.902651* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #78 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %79 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %102 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.902525** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %109 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.902548*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %122 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121) #78 %123 = icmp eq %struct.neighbour.902458* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121, i1 zeroext true) #78 %126 = icmp ugt %struct.neighbour.902458* %125, inttoptr (i64 -4096 to %struct.neighbour.902458*) %127 = icmp eq %struct.neighbour.902458* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.902458* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.905443*, %struct.neighbour.904925*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.902651*, %struct.neighbour.902458*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.902651* %131, %struct.neighbour.902458* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #78 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.904925*, i8*, i8, i32, i32)*)(%struct.neighbour.904925* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #78 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #78 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 %35 = icmp sgt i32 %3, -1 %36 = xor i1 %35, true %37 = icmp ult i8 %26, 64 %38 = or i1 %37, %36 br i1 %38, label %39, label %398 br i1 %35, label %53, label %40 %54 = phi i32 [ 0, %39 ], [ 0, %40 ], [ 1, %48 ] %55 = phi i1 [ false, %39 ], [ false, %40 ], [ true, %48 ] %56 = and i32 %3, 268435456 %57 = icmp eq i32 %56, 0 br i1 %57, label %60, label %58 %61 = zext i8 %2 to i32 %62 = and i32 %61, 222 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %102 %103 = getelementptr inbounds %struct.net_device, %struct.net_device* %24, i64 0, i32 51 %104 = load i8, i8* %103, align 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %108 %109 = icmp eq i8* %1, null %110 = and i8 %26, -34 %111 = icmp eq i8 %110, 0 br i1 %109, label %119, label %112 br i1 %111, label %120, label %124 tail call void @do_trace_netlink_extack(i8* getelementptr inbounds ([28 x i8], [28 x i8]* @__neigh_update.__msg.18, i64 0, i64 0)) #78 ------------- Good: 2353 Bad: 2 Ignored: 2771 Check Use of Function:security_inode_removexattr Check Use of Function:dev_mc_del Check Use of Function:xt_match_to_user Check Use of Function:ext4_get_block Check Use of Function:__mark_inode_dirty Use: =BAD PATH= Call Stack: 0 fat_update_time ------------- Path:  Function:fat_update_time %4 = getelementptr inbounds %struct.inode.210013, %struct.inode.210013* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 1 br i1 %6, label %39, label %7 %8 = and i32 %2, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %19, label %10 %11 = tail call i32 @fat_truncate_time(%struct.inode.210013* %0, %struct.cpu_itimer* %1, i32 %2) #78 %12 = getelementptr inbounds %struct.inode.210013, %struct.inode.210013* %0, i64 0, i32 8 %13 = load %struct.super_block.210053*, %struct.super_block.210053** %12, align 8 %14 = getelementptr inbounds %struct.super_block.210053, %struct.super_block.210053* %13, i64 0, i32 10 %15 = load i64, i64* %14, align 16 %16 = and i64 %15, 33554432 %17 = icmp eq i64 %16, 0 %18 = select i1 %17, i32 1, i32 2048 br label %19 %20 = phi i32 [ 0, %7 ], [ %18, %10 ] %21 = and i32 %2, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %37, label %23 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = getelementptr inbounds %struct.inode.210013, %struct.inode.210013* %0, i64 0, i32 33, i32 0 %25 = load volatile i64, i64* %24, align 8 br label %26 %27 = phi i64 [ %25, %23 ], [ %33, %30 ] %28 = and i64 %27, 1 %29 = icmp eq i64 %28, 0 br i1 %29, label %37, label %30 %38 = phi i32 [ %20, %19 ], [ %36, %35 ], [ %20, %26 ] tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.210013*, i32)*)(%struct.inode.210013* %0, i32 %38) #79 ------------- Use: =BAD PATH= Call Stack: 0 fat_update_time ------------- Path:  Function:fat_update_time %4 = getelementptr inbounds %struct.inode.210013, %struct.inode.210013* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 1 br i1 %6, label %39, label %7 %8 = and i32 %2, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %19, label %10 %11 = tail call i32 @fat_truncate_time(%struct.inode.210013* %0, %struct.cpu_itimer* %1, i32 %2) #78 %12 = getelementptr inbounds %struct.inode.210013, %struct.inode.210013* %0, i64 0, i32 8 %13 = load %struct.super_block.210053*, %struct.super_block.210053** %12, align 8 %14 = getelementptr inbounds %struct.super_block.210053, %struct.super_block.210053* %13, i64 0, i32 10 %15 = load i64, i64* %14, align 16 %16 = and i64 %15, 33554432 %17 = icmp eq i64 %16, 0 %18 = select i1 %17, i32 1, i32 2048 br label %19 %20 = phi i32 [ 0, %7 ], [ %18, %10 ] %21 = and i32 %2, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %37, label %23 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = getelementptr inbounds %struct.inode.210013, %struct.inode.210013* %0, i64 0, i32 33, i32 0 %25 = load volatile i64, i64* %24, align 8 br label %26 %27 = phi i64 [ %25, %23 ], [ %33, %30 ] %28 = and i64 %27, 1 %29 = icmp eq i64 %28, 0 br i1 %29, label %37, label %30 %38 = phi i32 [ %20, %19 ], [ %36, %35 ], [ %20, %26 ] tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.210013*, i32)*)(%struct.inode.210013* %0, i32 %38) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_readonly_mmap ------------- Path:  Function:generic_file_readonly_mmap %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 40 %6 = icmp eq i64 %5, 40 br i1 %6, label %24, label %7 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 9 %11 = load %struct.address_space_operations*, %struct.address_space_operations** %10, align 8 %12 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %11, i64 0, i32 1 %13 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %12, align 8 %14 = icmp eq i32 (%struct.file*, %struct.page*)* %13, null br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 262144 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %21) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #78 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #79 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter 2 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %4 = load %struct.file.294911*, %struct.file.294911** %3, align 8 %5 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %4, i64 0, i32 18 %6 = load %struct.address_space.294992*, %struct.address_space.294992** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %6, i64 0, i32 0 %8 = load %struct.inode.294985*, %struct.inode.294985** %7, align 8 %9 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #78 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #79 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap ------------- Path:  Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap 2 nfs_file_mmap ------------- Path:  Function:nfs_file_mmap %3 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 2 %4 = load %struct.inode.215256*, %struct.inode.215256** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, %struct.vm_area_struct*)* @generic_file_mmap to i32 (%struct.file.215264*, %struct.vm_area_struct.215280*)*)(%struct.file.215264* %0, %struct.vm_area_struct.215280* %1) #78 Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_mmap ------------- Path:  Function:shmem_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 6, i32 4, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.shmem_inode_info* %7 = getelementptr inbounds %struct.shmem_inode_info, %struct.shmem_inode_info* %6, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 16 %10 = icmp eq i32 %9, 0 br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 8 %15 = icmp eq i64 %14, 0 %16 = and i64 %13, 10 %17 = icmp eq i64 %16, 10 %18 = or i1 %17, %15 br i1 %18, label %21, label %19 br i1 %17, label %31, label %22 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 262144 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %28) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ 0, %23 ], [ %100, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ %16, %23 ], [ %103, %124 ] %32 = icmp ne i64 %31, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %31, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #78 switch i32 %40, label %129 [ i32 0, label %41 i32 -22, label %134 ] %135 = phi i64 [ %31, %70 ], [ %31, %56 ], [ %31, %55 ], [ %16, %2 ], [ %130, %129 ], [ %31, %36 ] %136 = phi i64 [ %30, %70 ], [ %30, %56 ], [ %30, %55 ], [ %17, %2 ], [ %131, %129 ], [ %30, %36 ] %137 = phi i32 [ 0, %70 ], [ 0, %56 ], [ 0, %55 ], [ 0, %2 ], [ %132, %129 ], [ 0, %36 ] %138 = phi i64 [ %29, %70 ], [ %29, %56 ], [ %29, %55 ], [ 0, %2 ], [ %133, %129 ], [ %29, %36 ] %139 = shl i64 %135, 12 %140 = add i64 %139, %136 store i64 %140, i64* %10, align 8 %141 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 7 %142 = load i32, i32* %141, align 8 %143 = and i32 %142, 262144 %144 = icmp eq i32 %143, 0 br i1 %144, label %145, label %147 %146 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %146) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 1 call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path.154739*)*)(%struct.path.154739* %91) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 1 call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path.154739*)*)(%struct.path.154739* %91) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read 2 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*, i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.155109*, i64*, %struct.pipe_inode_info.155195*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273585*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*)(%struct.file.273585* %0, i64* %1, %struct.pipe_inode_info.273524* %2, i64 %3, i32 %4) #78 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 1 call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path.154739*)*)(%struct.path.154739* %91) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %40 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 15 %41 = bitcast %struct.cpu_itimer* %40 to i8* %42 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %43 = getelementptr inbounds %struct.super_block.150588, %struct.super_block.150588* %42, i64 0, i32 10 %44 = load i64, i64* %43, align 16 %45 = and i64 %44, 33554432 %46 = icmp eq i64 %45, 0 %47 = select i1 %46, i32 1, i32 2048 tail call void bitcast (void (%struct.inode*, i32)* @__mark_inode_dirty to void (%struct.inode.150604*, i32)*)(%struct.inode.150604* %8, i32 %47) #79 ------------- Good: 188 Bad: 12 Ignored: 238 Check Use of Function:percpu_free_rwsem Check Use of Function:ext4_superblock_csum_set Check Use of Function:ldsem_down_write Check Use of Function:init_special_inode Check Use of Function:enable_irq Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 __pm_runtime_suspend 3 __intel_runtime_pm_put 4 intel_runtime_pm_put_unchecked 5 intel_rps_read_punit_req_frequency 6 intel_rps_get_requested_frequency 7 gt_cur_freq_mhz_show ------------- Path:  Function:gt_cur_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.423982** %8 = load %struct.drm_i915_private.423982*, %struct.drm_i915_private.423982** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.423982, %struct.drm_i915_private.423982* %8, i64 0, i32 102, i32 19 %10 = tail call i32 @intel_rps_get_requested_frequency(%struct.intel_rps* %9) #78 Function:intel_rps_get_requested_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 7 %3 = getelementptr inbounds i32, i32* %2, i64 6 %4 = bitcast i32* %3 to %struct.intel_uc.449265* %5 = getelementptr inbounds i32, i32* %2, i64 9 %6 = load i32, i32* %5, align 4 %7 = icmp sgt i32 %6, 4 br i1 %7, label %8, label %18 %9 = getelementptr inbounds %struct.intel_uc.449265, %struct.intel_uc.449265* %4, i64 0, i32 1, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %18, label %12 %13 = getelementptr inbounds %struct.intel_uc.449265, %struct.intel_uc.449265* %4, i64 0, i32 1, i32 3, i32 3 %14 = load i8, i8* %13, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %18, label %16 %17 = tail call i32 @intel_rps_read_punit_req_frequency(%struct.intel_rps* %0) #78 Function:intel_rps_read_punit_req_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 7 %3 = getelementptr inbounds i32, i32* %2, i64 2 %4 = bitcast i32* %3 to %struct.intel_uncore.449122** %5 = load %struct.intel_uncore.449122*, %struct.intel_uncore.449122** %4, align 8 %6 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %5, i64 0, i32 2 %7 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %6, align 8 %8 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %7) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %5, i64 0, i32 8, i32 6 %12 = load i32 (%struct.intel_uncore.449122*, i32, i1)*, i32 (%struct.intel_uncore.449122*, i32, i1)** %11, align 8 %13 = tail call i32 %12(%struct.intel_uncore.449122* %5, i32 40968, i1 zeroext true) #78 tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %7) #78 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #78 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39258, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39260, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !8 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39263, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !9 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !10 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !11 %39 = tail call i64 @ktime_get_mono_fast_ns() #78 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #78 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #79 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 __pm_runtime_suspend 3 __intel_runtime_pm_put 4 intel_runtime_pm_put_unchecked 5 intel_rps_read_actual_frequency 6 gt_act_freq_mhz_show ------------- Path:  Function:gt_act_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.423982** %8 = load %struct.drm_i915_private.423982*, %struct.drm_i915_private.423982** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.423982, %struct.drm_i915_private.423982* %8, i64 0, i32 102, i32 19 %10 = tail call i32 @intel_rps_read_actual_frequency(%struct.intel_rps* %9) #78 Function:intel_rps_read_actual_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 7 %3 = getelementptr inbounds i32, i32* %2, i64 2 %4 = bitcast i32* %3 to %struct.intel_uncore.449122** %5 = load %struct.intel_uncore.449122*, %struct.intel_uncore.449122** %4, align 8 %6 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %5, i64 0, i32 2 %7 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %6, align 8 %8 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %7) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %112, label %10 %11 = bitcast i32* %2 to %struct.drm_i915_private.449467** %12 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 13 %13 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 14 %14 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 20 %15 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %11, align 8 %16 = load %struct.intel_uncore.449122*, %struct.intel_uncore.449122** %4, align 8 %17 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %15, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 9437184 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %15, i64 0, i32 3, i32 0 %25 = load i8, i8* %24, align 8 %26 = icmp ugt i8 %25, 5 %27 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %16, i64 0, i32 8, i32 6 %28 = load i32 (%struct.intel_uncore.449122*, i32, i1)*, i32 (%struct.intel_uncore.449122*, i32, i1)** %27, align 8 br i1 %26, label %29, label %31 %32 = tail call i32 %28(%struct.intel_uncore.449122* %16, i32 70136, i1 zeroext true) #78 br label %33 %34 = phi i32 [ %22, %21 ], [ %30, %29 ], [ %32, %31 ] %35 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %11, align 8 %36 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %35, i64 0, i32 4, i32 0, i64 0 %37 = load i32, i32* %36, align 4 %38 = zext i32 %37 to i64 %39 = and i64 %38, 9437184 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %67 %42 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %35, i64 0, i32 3, i32 0 %43 = load i8, i8* %42, align 8 %44 = icmp ugt i8 %43, 8 br i1 %44, label %45, label %47 %46 = lshr i32 %34, 23 br label %73 %74 = phi i32 [ %46, %45 ], [ %69, %67 ] %75 = mul nuw nsw i32 %74, 50 %76 = icmp eq i32 %74, 0 %77 = or i32 %75, 1 %78 = add nsw i32 %75, -1 %79 = select i1 %76, i32 %78, i32 %77 %80 = sdiv i32 %79, 3 br label %110 %111 = phi i32 [ %109, %106 ], [ %80, %73 ], [ %93, %86 ], [ %105, %97 ] tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %7) #78 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #78 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39258, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39260, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !8 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39263, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !9 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !10 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !11 %39 = tail call i64 @ktime_get_mono_fast_ns() #78 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #78 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #79 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 rpm_idle 3 pm_runtime_set_autosuspend_delay 4 autosuspend_store ------------- Path:  Function:autosuspend_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.6.53981, i64 0, i64 0), i32* nonnull %5) #78 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = add i32 %9, 2147482 %11 = icmp ugt i32 %10, 4294964 %12 = or i1 %8, %11 br i1 %12, label %15, label %13 %14 = mul nsw i32 %9, 1000 call void @pm_runtime_set_autosuspend_delay(%struct.device* %0, i32 %14) #79 Function:pm_runtime_set_autosuspend_delay %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #78 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = lshr i16 %8, 11 %10 = and i16 %9, 1 store i32 %1, i32* %5, align 4 %11 = and i16 %8, 2048 %12 = icmp ne i16 %11, 0 %13 = icmp slt i32 %1, 0 %14 = and i1 %13, %12 br i1 %14, label %15, label %23 %24 = icmp ne i16 %10, 0 %25 = icmp slt i32 %6, 0 %26 = and i1 %25, %24 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32* %28) #6, !srcloc !5 br label %29 %30 = tail call fastcc i32 @rpm_idle(%struct.device* %0, i32 8) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 rpm_idle 3 __rpm_callback 4 rpm_resume 5 __pm_runtime_resume 6 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.318968* %8 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #78 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.318968* %7) #78 br label %22 %23 = call i32 @__pm_runtime_resume(%struct.device* %0, i32 0) #78 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #78 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #79 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %12 = bitcast i8** %11 to %struct.task_struct** %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %17 = and i32 %1, 3 %18 = icmp eq i32 %17, 0 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %20 = bitcast %struct.spinlock* %19 to i8* %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %24 = and i32 %1, 1 %25 = icmp eq i32 %24, 0 %26 = bitcast %struct.wait_queue_entry* %3 to i64* br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #79 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %23, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %25, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %23, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #79 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #79 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %126, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %126 %19 = tail call i32 @device_links_read_lock() #78 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %125, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #78 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #78 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #78 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %185, label %90 %91 = phi %struct.list_head* [ %123, %117 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = bitcast %struct.list_head* %92 to %struct.device** %94 = load %struct.device*, %struct.device** %93, align 8 %95 = getelementptr inbounds %struct.device, %struct.device* %94, i64 0, i32 11, i32 13, i32 0 %96 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %97 = bitcast %struct.list_head* %96 to %struct.seqcount_spinlock* %98 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %98, label %99, label %117 %100 = load volatile i32, i32* %95, align 4 %101 = icmp sgt i32 %100, 0 br i1 %101, label %102, label %117 %103 = load volatile i32, i32* %95, align 4 %104 = icmp eq i32 %103, 0 br i1 %104, label %115, label %105, !prof !8, !misexpect !9 %106 = phi i32 [ %113, %112 ], [ %103, %102 ] %107 = add i32 %106, -1 %108 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %95, i32 %107, i32* %95, i32 %106) #6, !srcloc !10 %109 = extractvalue { i8, i32 } %108, 0 %110 = and i8 %109, 1 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %115, !prof !8, !misexpect !9 %113 = extractvalue { i8, i32 } %108, 1 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %105, !prof !8, !misexpect !9 %116 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %116, label %99, label %117 %118 = load %struct.device*, %struct.device** %93, align 8 %119 = getelementptr inbounds %struct.device, %struct.device* %118, i64 0, i32 11, i32 3, i32 0, i32 0 %120 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %119) #78 %121 = tail call fastcc i32 @rpm_idle(%struct.device* %118, i32 1) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 rpm_idle 3 __rpm_callback 4 rpm_resume 5 __pm_runtime_resume 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.705679*, align 8 store %struct.bio.705679* %0, %struct.bio.705679** %2, align 8 %3 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 1 %4 = load %struct.block_device.705676*, %struct.block_device.705676** %3, align 8 %5 = getelementptr inbounds %struct.block_device.705676, %struct.block_device.705676* %4, i64 0, i32 16 %6 = load %struct.gendisk.705501*, %struct.gendisk.705501** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.705501, %struct.gendisk.705501* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 39 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #78 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 1 %18 = icmp ne i64 %17, 0 %19 = icmp eq i8* %13, null %20 = or i1 %19, %18 %21 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 2 %22 = load i32, i32* %21, align 8 br i1 %20, label %23, label %51, !prof !4, !misexpect !5 %52 = trunc i32 %22 to i8 switch i8 %52, label %55 [ i8 3, label %53 i8 5, label %53 i8 7, label %53 i8 9, label %53 ] call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.705679**)*)(%struct.bio.705679** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #78 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %37 = icmp eq %struct.device.296127* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %36, i32 1) #78 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #78 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #78 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %54 = icmp eq %struct.device.296127* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %53, i32 1) #78 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #78 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #79 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %12 = bitcast i8** %11 to %struct.task_struct** %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %17 = and i32 %1, 3 %18 = icmp eq i32 %17, 0 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %20 = bitcast %struct.spinlock* %19 to i8* %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %24 = and i32 %1, 1 %25 = icmp eq i32 %24, 0 %26 = bitcast %struct.wait_queue_entry* %3 to i64* br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #79 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %23, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %25, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %23, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #79 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #79 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %126, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %126 %19 = tail call i32 @device_links_read_lock() #78 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %125, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #78 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #78 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #78 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %185, label %90 %91 = phi %struct.list_head* [ %123, %117 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = bitcast %struct.list_head* %92 to %struct.device** %94 = load %struct.device*, %struct.device** %93, align 8 %95 = getelementptr inbounds %struct.device, %struct.device* %94, i64 0, i32 11, i32 13, i32 0 %96 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %97 = bitcast %struct.list_head* %96 to %struct.seqcount_spinlock* %98 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %98, label %99, label %117 %100 = load volatile i32, i32* %95, align 4 %101 = icmp sgt i32 %100, 0 br i1 %101, label %102, label %117 %103 = load volatile i32, i32* %95, align 4 %104 = icmp eq i32 %103, 0 br i1 %104, label %115, label %105, !prof !8, !misexpect !9 %106 = phi i32 [ %113, %112 ], [ %103, %102 ] %107 = add i32 %106, -1 %108 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %95, i32 %107, i32* %95, i32 %106) #6, !srcloc !10 %109 = extractvalue { i8, i32 } %108, 0 %110 = and i8 %109, 1 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %115, !prof !8, !misexpect !9 %113 = extractvalue { i8, i32 } %108, 1 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %105, !prof !8, !misexpect !9 %116 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %116, label %99, label %117 %118 = load %struct.device*, %struct.device** %93, align 8 %119 = getelementptr inbounds %struct.device, %struct.device* %118, i64 0, i32 11, i32 3, i32 0, i32 0 %120 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %119) #78 %121 = tail call fastcc i32 @rpm_idle(%struct.device* %118, i32 1) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 ------------- Use: =BAD PATH= Call Stack: 0 dev_pm_enable_wake_irq_check 1 rpm_suspend 2 rpm_idle 3 __rpm_callback 4 rpm_resume 5 __pm_runtime_resume 6 __submit_bio 7 submit_bio_noacct 8 __blk_queue_split 9 blk_queue_split 10 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.296195*, align 8 store %struct.bio.296195* %0, %struct.bio.296195** %2, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %8 = load %struct.block_device.296192*, %struct.block_device.296192** %7, align 8 %9 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %8, i64 0, i32 16 %10 = load %struct.gendisk.296190*, %struct.gendisk.296190** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.296195**)*)(%struct.bio.296195** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #78 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %37 = icmp eq %struct.device.296127* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %36, i32 1) #78 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #78 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #78 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %54 = icmp eq %struct.device.296127* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %53, i32 1) #78 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #78 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #79 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %12 = bitcast i8** %11 to %struct.task_struct** %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %17 = and i32 %1, 3 %18 = icmp eq i32 %17, 0 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %20 = bitcast %struct.spinlock* %19 to i8* %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %24 = and i32 %1, 1 %25 = icmp eq i32 %24, 0 %26 = bitcast %struct.wait_queue_entry* %3 to i64* br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #79 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %23, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %25, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %23, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #79 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #79 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %126, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %126 %19 = tail call i32 @device_links_read_lock() #78 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %125, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #78 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #78 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #78 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %185, label %90 %91 = phi %struct.list_head* [ %123, %117 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = bitcast %struct.list_head* %92 to %struct.device** %94 = load %struct.device*, %struct.device** %93, align 8 %95 = getelementptr inbounds %struct.device, %struct.device* %94, i64 0, i32 11, i32 13, i32 0 %96 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %97 = bitcast %struct.list_head* %96 to %struct.seqcount_spinlock* %98 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %98, label %99, label %117 %100 = load volatile i32, i32* %95, align 4 %101 = icmp sgt i32 %100, 0 br i1 %101, label %102, label %117 %103 = load volatile i32, i32* %95, align 4 %104 = icmp eq i32 %103, 0 br i1 %104, label %115, label %105, !prof !8, !misexpect !9 %106 = phi i32 [ %113, %112 ], [ %103, %102 ] %107 = add i32 %106, -1 %108 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %95, i32 %107, i32* %95, i32 %106) #6, !srcloc !10 %109 = extractvalue { i8, i32 } %108, 0 %110 = and i8 %109, 1 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %115, !prof !8, !misexpect !9 %113 = extractvalue { i8, i32 } %108, 1 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %105, !prof !8, !misexpect !9 %116 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %116, label %99, label %117 %118 = load %struct.device*, %struct.device** %93, align 8 %119 = getelementptr inbounds %struct.device, %struct.device* %118, i64 0, i32 11, i32 3, i32 0, i32 0 %120 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %119) #78 %121 = tail call fastcc i32 @rpm_idle(%struct.device* %118, i32 1) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 ------------- Good: 1039 Bad: 6 Ignored: 984 Check Use of Function:ext4_fc_commit Check Use of Function:free_cgroup_ns Use: =BAD PATH= Call Stack: 0 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = bitcast %struct.ns_common* %0 to %struct.cgroup_namespace* %3 = icmp eq %struct.ns_common* %0, null br i1 %3, label %15, label %4 %5 = getelementptr inbounds %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace* nonnull %2) #78 ------------- Good: 10 Bad: 1 Ignored: 2 Check Use of Function:snd_hwdep_ioctl Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl_compat ------------- Path:  Function:snd_hwdep_ioctl_compat %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snd_hwdep** %7 = load %struct.snd_hwdep*, %struct.snd_hwdep** %6, align 8 %8 = and i64 %2, 4294967295 switch i32 %1, label %79 [ i32 -2147203072, label %9 i32 -2133047295, label %9 i32 -2143270910, label %9 i32 1079003139, label %11 ] %10 = tail call i64 @snd_hwdep_ioctl(%struct.file* %0, i32 %1, i64 %8) #78 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:truncate_pagecache_range Check Use of Function:__ext4_fc_track_link Check Use of Function:swsusp_free Check Use of Function:drm_atomic_helper_dirtyfb Check Use of Function:simple_read_from_buffer Use: =BAD PATH= Call Stack: 0 sel_read_handle_status ------------- Path:  Function:sel_read_handle_status %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.page** %7 = load %struct.page*, %struct.page** %6, align 8 %8 = icmp eq %struct.page* %7, null br i1 %8, label %9, label %10, !prof !4, !misexpect !5 %11 = load i64, i64* @vmemmap_base, align 8 %12 = ptrtoint %struct.page* %7 to i64 %13 = sub i64 %12, %11 %14 = shl i64 %13, 6 %15 = load i64, i64* @page_offset_base, align 8 %16 = add i64 %14, %15 %17 = inttoptr i64 %16 to i8* %18 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %17, i64 20) #78 ------------- Use: =BAD PATH= Call Stack: 0 u32_array_read ------------- Path:  Function:u32_array_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = load i8*, i8** %5, align 8 %7 = tail call i64 @strlen(i8* %6) #78 %8 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %6, i64 %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 auxv_read ------------- Path:  Function:auxv_read %5 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.mm_struct.177490** %7 = load %struct.mm_struct.177490*, %struct.mm_struct.177490** %6, align 8 %8 = icmp eq %struct.mm_struct.177490* %7, null br i1 %8, label %22, label %9 %10 = phi i32 [ %11, %9 ], [ 0, %4 ] %11 = add i32 %10, 2 %12 = zext i32 %10 to i64 %13 = getelementptr %struct.mm_struct.177490, %struct.mm_struct.177490* %7, i64 0, i32 0, i32 41, i64 %12 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %9 %17 = getelementptr inbounds %struct.mm_struct.177490, %struct.mm_struct.177490* %7, i64 0, i32 0, i32 41, i64 0 %18 = bitcast i64* %17 to i8* %19 = zext i32 %11 to i64 %20 = shl nuw nsw i64 %19, 3 %21 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %18, i64 %20) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_pid_attr_read ------------- Path:  Function:proc_pid_attr_read %5 = alloca i8*, align 8 %6 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 2 %7 = load %struct.inode.177454*, %struct.inode.177454** %6, align 8 %8 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %9 = getelementptr %struct.inode.177454, %struct.inode.177454* %7, i64 -1, i32 41, i32 13 %10 = bitcast %struct.list_head* %9 to %struct.pid.177248** %11 = load %struct.pid.177248*, %struct.pid.177248** %10, align 8 %12 = tail call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %11, i32 0) #78 %13 = icmp eq %struct.task_struct.177581* %12, null br i1 %13, label %42, label %14 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %9, i64 1 %16 = bitcast %struct.list_head* %15 to i8** %17 = load i8*, i8** %16, align 8 %18 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 1, i32 1 %19 = load %struct.dentry.177444*, %struct.dentry.177444** %18, align 8 %20 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %19, i64 0, i32 4, i32 1 %21 = load i8*, i8** %20, align 8 %22 = call i32 bitcast (i32 (%struct.task_struct*, i8*, i8*, i8**)* @security_getprocattr to i32 (%struct.task_struct.177581*, i8*, i8*, i8**)*)(%struct.task_struct.177581* nonnull %12, i8* %17, i8* %21, i8** nonnull %5) #78 %23 = sext i32 %22 to i64 %24 = getelementptr inbounds %struct.task_struct.177581, %struct.task_struct.177581* %12, i64 0, i32 3 %25 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 -1, i32* %25) #6, !srcloc !4 %27 = icmp eq i32 %26, 1 br i1 %27, label %33, label %28 %29 = add i32 %26, -1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !5, !misexpect !6 %35 = icmp sgt i32 %22, 0 br i1 %35, label %36, label %39 %37 = load i8*, i8** %5, align 8 %38 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %37, i64 %23) #78 ------------- Use: =BAD PATH= Call Stack: 0 bm_status_read ------------- Path:  Function:bm_status_read %5 = load i1, i1* @enabled, align 4 %6 = select i1 %5, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.6.17879, i64 0, i64 0), i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17880, i64 0, i64 0) %7 = select i1 %5, i64 9, i64 8 %8 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %6, i64 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 tlbflush_read_file ------------- Path:  Function:tlbflush_read_file %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = load i64, i64* @tlb_single_page_flush_ceiling, align 8 %8 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %6, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.4513, i64 0, i64 0), i64 %7) #78 %9 = zext i32 %8 to i64 %10 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %6, i64 %9) #79 ------------- Use: =BAD PATH= Call Stack: 0 init_pkru_read_file ------------- Path:  Function:init_pkru_read_file %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = load i32, i32* @init_pkru_value, align 4 %8 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %6, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.1.4737, i64 0, i64 0), i32 %7) #78 %9 = zext i32 %8 to i64 %10 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %6, i64 %9) #79 ------------- Use: =BAD PATH= Call Stack: 0 cpu_latency_qos_read ------------- Path:  Function:cpu_latency_qos_read %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.pm_qos_request** %8 = load %struct.pm_qos_request*, %struct.pm_qos_request** %7, align 8 %9 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %10 = icmp eq %struct.pm_qos_request* %8, null br i1 %10, label %36, label %11 %12 = getelementptr inbounds %struct.pm_qos_request, %struct.pm_qos_request* %8, i64 0, i32 1 %13 = load %struct.pm_qos_constraints*, %struct.pm_qos_constraints** %12, align 8 %14 = icmp eq %struct.pm_qos_constraints* %13, @cpu_latency_constraints br i1 %14, label %15, label %36 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @pm_qos_lock, i64 0, i32 0, i32 0)) #78 %17 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.pm_qos_constraints, %struct.pm_qos_constraints* @cpu_latency_constraints, i64 0, i32 0, i32 0, i32 0), align 8 %18 = icmp eq %struct.list_head* %17, getelementptr inbounds (%struct.pm_qos_constraints, %struct.pm_qos_constraints* @cpu_latency_constraints, i64 0, i32 0, i32 0) br i1 %18, label %19, label %21 %20 = load i32, i32* getelementptr inbounds (%struct.pm_qos_constraints, %struct.pm_qos_constraints* @cpu_latency_constraints, i64 0, i32 3), align 8 br label %33 %34 = phi i32 [ %20, %19 ], [ -1, %32 ], [ %31, %27 ], [ %26, %23 ] store i32 %34, i32* %5, align 4 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @pm_qos_lock, i64 0, i32 0, i32 0), i64 %16) #78 %35 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %9, i64 4) #78 ------------- Use: =BAD PATH= Call Stack: 0 read_enabled_file_bool ------------- Path:  Function:read_enabled_file_bool %5 = alloca [3 x i8], align 1 %6 = getelementptr inbounds [3 x i8], [3 x i8]* %5, i64 0, i64 0 %7 = load i1, i1* @kprobes_all_disarmed, align 1 %8 = select i1 %7, i8 48, i8 49 store i8 %8, i8* %6, align 1 %9 = getelementptr inbounds [3 x i8], [3 x i8]* %5, i64 0, i64 1 store i8 10, i8* %9, align 1 %10 = getelementptr inbounds [3 x i8], [3 x i8]* %5, i64 0, i64 2 store i8 0, i8* %10, align 1 %11 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %6, i64 2) #78 ------------- Use: =BAD PATH= Call Stack: 0 trace_options_read ------------- Path:  Function:trace_options_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_option_dentry** %7 = load %struct.trace_option_dentry*, %struct.trace_option_dentry** %6, align 8 %8 = getelementptr inbounds %struct.trace_option_dentry, %struct.trace_option_dentry* %7, i64 0, i32 1 %9 = load %struct.tracer_flags*, %struct.tracer_flags** %8, align 8 %10 = getelementptr inbounds %struct.tracer_flags, %struct.tracer_flags* %9, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = getelementptr inbounds %struct.trace_option_dentry, %struct.trace_option_dentry* %7, i64 0, i32 0 %13 = load %struct.uuidcmp*, %struct.uuidcmp** %12, align 8 %14 = getelementptr inbounds %struct.uuidcmp, %struct.uuidcmp* %13, i64 0, i32 1 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, %11 %17 = icmp eq i32 %16, 0 %18 = select i1 %17, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.138.11222, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.137.11223, i64 0, i64 0) %19 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %18, i64 2) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_readme_read ------------- Path:  Function:tracing_readme_read %5 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* getelementptr inbounds ([4692 x i8], [4692 x i8]* @readme_msg, i64 0, i64 0), i64 4691) #78 ------------- Use: =BAD PATH= Call Stack: 0 trace_options_core_read ------------- Path:  Function:trace_options_core_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = load i8*, i8** %5, align 8 %7 = load i8, i8* %6, align 1 %8 = zext i8 %7 to i32 %9 = zext i8 %7 to i64 %10 = sub nsw i64 0, %9 %11 = getelementptr i8, i8* %6, i64 %10 %12 = getelementptr i8, i8* %11, i64 -124 %13 = getelementptr inbounds i8, i8* %12, i64 120 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = shl nuw i32 1, %8 %17 = and i32 %16, %15 %18 = icmp eq i32 %17, 0 %19 = select i1 %18, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.138.11222, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.137.11223, i64 0, i64 0) %20 = tail call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* %19, i64 2) #78 ------------- Use: =BAD PATH= Call Stack: 0 buffer_percent_read ------------- Path:  Function:buffer_percent_read %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 11 %11 = load i32, i32* %10, align 8 %12 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %9, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.175.11299, i64 0, i64 0), i32 %11) #78 %13 = sext i32 %12 to i64 %14 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %9, i64 %13) #79 ------------- Use: =BAD PATH= Call Stack: 0 rb_simple_read ------------- Path:  Function:rb_simple_read %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %10 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %11 = load %struct.trace_buffer*, %struct.trace_buffer** %10, align 8 %12 = icmp eq %struct.trace_buffer* %11, null br i1 %12, label %15, label %13 %14 = tail call zeroext i1 @ring_buffer_record_is_on(%struct.trace_buffer* nonnull %11) #78 br label %19 %20 = phi i1 [ %14, %13 ], [ %18, %15 ] %21 = zext i1 %20 to i32 %22 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %9, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.175.11299, i64 0, i64 0), i32 %21) #79 %23 = sext i32 %22 to i64 %24 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %9, i64 %23) #78 ------------- Use: =BAD PATH= Call Stack: 0 event_id_read ------------- Path:  Function:event_id_read %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds %struct.file.108861, %struct.file.108861* %0, i64 0, i32 2 %7 = load %struct.inode.108911*, %struct.inode.108911** %6, align 8 %8 = getelementptr inbounds %struct.inode.108911, %struct.inode.108911* %7, i64 0, i32 47 %9 = load volatile i8*, i8** %8, align 8 %10 = ptrtoint i8* %9 to i64 %11 = trunc i64 %10 to i32 %12 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %13 = icmp eq i32 %11, 0 br i1 %13, label %18, label %14, !prof !4, !misexpect !5 %15 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %12, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.36.11727, i64 0, i64 0), i32 %11) #78 %16 = sext i32 %15 to i64 %17 = call i64 @simple_read_from_buffer(i8* %1, i64 %2, i64* %3, i8* nonnull %12, i64 %16) #79 ------------- Good: 43 Bad: 15 Ignored: 13 Check Use of Function:snapshot_image_loaded Check Use of Function:cgroup_can_fork Check Use of Function:selinux_netlbl_cache_invalidate Check Use of Function:ww_mutex_lock_interruptible Use: =BAD PATH= Call Stack: 0 i915_gem_madvise_ioctl ------------- Path:  Function:i915_gem_madvise_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 4 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp ult i32 %6, 2 br i1 %7, label %8, label %179 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #78 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.449204* %15 = icmp eq i8* %13, null br i1 %15, label %40, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !5 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !6, !misexpect !7 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #78 br label %37 %38 = icmp eq i32 %32, 0 %39 = select i1 %38, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %14 br label %40 %41 = phi %struct.drm_i915_gem_object.449204* [ null, %8 ], [ %39, %37 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %42 = icmp eq %struct.drm_i915_gem_object.449204* %41, null br i1 %42, label %179, label %43 %44 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %41, i64 0, i32 0, i32 0, i32 0, i32 9 %45 = load %struct.dma_resv*, %struct.dma_resv** %44, align 8 %46 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %45, i64 0, i32 0 %47 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %46, %struct.ww_acquire_ctx* null) #78 ------------- Use: =BAD PATH= Call Stack: 0 __assign_mmap_offset_handle 1 i915_gem_mmap_offset_ioctl ------------- Path:  Function:i915_gem_mmap_offset_ioctl %4 = getelementptr inbounds i8, i8* %1, i64 24 %5 = bitcast i8* %4 to %struct.i915_user_extension** %6 = load %struct.i915_user_extension*, %struct.i915_user_extension** %5, align 8 %7 = tail call i32 @i915_user_extensions(%struct.i915_user_extension* %6, i32 (%struct.i915_user_extension*, i8*)** null, i32 0, i8* null) #78 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %35 %10 = getelementptr inbounds i8, i8* %1, i64 16 %11 = bitcast i8* %10 to i64* %12 = load i64, i64* %11, align 8 switch i64 %12, label %35 [ i64 0, label %13 i64 1, label %19 i64 2, label %28 i64 3, label %23 i64 4, label %27 ] %14 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 14, i32 30, i32 37 %15 = getelementptr inbounds %struct.drm_property.382312*, %struct.drm_property.382312** %14, i64 88 %16 = bitcast %struct.drm_property.382312** %15 to i64* %17 = load i64, i64* %16, align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %35, label %28 %29 = phi i32 [ 4, %27 ], [ 0, %13 ], [ 1, %19 ], [ 2, %9 ], [ 3, %23 ] %30 = bitcast i8* %1 to i32* %31 = load i32, i32* %30, align 8 %32 = getelementptr inbounds i8, i8* %1, i64 8 %33 = bitcast i8* %32 to i64* %34 = tail call fastcc i32 @__assign_mmap_offset_handle(%struct.drm_file* %2, i32 %31, i32 %29, i64* %33) #79 Function:__assign_mmap_offset_handle tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %0, i64 0, i32 14 %6 = zext i32 %1 to i64 %7 = tail call i8* @idr_find(%struct.idr* %5, i64 %6) #78 %8 = bitcast i8* %7 to %struct.drm_i915_gem_object.449204* %9 = icmp eq i8* %7, null br i1 %9, label %34, label %10 %11 = bitcast i8* %7 to %struct.seqcount_spinlock* %12 = bitcast i8* %7 to i32* %13 = load volatile i32, i32* %12, align 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %25, label %15 %16 = phi i32 [ %23, %22 ], [ %13, %10 ] %17 = add i32 %16, 1 %18 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %12, i32 %17, i32* nonnull %12, i32 %16) #6, !srcloc !5 %19 = extractvalue { i8, i32 } %18, 0 %20 = and i8 %19, 1 %21 = icmp eq i8 %20, 0 br i1 %21, label %22, label %25, !prof !6, !misexpect !7 %23 = extractvalue { i8, i32 } %18, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %15 %26 = phi i32 [ 0, %10 ], [ %16, %15 ], [ 0, %22 ] %27 = add i32 %26, 1 %28 = or i32 %27, %26 %29 = icmp sgt i32 %28, -1 br i1 %29, label %31, label %30, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %11, i32 0) #78 br label %31 %32 = icmp eq i32 %26, 0 %33 = select i1 %32, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %8 br label %34 %35 = phi %struct.drm_i915_gem_object.449204* [ null, %4 ], [ %33, %31 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.drm_i915_gem_object.449204* %35, null br i1 %36, label %231, label %37 %38 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %35, i64 0, i32 0, i32 0, i32 0, i32 9 %39 = load %struct.dma_resv*, %struct.dma_resv** %38, align 8 %40 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %39, i64 0, i32 0 %41 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %40, %struct.ww_acquire_ctx* null) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %134 %10 = getelementptr inbounds i8, i8* %1, i64 4 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 switch i32 %12, label %134 [ i32 0, label %21 i32 1, label %13 i32 2, label %16 ] %14 = and i24 %6, 525312 %15 = icmp eq i24 %14, 0 br i1 %15, label %134, label %21 %22 = phi i32 [ %20, %16 ], [ %12, %9 ], [ 1, %13 ] %23 = bitcast i8* %1 to i32* %24 = load i32, i32* %23, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %26 = zext i32 %24 to i64 %27 = tail call i8* @idr_find(%struct.idr* %25, i64 %26) #78 %28 = bitcast i8* %27 to %struct.drm_i915_gem_object.486916* %29 = icmp eq i8* %27, null br i1 %29, label %54, label %30 %31 = bitcast i8* %27 to %struct.seqcount_spinlock* %32 = bitcast i8* %27 to i32* %33 = load volatile i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %45, label %35 %36 = phi i32 [ %43, %42 ], [ %33, %30 ] %37 = add i32 %36, 1 %38 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %32, i32 %37, i32* nonnull %32, i32 %36) #6, !srcloc !5 %39 = extractvalue { i8, i32 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %43 = extractvalue { i8, i32 } %38, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %35 %46 = phi i32 [ 0, %30 ], [ %36, %35 ], [ 0, %42 ] %47 = add i32 %46, 1 %48 = or i32 %47, %46 %49 = icmp sgt i32 %48, -1 br i1 %49, label %51, label %50, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %31, i32 0) #78 br label %51 %52 = icmp eq i32 %46, 0 %53 = select i1 %52, %struct.drm_i915_gem_object.486916* null, %struct.drm_i915_gem_object.486916* %28 br label %54 %55 = phi %struct.drm_i915_gem_object.486916* [ null, %21 ], [ %53, %51 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %56 = icmp eq %struct.drm_i915_gem_object.486916* %55, null br i1 %56, label %134, label %57 %58 = getelementptr inbounds %struct.drm_i915_gem_object.486916, %struct.drm_i915_gem_object.486916* %55, i64 0, i32 1 %59 = load %struct.drm_i915_gem_object_ops.486903*, %struct.drm_i915_gem_object_ops.486903** %58, align 8 %60 = getelementptr inbounds %struct.drm_i915_gem_object_ops.486903, %struct.drm_i915_gem_object_ops.486903* %59, i64 0, i32 0 %61 = load i32, i32* %60, align 8 %62 = and i32 %61, 4 %63 = icmp eq i32 %62, 0 br i1 %63, label %72, label %64 %73 = getelementptr inbounds %struct.drm_i915_gem_object.486916, %struct.drm_i915_gem_object.486916* %55, i64 0, i32 0, i32 0, i32 0, i32 9 %74 = load %struct.dma_resv*, %struct.dma_resv** %73, align 8 %75 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %74, i64 0, i32 0 %76 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %75, %struct.ww_acquire_ctx* null) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_single_interruptible 1 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.438758** %8 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %7, align 8 store i8 0, i8* %5, align 1 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.438758* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.438595* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #78 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_modeset_lock_single_interruptible 1 crtc_crc_open ------------- Path:  Function:crtc_crc_open %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %5 = bitcast i8** %4 to %struct.drm_crtc.411393** %6 = load %struct.drm_crtc.411393*, %struct.drm_crtc.411393** %5, align 8 %7 = getelementptr inbounds %struct.drm_crtc.411393, %struct.drm_crtc.411393* %6, i64 0, i32 26 %8 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %9 = getelementptr inbounds %struct.drm_crtc.411393, %struct.drm_crtc.411393* %6, i64 0, i32 0 %10 = load %struct.drm_device.382396*, %struct.drm_device.382396** %9, align 8 %11 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %10, i64 0, i32 4 %12 = load %struct.drm_driver*, %struct.drm_driver** %11, align 8 %13 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %12, i64 0, i32 24 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %10, i64 0, i32 10 %16 = load i32, i32* %15, align 8 %17 = and i32 %14, 16 %18 = and i32 %17, %16 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %28 %21 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %10, i64 0, i32 30, i32 27 %22 = load %struct.drm_mode_config_funcs.382377*, %struct.drm_mode_config_funcs.382377** %21, align 8 %23 = icmp eq %struct.drm_mode_config_funcs.382377* %22, null br i1 %23, label %38, label %24 %25 = getelementptr inbounds %struct.drm_mode_config_funcs.382377, %struct.drm_mode_config_funcs.382377* %22, i64 0, i32 5 %26 = load i32 (%struct.drm_device.382396*, %struct.drm_atomic_state.382376*, i1)*, i32 (%struct.drm_device.382396*, %struct.drm_atomic_state.382376*, i1)** %25, align 8 %27 = icmp eq i32 (%struct.drm_device.382396*, %struct.drm_atomic_state.382376*, i1)* %26, null br i1 %27, label %38, label %28 %29 = getelementptr inbounds %struct.drm_crtc.411393, %struct.drm_crtc.411393* %6, i64 0, i32 4 %30 = tail call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %29) #78 Function:drm_modeset_lock_single_interruptible %2 = getelementptr inbounds %struct.drm_modeset_lock, %struct.drm_modeset_lock* %0, i64 0, i32 0 %3 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %2, %struct.ww_acquire_ctx* null) #78 ------------- Good: 229 Bad: 5 Ignored: 217 Check Use of Function:cgroup_enter_frozen Check Use of Function:ext4_es_unregister_shrinker Check Use of Function:proc_reg_unlocked_ioctl Check Use of Function:sock_ioctl Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.ifreq, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 4 %10 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %11 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %10, align 32 %12 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %11, i64 0, i32 10 %13 = load i32 (%struct.socket.273619*, i32, i64)*, i32 (%struct.socket.273619*, i32, i64)** %12, align 8 %14 = icmp eq i32 (%struct.socket.273619*, i32, i64)* %13, null br i1 %14, label %17, label %15 %18 = phi i32 [ %16, %15 ], [ -515, %3 ] %19 = icmp eq i32 %18, -515 %20 = and i32 %1, -256 %21 = icmp eq i32 %20, 35584 %22 = and i1 %21, %19 %23 = xor i1 %19, true %24 = or i1 %21, %23 %25 = select i1 %22, i32 -22, i32 %18 br i1 %24, label %144, label %26 %27 = and i64 %2, 4294967295 %28 = inttoptr i64 %27 to i8* %29 = load %struct.sock.273622*, %struct.sock.273622** %9, align 8 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %29, i64 0, i32 0, i32 9, i32 0 %31 = load %struct.net.273693*, %struct.net.273693** %30, align 8 %32 = and i32 %1, -16 %33 = icmp eq i32 %32, 35312 br i1 %33, label %34, label %37 switch i32 %1, label %144 [ i32 35137, label %38 i32 35136, label %38 i32 35146, label %51 i32 35078, label %96 i32 35079, label %96 i32 35142, label %104 i32 35219, label %104 i32 35220, label %104 i32 35248, label %104 i32 35249, label %104 i32 35073, label %138 i32 35074, label %138 i32 35075, label %138 i32 35076, label %138 i32 35232, label %138 i32 35233, label %138 i32 35202, label %138 i32 35203, label %138 i32 35148, label %138 i32 -2146399994, label %138 i32 -2146399993, label %138 i32 35090, label %138 i32 35091, label %141 i32 35092, label %141 i32 35184, label %141 i32 35185, label %141 i32 35101, label %141 i32 35102, label %141 i32 35105, label %141 i32 35106, label %141 i32 35103, label %141 i32 35104, label %141 i32 35111, label %141 i32 35108, label %141 i32 35121, label %141 i32 35122, label %141 i32 35123, label %141 i32 35093, label %141 i32 35094, label %141 i32 35127, label %141 i32 35126, label %141 i32 35097, label %141 i32 35098, label %141 i32 35095, label %141 i32 35096, label %141 i32 35099, label %141 i32 35100, label %141 i32 35124, label %141 i32 35125, label %141 i32 35138, label %141 i32 35139, label %141 i32 35234, label %141 i32 35235, label %141 i32 35088, label %141 i32 35107, label %141 i32 35143, label %141 i32 35144, label %141 i32 35145, label %141 i32 35216, label %141 i32 35217, label %141 i32 35218, label %141 i32 35221, label %141 i32 35157, label %141 i32 35156, label %141 i32 35155, label %141 i32 21521, label %141 i32 35147, label %141 i32 35077, label %141 ] %139 = tail call i64 @sock_ioctl(%struct.file.273585* %0, i32 %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.ifreq, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 4 %10 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %11 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %10, align 32 %12 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %11, i64 0, i32 10 %13 = load i32 (%struct.socket.273619*, i32, i64)*, i32 (%struct.socket.273619*, i32, i64)** %12, align 8 %14 = icmp eq i32 (%struct.socket.273619*, i32, i64)* %13, null br i1 %14, label %17, label %15 %18 = phi i32 [ %16, %15 ], [ -515, %3 ] %19 = icmp eq i32 %18, -515 %20 = and i32 %1, -256 %21 = icmp eq i32 %20, 35584 %22 = and i1 %21, %19 %23 = xor i1 %19, true %24 = or i1 %21, %23 %25 = select i1 %22, i32 -22, i32 %18 br i1 %24, label %144, label %26 %27 = and i64 %2, 4294967295 %28 = inttoptr i64 %27 to i8* %29 = load %struct.sock.273622*, %struct.sock.273622** %9, align 8 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %29, i64 0, i32 0, i32 9, i32 0 %31 = load %struct.net.273693*, %struct.net.273693** %30, align 8 %32 = and i32 %1, -16 %33 = icmp eq i32 %32, 35312 br i1 %33, label %34, label %37 %35 = tail call i64 @sock_ioctl(%struct.file.273585* %0, i32 %1, i64 %27) #78 ------------- Good: 6 Bad: 2 Ignored: 3 Check Use of Function:ieee80211_stop_tx_ba_cb Check Use of Function:proc_lookupfd Check Use of Function:__init_swait_queue_head Use: =BAD PATH= Call Stack: 0 cache_check 1 c_show.69538 ------------- Path:  Function:c_show.69538 %3 = alloca %struct.cpu_itimer, align 8 %4 = bitcast i8* %1 to %struct.cache_head* %5 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.cache_detail** %7 = load %struct.cache_detail*, %struct.cache_detail** %6, align 8 %8 = icmp eq i8* %1, inttoptr (i64 1 to i8*) br i1 %8, label %9, label %13 %14 = getelementptr inbounds i8, i8* %1, i64 32 %15 = bitcast i8* %14 to %struct.qspinlock* %16 = bitcast i8* %14 to %struct.seqcount_spinlock* %17 = bitcast i8* %14 to i32* %18 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 1, i32* %17) #6, !srcloc !4 %19 = icmp eq i32 %18, 0 br i1 %19, label %24, label %20, !prof !5, !misexpect !6 %21 = add i32 %18, 1 %22 = or i32 %21, %18 %23 = icmp sgt i32 %22, -1 br i1 %23, label %26, label %24, !prof !7, !misexpect !6 %25 = phi i32 [ 2, %13 ], [ 1, %20 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %16, i32 %25) #78 br label %26 %27 = tail call i32 @cache_check(%struct.cache_detail* %7, %struct.cache_head* %4, %struct.cache_req* null) #79 Function:cache_check %4 = alloca %struct.thread_deferred_req, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.cache_head, %struct.cache_head* %1, i64 0, i32 4 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 1 %9 = icmp eq i64 %8, 0 br i1 %9, label %15, label %10 %16 = phi i1 [ true, %3 ], [ false, %10 ], [ false, %14 ] %17 = phi i32 [ -11, %3 ], [ -2, %10 ], [ 0, %14 ] %18 = getelementptr inbounds %struct.cache_head, %struct.cache_head* %1, i64 0, i32 1 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.cache_head, %struct.cache_head* %1, i64 0, i32 2 %21 = load i64, i64* %20, align 8 %22 = sub i64 %19, %21 %23 = bitcast %struct.cpu_itimer* %5 to i8* call void @getboottime64(%struct.cpu_itimer* nonnull %5) #78 %24 = call i64 @ktime_get_real_seconds() #78 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = sub i64 %24, %26 %28 = load i64, i64* %20, align 8 %29 = sub i64 %27, %28 %30 = icmp eq %struct.cache_req* %2, null br i1 %30, label %31, label %32 br i1 %16, label %39, label %33 %34 = load i64, i64* %18, align 8 %35 = icmp ne i64 %34, 0 %36 = sdiv i64 %22, 2 %37 = icmp sgt i64 %29, %36 %38 = and i1 %37, %35 br i1 %38, label %39, label %193 %40 = getelementptr inbounds %struct.cache_detail, %struct.cache_detail* %0, i64 0, i32 6 %41 = load i32 (%struct.cache_detail*, %struct.cache_head*)*, i32 (%struct.cache_detail*, %struct.cache_head*)** %40, align 8 %42 = call i32 %41(%struct.cache_detail* %0, %struct.cache_head* %1) #78 switch i32 %42, label %46 [ i32 -22, label %43 i32 -11, label %45 ] %47 = phi i32 [ %17, %39 ], [ %17, %45 ], [ %44, %43 ] %48 = icmp eq i32 %47, -11 br i1 %48, label %49, label %193 %50 = getelementptr inbounds %struct.cache_req, %struct.cache_req* %2, i64 0, i32 1 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %107, label %53 %54 = bitcast %struct.thread_deferred_req* %4 to i8* %55 = getelementptr inbounds %struct.thread_deferred_req, %struct.thread_deferred_req* %4, i64 0, i32 1 %56 = getelementptr inbounds %struct.thread_deferred_req, %struct.thread_deferred_req* %4, i64 0, i32 1, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %56, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.3.69542, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.69543) #78 ------------- Use: =BAD PATH= Call Stack: 0 rdmsr_safe_on_cpu 1 msr_read ------------- Path:  Function:msr_read %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 13 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1048575 %14 = and i64 %2, 7 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %45 %17 = bitcast i64* %5 to [2 x i32]* %18 = bitcast i64* %5 to i32* %19 = getelementptr inbounds [2 x i32], [2 x i32]* %17, i64 0, i64 1 %20 = icmp eq i64 %2, 0 br i1 %20, label %43, label %21 %22 = bitcast i8* %1 to i32* br label %23 %24 = phi i64 [ %35, %33 ], [ 0, %21 ] %25 = phi i32* [ %34, %33 ], [ %22, %21 ] %26 = phi i64 [ %36, %33 ], [ %2, %21 ] %27 = call i32 @rdmsr_safe_on_cpu(i32 %13, i32 %8, i32* nonnull %18, i32* %19) #78 Function:rdmsr_safe_on_cpu %5 = alloca %struct.msr_info_completion, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.msr_info_completion* %5 to i8* %8 = bitcast %struct.__call_single_data* %6 to i8* %9 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %10 = bitcast %struct.__call_single_data* %6 to i8* store void (i8*)* @__rdmsr_safe_on_cpu, void (i8*)** %9, align 16 %11 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %12 = bitcast i8** %11 to %struct.msr_info_completion** store %struct.msr_info_completion* %5, %struct.msr_info_completion** %12, align 8 %13 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 1, i32 1 %14 = bitcast %struct.msr_info_completion* %5 to i8* call void @__init_swait_queue_head(%struct.swait_queue_head* %13, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.1.28507, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.28508) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __ia32_sys_io_destroy ------------- Path:  Function:__ia32_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_io_destroy(i64 %4) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_io_destroy 1 __x64_sys_io_destroy ------------- Path:  Function:__x64_sys_io_destroy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_io_destroy(i64 %3) #78 Function:__se_sys_io_destroy %2 = alloca %struct.ctx_rq_wait, align 8 %3 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %4 = icmp eq %struct.kioctx* %3, null br i1 %4, label %38, label %5, !prof !4, !misexpect !5 %6 = bitcast %struct.ctx_rq_wait* %2 to i8* %7 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0 %8 = getelementptr inbounds %struct.ctx_rq_wait, %struct.ctx_rq_wait* %2, i64 0, i32 0, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %8, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.17698, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.17699) #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuid_read ------------- Path:  Function:cpuid_read %5 = alloca %struct.cpuid_regs_done, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.cpuid_regs_done* %5 to i8* %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %9, i64 0, i32 13 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1048575 %13 = and i64 %2, 15 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %57 %16 = load i64, i64* %3, align 8 %17 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1 %18 = getelementptr inbounds %struct.completion, %struct.completion* %17, i64 0, i32 0 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %19, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.4.3489, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key) #78 ------------- Use: =BAD PATH= Call Stack: 0 __flush_work 1 flush_delayed_work 2 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.438758** %12 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %11, align 8 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #79 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39851, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #78 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %72 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.438758* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.39858, i64 0, i64 0)) #78 br label %50 %51 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 25 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %52) #78 %53 = load i32, i32* %5, align 4 %54 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 12 store i32 %53, i32* %54, align 4 %55 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 1, i32 1 store i32 0, i32* %55, align 8 %56 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 2, i32 1 store i32 0, i32* %56, align 8 %57 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 3, i32 1 store i32 0, i32* %57, align 8 %58 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 4, i32 1 store i32 0, i32* %58, align 8 %59 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 5, i32 1 store i32 0, i32* %59, align 8 %60 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 6, i32 1 store i32 0, i32* %60, align 8 %61 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 7, i32 1 store i32 0, i32* %61, align 8 %62 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 8, i32 1 store i32 0, i32* %62, align 8 %63 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 9, i32 1 store i32 0, i32* %63, align 8 %64 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 10, i32 1 store i32 0, i32* %64, align 8 %65 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 11, i32 1 store i32 0, i32* %65, align 8 %66 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 12, i32 1 store i32 0, i32* %66, align 8 %67 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 13, i32 1 store i32 0, i32* %67, align 8 %68 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 14, i32 1 store i32 0, i32* %68, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %69 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %69, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %70 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 6 %71 = call zeroext i1 @flush_delayed_work(%struct.delayed_work* %70) #78 Function:flush_delayed_work tail call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 1 %3 = tail call i32 @del_timer_sync(%struct.timer_list* %2) #78 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %12 = getelementptr inbounds %struct.delayed_work, %struct.delayed_work* %0, i64 0, i32 0 %13 = tail call fastcc zeroext i1 @__flush_work(%struct.work_struct* %12, i1 zeroext false) #78 Function:__flush_work %3 = alloca %struct.wq_barrier, align 8 %4 = bitcast %struct.wq_barrier* %3 to i8* %5 = load i1, i1* @wq_online, align 1 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 2 %9 = load void (%struct.work_struct*)*, void (%struct.work_struct*)** %8, align 8 %10 = icmp eq void (%struct.work_struct*)* %9, null br i1 %10, label %11, label %12, !prof !7, !misexpect !5 %13 = tail call i32 @__cond_resched() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %14 = getelementptr inbounds %struct.work_struct, %struct.work_struct* %0, i64 0, i32 0, i32 0 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 4 %17 = icmp eq i64 %16, 0 br i1 %17, label %23, label %18 %24 = lshr i64 %15, 5 %25 = trunc i64 %24 to i32 %26 = icmp eq i32 %25, 2147483647 br i1 %26, label %35, label %27 %28 = shl i64 %24, 32 %29 = ashr exact i64 %28, 32 %30 = tail call i8* @idr_find(%struct.idr* nonnull @worker_pool_idr, i64 %29) #78 %31 = bitcast i8* %30 to %struct.worker_pool* br label %32 %33 = phi %struct.worker_pool* [ %22, %18 ], [ %31, %27 ] %34 = icmp eq %struct.worker_pool* %33, null br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.worker_pool, %struct.worker_pool* %33, i64 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %37) #78 %38 = load volatile i64, i64* %14, align 8 %39 = and i64 %38, 4 %40 = icmp eq i64 %39, 0 %41 = and i64 %38, -256 %42 = inttoptr i64 %41 to %struct.pool_workqueue* %43 = select i1 %40, %struct.pool_workqueue* null, %struct.pool_workqueue* %42 %44 = icmp eq %struct.pool_workqueue* %43, null br i1 %44, label %49, label %45 %50 = ptrtoint %struct.work_struct* %0 to i64 %51 = mul i64 %50, 7046029254386353131 %52 = lshr i64 %51, 58 %53 = getelementptr %struct.worker_pool, %struct.worker_pool* %33, i64 0, i32 12, i64 %52, i32 0 %54 = bitcast %struct.hlist_node** %53 to %struct.worker** %55 = load %struct.worker*, %struct.worker** %54, align 8 %56 = icmp eq %struct.worker* %55, null br i1 %56, label %152, label %57 %58 = phi %struct.worker* [ %69, %67 ], [ %55, %49 ] %59 = getelementptr inbounds %struct.worker, %struct.worker* %58, i64 0, i32 1 %60 = load %struct.work_struct*, %struct.work_struct** %59, align 8 %61 = icmp eq %struct.work_struct* %60, %0 br i1 %61, label %62, label %67 %63 = getelementptr inbounds %struct.worker, %struct.worker* %58, i64 0, i32 2 %64 = load void (%struct.work_struct*)*, void (%struct.work_struct*)** %63, align 8 %65 = load void (%struct.work_struct*)*, void (%struct.work_struct*)** %8, align 8 %66 = icmp eq void (%struct.work_struct*)* %64, %65 br i1 %66, label %71, label %67 %72 = getelementptr inbounds %struct.worker, %struct.worker* %58, i64 0, i32 3 %73 = load %struct.pool_workqueue*, %struct.pool_workqueue** %72, align 8 br label %74 %75 = phi %struct.worker* [ null, %45 ], [ %58, %71 ] %76 = phi %struct.pool_workqueue* [ %43, %45 ], [ %73, %71 ] %77 = getelementptr inbounds %struct.pool_workqueue, %struct.pool_workqueue* %76, i64 0, i32 1 %78 = load %struct.workqueue_struct*, %struct.workqueue_struct** %77, align 8 tail call fastcc void @check_flush_dependency(%struct.workqueue_struct* %78, %struct.work_struct* %0) #78 %79 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 0, i32 0, i32 0 store i64 68719476704, i64* %79, align 8 %80 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 0, i32 1 %81 = getelementptr inbounds %struct.list_head, %struct.list_head* %80, i64 0, i32 0 store volatile %struct.list_head* %80, %struct.list_head** %81, align 8 %82 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 0, i32 1, i32 1 store volatile %struct.list_head* %80, %struct.list_head** %82, align 8 %83 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 0, i32 2 store void (%struct.work_struct*)* @wq_barrier_func, void (%struct.work_struct*)** %83, align 8 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %79, i64 0) #6, !srcloc !11 %84 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 1, i32 0 store i32 0, i32* %84, align 8 %85 = getelementptr inbounds %struct.wq_barrier, %struct.wq_barrier* %3, i64 0, i32 1, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %85, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.44.5853, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.5854) #78 ------------- Use: =BAD PATH= Call Stack: 0 flush_workqueue 1 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %28, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -952 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %18 = bitcast i8* %12 to i8** %19 = load i8*, i8** %18, align 8 %20 = icmp eq i8* %19, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %20, label %28, label %11 %29 = phi %struct.mddev* [ null, %21 ], [ %25, %24 ], [ null, %2 ], [ null, %17 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %30 = icmp eq %struct.mddev* %29, null br i1 %30, label %140, label %31 %32 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 11 %33 = load %struct.gendisk.296190*, %struct.gendisk.296190** %32, align 8 %34 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 16 %35 = load %struct.gendisk.296190*, %struct.gendisk.296190** %34, align 8 %36 = icmp eq %struct.gendisk.296190* %33, %35 br i1 %36, label %82, label %37 %38 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 61 %39 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %38, %struct.spinlock* nonnull @all_mddevs_lock) #78 %40 = icmp eq i32 %39, 0 br i1 %40, label %75, label %41 %76 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 75, i32 0, i32 0 %77 = load volatile i64, i64* %76, align 8 %78 = and i64 %77, 1 %79 = icmp eq i64 %78, 0 br i1 %79, label %140, label %80 %81 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %81) #78 Function:flush_workqueue %2 = alloca %struct.wq_flusher, align 8 %3 = bitcast %struct.wq_flusher* %2 to i8* %4 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0 %5 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 0 store %struct.list_head* %4, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 1 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 1 store i32 -1, i32* %7, align 8 %8 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.completion, %struct.completion* %8, i64 0, i32 0 store i32 0, i32* %9, align 8 %10 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %10, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.44.5853, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.5854) #78 ------------- Use: =BAD PATH= Call Stack: 0 flush_workqueue 1 md_ioctl 2 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.296192* %0, i32 %1, i32 %2, i64 %8) #78 Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.uid_gid_extent, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1050 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 16 %29 = load %struct.gendisk.296190*, %struct.gendisk.296190** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %378 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %331 i32 2344, label %331 i32 2338, label %348 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %332 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %333 %334 = phi %struct.list_head* [ %332, %331 ], [ %336, %338 ] %335 = getelementptr %struct.list_head, %struct.list_head* %334, i64 0, i32 0 %336 = load volatile %struct.list_head*, %struct.list_head** %335, align 8 %337 = icmp eq %struct.list_head* %336, %332 br i1 %337, label %346, label %338 %339 = getelementptr inbounds %struct.list_head, %struct.list_head* %336, i64 17 %340 = bitcast %struct.list_head* %339 to i64* %341 = load volatile i64, i64* %340, align 8 %342 = and i64 %341, 1 %343 = icmp eq i64 %342, 0 br i1 %343, label %333, label %344 %345 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %345) #78 Function:flush_workqueue %2 = alloca %struct.wq_flusher, align 8 %3 = bitcast %struct.wq_flusher* %2 to i8* %4 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0 %5 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 0 store %struct.list_head* %4, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 1 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 1 store i32 -1, i32* %7, align 8 %8 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.completion, %struct.completion* %8, i64 0, i32 0 store i32 0, i32* %9, align 8 %10 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %10, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.44.5853, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.5854) #78 ------------- Use: =BAD PATH= Call Stack: 0 flush_workqueue 1 md_ioctl ------------- Path:  Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.uid_gid_extent, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1050 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 16 %29 = load %struct.gendisk.296190*, %struct.gendisk.296190** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %378 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %331 i32 2344, label %331 i32 2338, label %348 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %332 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %333 %334 = phi %struct.list_head* [ %332, %331 ], [ %336, %338 ] %335 = getelementptr %struct.list_head, %struct.list_head* %334, i64 0, i32 0 %336 = load volatile %struct.list_head*, %struct.list_head** %335, align 8 %337 = icmp eq %struct.list_head* %336, %332 br i1 %337, label %346, label %338 %339 = getelementptr inbounds %struct.list_head, %struct.list_head* %336, i64 17 %340 = bitcast %struct.list_head* %339 to i64* %341 = load volatile i64, i64* %340, align 8 %342 = and i64 %341, 1 %343 = icmp eq i64 %342, 0 br i1 %343, label %333, label %344 %345 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %345) #78 Function:flush_workqueue %2 = alloca %struct.wq_flusher, align 8 %3 = bitcast %struct.wq_flusher* %2 to i8* %4 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0 %5 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 0 store %struct.list_head* %4, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 0, i32 1 store %struct.list_head* %4, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 1 store i32 -1, i32* %7, align 8 %8 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2 %9 = getelementptr inbounds %struct.completion, %struct.completion* %8, i64 0, i32 0 store i32 0, i32* %9, align 8 %10 = getelementptr inbounds %struct.wq_flusher, %struct.wq_flusher* %2, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %10, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.44.5853, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.5854) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 sk_filter_trim_cap 4 sock_queue_rcv_skb 5 ping_queue_rcv_skb ------------- Path:  Function:ping_queue_rcv_skb %3 = tail call i32 bitcast (i32 (%struct.sock.273622*, %struct.sk_buff.273360*)* @sock_queue_rcv_skb to i32 (%struct.sock*, %struct.sk_buff*)*)(%struct.sock* %0, %struct.sk_buff* %1) #78 Function:sock_queue_rcv_skb %3 = tail call i32 bitcast (i32 (%struct.sock.767877*, %struct.sk_buff.767837*, i32)* @sk_filter_trim_cap to i32 (%struct.sock.273622*, %struct.sk_buff.273360*, i32)*)(%struct.sock.273622* %0, %struct.sk_buff.273360* %1, i32 1) #78 Function:sk_filter_trim_cap %4 = alloca [20 x i8], align 16 %5 = getelementptr inbounds %struct.sk_buff.767837, %struct.sk_buff.767837* %1, i64 0, i32 12 %6 = load i8, i8* %5, align 2 %7 = and i8 %6, 64 %8 = icmp eq i8 %7, 0 br i1 %8, label %20, label %9 %10 = getelementptr inbounds %struct.sock.767877, %struct.sock.767877* %0, i64 0, i32 0, i32 13, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 16384 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %20 %21 = tail call i32 bitcast (i32 (%struct.sock*, %struct.sk_buff*)* @security_sock_rcv_skb to i32 (%struct.sock.767877*, %struct.sk_buff.767837*)*)(%struct.sock.767877* %0, %struct.sk_buff.767837* %1) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %94 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = getelementptr inbounds %struct.sock.767877, %struct.sock.767877* %0, i64 0, i32 12 %25 = load volatile %struct.sk_filter.767857*, %struct.sk_filter.767857** %24, align 8 %26 = icmp eq %struct.sk_filter.767857* %25, null br i1 %26, label %92, label %27 %28 = getelementptr inbounds %struct.sk_buff.767837, %struct.sk_buff.767837* %1, i64 0, i32 1, i32 0 %29 = bitcast %struct.sock.767877** %28 to i64* %30 = load i64, i64* %29, align 8 store %struct.sock.767877* %0, %struct.sock.767877** %28, align 8 %31 = getelementptr inbounds %struct.sk_filter.767857, %struct.sk_filter.767857* %25, i64 0, i32 2 %32 = load %struct.bpf_prog.767663*, %struct.bpf_prog.767663** %31, align 8 tail call void @migrate_disable() #78 %33 = bitcast %struct.sk_buff.767837* %1 to i8* %34 = getelementptr inbounds %struct.sk_buff.767837, %struct.sk_buff.767837* %1, i64 0, i32 3, i64 8 %35 = getelementptr inbounds [20 x i8], [20 x i8]* %4, i64 0, i64 0 %36 = getelementptr inbounds %struct.bpf_prog.767663, %struct.bpf_prog.767663* %32, i64 0, i32 1 %37 = load i16, i16* %36, align 2 %38 = and i16 %37, 8 %39 = icmp eq i16 %38, 0 br i1 %39, label %41, label %40, !prof !6, !misexpect !7 br label %41 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@sk_filter_trim_cap, %42)) #6 to label %56 [label %42], !srcloc !8 %57 = getelementptr inbounds %struct.bpf_prog.767663, %struct.bpf_prog.767663* %32, i64 0, i32 13, i64 0 %58 = getelementptr inbounds %struct.bpf_prog.767663, %struct.bpf_prog.767663* %32, i64 0, i32 9 %59 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %58, align 8 %60 = tail call i32 %59(i8* %33, %struct.bpf_insn* %57) #78 br label %61 %62 = phi i32 [ %47, %42 ], [ %60, %56 ] %63 = load i16, i16* %36, align 2 %64 = and i16 %63, 8 %65 = icmp eq i16 %64, 0 br i1 %65, label %67, label %66, !prof !6, !misexpect !7 tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 ___skb_get_hash 6 __skb_get_hash 7 get_rps_cpu 8 netif_receive_skb_list_internal 9 busy_poll_stop 10 napi_busy_loop 11 tcp_recvmsg 12 inet6_recvmsg 13 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 ___skb_get_hash 6 __skb_get_hash 7 get_rps_cpu 8 netif_receive_skb_list_internal 9 busy_poll_stop 10 napi_busy_loop 11 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 ipip6_tunnel_bind_dev 10 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 ip_route_output_key_hash_rcu 8 ip_route_output_flow 9 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 __ip_rt_update_pmtu 8 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 fib_multipath_hash 6 fib_select_path 7 __ip_do_redirect 8 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 rt6_multipath_hash 6 fib6_select_path 7 ip6_pol_route 8 ip6_pol_route_input 9 fib6_rule_lookup 10 ip6_route_output_flags_noref 11 ip6_route_output_flags 12 icmp6_send 13 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Use: =BAD PATH= Call Stack: 0 __set_cpus_allowed_ptr_locked 1 __set_cpus_allowed_ptr 2 migrate_enable 3 bpf_flow_dissect 4 __skb_flow_dissect 5 packet_parse_headers 6 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %207, label %233 %208 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %209 = load i8*, i8** %208, align 64 %210 = icmp eq i8* %209, null br i1 %210, label %211, label %219 %212 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 0, i32 0, i32 0 store volatile i32 1, i32* %212, align 8 %213 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 0 store i32 0, i32* %213, align 8 %214 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %6, i64 0, i32 2, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %214, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.93.7053, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.7054) #78 ------------- Good: 539 Bad: 19 Ignored: 1129 Check Use of Function:serial8250_request_port Check Use of Function:cache_ioctl_pipefs Check Use of Function:azx_probe_codecs Check Use of Function:__nla_parse Check Use of Function:perf_compat_ioctl Check Use of Function:ieee80211_smps_mode_to_smps_mode Check Use of Function:security_sem_associate Use: =BAD PATH= Call Stack: 0 ksys_semget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #78 Function:compat_ksys_ipc %7 = alloca i64, align 8 %8 = bitcast i64* %7 to %struct.util_est* %9 = alloca i64, align 8 %10 = lshr i32 %0, 16 %11 = trunc i32 %0 to i16 switch i16 %11, label %115 [ i16 1, label %12 i16 4, label %17 i16 2, label %24 i16 3, label %27 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %101 i16 23, label %106 i16 24, label %110 ] %25 = tail call i64 @ksys_semget(i32 %1, i32 %2, i32 %3) #78 Function:ksys_semget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 94 %9 = load %struct.nsproxy*, %struct.nsproxy** %8, align 8 %10 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %9, i64 0, i32 2 %11 = load %struct.ipc_namespace*, %struct.ipc_namespace** %10, align 8 %12 = icmp slt i32 %1, 0 br i1 %12, label %25, label %13 %14 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 1, i64 0 %15 = load i32, i32* %14, align 8 %16 = icmp slt i32 %15, %1 br i1 %16, label %25, label %17 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2 %21 = bitcast %struct.anon.1* %20 to i32* store i32 %1, i32* %21, align 8 %22 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 0, i64 0 %23 = call i32 bitcast (i32 (%struct.ipc_namespace.264868*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265757*, %struct.ipc_params*)*)(%struct.ipc_namespace* %11, %struct.ipc_ids* %22, %struct.ipc_ops.265757* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_semget ------------- Path:  Function:__x64_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 94 %16 = load %struct.nsproxy*, %struct.nsproxy** %15, align 8 %17 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace*, %struct.ipc_namespace** %17, align 8 %19 = icmp slt i32 %10, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 1, i64 0 %22 = load i32, i32* %21, align 8 %23 = icmp slt i32 %22, %10 br i1 %23, label %32, label %24 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %25, align 8 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %26, align 4 %27 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %28 = bitcast %struct.anon.1* %27 to i32* store i32 %10, i32* %28, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.ipc_namespace.264868*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265757*, %struct.ipc_params*)*)(%struct.ipc_namespace* %18, %struct.ipc_ids* %29, %struct.ipc_ops.265757* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_semget ------------- Path:  Function:__ia32_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 94 %16 = load %struct.nsproxy*, %struct.nsproxy** %15, align 8 %17 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace*, %struct.ipc_namespace** %17, align 8 %19 = icmp slt i32 %10, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 1, i64 0 %22 = load i32, i32* %21, align 8 %23 = icmp slt i32 %22, %10 br i1 %23, label %32, label %24 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %25, align 8 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %26, align 4 %27 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %28 = bitcast %struct.anon.1* %27 to i32* store i32 %10, i32* %28, align 8 %29 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.ipc_namespace.264868*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265757*, %struct.ipc_params*)*)(%struct.ipc_namespace* %18, %struct.ipc_ids* %29, %struct.ipc_ops.265757* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #78 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:empty_dir_lookup Check Use of Function:blk_rq_init Check Use of Function:drv_sta_state Check Use of Function:untrack_pfn Check Use of Function:drm_debugfs_cleanup Check Use of Function:lock_device_hotplug Check Use of Function:qdisc_create Check Use of Function:proc_map_files_lookup Check Use of Function:ext4_clear_inode Check Use of Function:io_free_req Check Use of Function:phy_attached_info Check Use of Function:blkdev_get_by_dev Use: =BAD PATH= Call Stack: 0 blkdev_open ------------- Path:  Function:blkdev_open %3 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = or i32 %4, 32768 store i32 %5, i32* %3, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %1, i64 0, i32 8 %7 = load i32, i32* %6, align 4 %8 = and i32 %4, 2048 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 1207959552, i32 1207959616 %11 = or i32 %10, %7 %12 = and i32 %4, 128 %13 = or i32 %12, %11 %14 = and i32 %4, 3 %15 = icmp eq i32 %14, 3 %16 = or i32 %13, 256 %17 = select i1 %15, i32 %16, i32 %13 %18 = select i1 %15, i32 %16, i32 %13 store i32 %17, i32* %6, align 4 %19 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %0, i64 0, i32 13 %20 = load i32, i32* %19, align 4 %21 = bitcast %struct.file.294911* %1 to i8* %22 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (i32, i32, i8*)* @blkdev_get_by_dev to %struct.block_device.294846* (i32, i32, i8*)*)(i32 %20, i32 %18, i8* %21) #78 ------------- Good: 12 Bad: 1 Ignored: 3 Check Use of Function:i915_ttm_adjust_lru Check Use of Function:sysfs_remove_link Check Use of Function:mq_leaf Check Use of Function:mq_walk Check Use of Function:bad_inode_rename2 Check Use of Function:iommu_set_dma_strict Check Use of Function:pci_user_read_config_byte Check Use of Function:nfs_file_read Check Use of Function:register_inet6addr_notifier Check Use of Function:alloc_file_pseudo Check Use of Function:nfs_lookup_revalidate Check Use of Function:try_to_unlazy Check Use of Function:blk_queue_max_discard_sectors Check Use of Function:_find_first_bit Use: =BAD PATH= Call Stack: 0 __caps_show 1 caps_show ------------- Path:  Function:caps_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.intel_engine_cs.423892** %6 = load %struct.intel_engine_cs.423892*, %struct.intel_engine_cs.423892** %5, align 8 %7 = getelementptr inbounds %struct.intel_engine_cs.423892, %struct.intel_engine_cs.423892* %6, i64 0, i32 12 %8 = load i32, i32* %7, align 8 %9 = zext i32 %8 to i64 %10 = tail call fastcc i64 @__caps_show(%struct.intel_engine_cs.423892* %6, i64 %9, i8* %2, i1 zeroext true) #78 Function:__caps_show %5 = alloca i64, align 8 store i64 %1, i64* %5, align 8 %6 = getelementptr inbounds %struct.intel_engine_cs.423892, %struct.intel_engine_cs.423892* %0, i64 0, i32 8 %7 = load i8, i8* %6, align 8 switch i8 %7, label %9 [ i8 1, label %10 i8 2, label %8 ] %11 = phi i32 [ 0, %9 ], [ 2, %8 ], [ 2, %4 ] %12 = phi i8** [ null, %9 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vecs_caps, i64 0, i64 0), %8 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vcs_caps, i64 0, i64 0), %4 ] %13 = select i1 %3, i32 64, i32 %11 %14 = zext i32 %13 to i64 %15 = call i64 @_find_first_bit(i64* nonnull %5, i64 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 __caps_show 1 all_caps_show ------------- Path:  Function:all_caps_show %4 = getelementptr inbounds %struct.kobject, %struct.kobject* %0, i64 1 %5 = bitcast %struct.kobject* %4 to %struct.intel_engine_cs.423892** %6 = load %struct.intel_engine_cs.423892*, %struct.intel_engine_cs.423892** %5, align 8 %7 = tail call fastcc i64 @__caps_show(%struct.intel_engine_cs.423892* %6, i64 -1, i8* %2, i1 zeroext false) #78 Function:__caps_show %5 = alloca i64, align 8 store i64 %1, i64* %5, align 8 %6 = getelementptr inbounds %struct.intel_engine_cs.423892, %struct.intel_engine_cs.423892* %0, i64 0, i32 8 %7 = load i8, i8* %6, align 8 switch i8 %7, label %9 [ i8 1, label %10 i8 2, label %8 ] %11 = phi i32 [ 0, %9 ], [ 2, %8 ], [ 2, %4 ] %12 = phi i8** [ null, %9 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vecs_caps, i64 0, i64 0), %8 ], [ getelementptr inbounds ([2 x i8*], [2 x i8*]* @vcs_caps, i64 0, i64 0), %4 ] %13 = select i1 %3, i32 64, i32 %11 %14 = zext i32 %13 to i64 %15 = call i64 @_find_first_bit(i64* nonnull %5, i64 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdskbmode 1 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.365054*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.365044, %struct.tty_struct.365044* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.365054** %15 = load %struct.vc_data.365054*, %struct.vc_data.365054** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.364912** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.364912**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.364912* %19 = getelementptr inbounds %struct.task_struct.364912, %struct.task_struct.364912* %18, i64 0, i32 95 %20 = load %struct.signal_struct.364805*, %struct.signal_struct.364805** %19, align 32 %21 = getelementptr inbounds %struct.signal_struct.364805, %struct.signal_struct.364805* %20, i64 0, i32 24 %22 = load %struct.tty_struct.365044*, %struct.tty_struct.365044** %21, align 8 %23 = icmp eq %struct.tty_struct.365044* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #78 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = bitcast i64* %9 to %struct.util_est* %30 = load %struct.vc_data.365054*, %struct.vc_data.365054** %14, align 8 %31 = getelementptr inbounds %struct.vc_data.365054, %struct.vc_data.365054* %30, i64 0, i32 3 %32 = load i16, i16* %31, align 8 %33 = zext i16 %32 to i32 switch i32 %1, label %760 [ i32 19247, label %34 i32 19248, label %42 i32 19251, label %58 i32 19252, label %65 i32 19253, label %65 i32 19254, label %74 i32 19255, label %74 i32 19282, label %80 i32 19258, label %94 i32 19259, label %116 i32 19260, label %761 i32 19261, label %761 i32 19269, label %126 i32 19268, label %132 i32 19299, label %140 i32 19298, label %143 i32 19276, label %151 i32 19277, label %151 i32 19270, label %157 i32 19271, label %157 i32 19272, label %161 i32 19273, label %161 i32 19274, label %165 i32 19450, label %165 i32 19275, label %165 i32 19451, label %165 i32 19300, label %168 i32 19301, label %168 i32 19249, label %168 i32 19250, label %168 i32 19278, label %171 i32 19314, label %197 i32 19313, label %219 i32 19312, label %222 i32 19265, label %224 i32 19264, label %227 i32 19306, label %229 i32 19305, label %233 i32 19304, label %236 i32 19303, label %239 i32 19302, label %239 i32 21532, label %270 i32 22018, label %272 i32 22017, label %305 i32 22019, label %313 i32 22016, label %365 i32 22022, label %404 i32 22031, label %416 i32 22023, label %467 i32 22021, label %474 i32 22024, label %498 i32 22025, label %591 i32 22026, label %629 i32 22027, label %713 i32 22028, label %716 i32 22029, label %719 i32 22030, label %728 ] br i1 %28, label %127, label %761 %128 = trunc i64 %2 to i32 %129 = tail call i32 @vt_do_kdskbmode(i32 %33, i32 %128) #78 Function:vt_do_kdskbmode %3 = zext i32 %0 to i64 %4 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @kbd_event_lock, i64 0, i32 0, i32 0)) #78 switch i32 %1, label %89 [ i32 0, label %5 i32 2, label %10 i32 1, label %15 i32 3, label %49 i32 4, label %84 ] %50 = getelementptr [63 x %struct.kbd_struct], [63 x %struct.kbd_struct]* @kbd_table, i64 0, i64 %3, i32 3 %51 = load i8, i8* %50, align 1 %52 = and i8 %51, -113 %53 = or i8 %52, 48 store i8 %53, i8* %50, align 1 store i32 0, i32* @shift_state, align 4 %54 = tail call i64 @_find_first_bit(i64* getelementptr inbounds ([12 x i64], [12 x i64]* @key_down, i64 0, i64 0), i64 256) #78 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdskbmode 1 vt_ioctl 2 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.365044, %struct.tty_struct.365044* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.365054** %8 = load %struct.vc_data.365054*, %struct.vc_data.365054** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.364912** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.364912**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.364912* %14 = getelementptr inbounds %struct.task_struct.364912, %struct.task_struct.364912* %13, i64 0, i32 95 %15 = load %struct.signal_struct.364805*, %struct.signal_struct.364805** %14, align 32 %16 = getelementptr inbounds %struct.signal_struct.364805, %struct.signal_struct.364805* %15, i64 0, i32 24 %17 = load %struct.tty_struct.365044*, %struct.tty_struct.365044** %16, align 8 %18 = icmp eq %struct.tty_struct.365044* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #78 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %80 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %78 i32 19248, label %78 i32 19252, label %78 i32 19253, label %78 i32 19258, label %78 i32 19260, label %78 i32 19261, label %78 i32 19269, label %78 i32 19299, label %78 i32 19301, label %78 i32 19250, label %78 i32 19278, label %78 i32 22022, label %78 i32 22023, label %78 i32 22021, label %78 i32 22024, label %78 i32 22025, label %78 i32 22026, label %78 ] %81 = tail call i32 @vt_ioctl(%struct.tty_struct.365044* %0, i32 %1, i64 %10) #79 Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.365054*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.365044, %struct.tty_struct.365044* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.365054** %15 = load %struct.vc_data.365054*, %struct.vc_data.365054** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.364912** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.364912**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.364912* %19 = getelementptr inbounds %struct.task_struct.364912, %struct.task_struct.364912* %18, i64 0, i32 95 %20 = load %struct.signal_struct.364805*, %struct.signal_struct.364805** %19, align 32 %21 = getelementptr inbounds %struct.signal_struct.364805, %struct.signal_struct.364805* %20, i64 0, i32 24 %22 = load %struct.tty_struct.365044*, %struct.tty_struct.365044** %21, align 8 %23 = icmp eq %struct.tty_struct.365044* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #78 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = bitcast i64* %9 to %struct.util_est* %30 = load %struct.vc_data.365054*, %struct.vc_data.365054** %14, align 8 %31 = getelementptr inbounds %struct.vc_data.365054, %struct.vc_data.365054* %30, i64 0, i32 3 %32 = load i16, i16* %31, align 8 %33 = zext i16 %32 to i32 switch i32 %1, label %760 [ i32 19247, label %34 i32 19248, label %42 i32 19251, label %58 i32 19252, label %65 i32 19253, label %65 i32 19254, label %74 i32 19255, label %74 i32 19282, label %80 i32 19258, label %94 i32 19259, label %116 i32 19260, label %761 i32 19261, label %761 i32 19269, label %126 i32 19268, label %132 i32 19299, label %140 i32 19298, label %143 i32 19276, label %151 i32 19277, label %151 i32 19270, label %157 i32 19271, label %157 i32 19272, label %161 i32 19273, label %161 i32 19274, label %165 i32 19450, label %165 i32 19275, label %165 i32 19451, label %165 i32 19300, label %168 i32 19301, label %168 i32 19249, label %168 i32 19250, label %168 i32 19278, label %171 i32 19314, label %197 i32 19313, label %219 i32 19312, label %222 i32 19265, label %224 i32 19264, label %227 i32 19306, label %229 i32 19305, label %233 i32 19304, label %236 i32 19303, label %239 i32 19302, label %239 i32 21532, label %270 i32 22018, label %272 i32 22017, label %305 i32 22019, label %313 i32 22016, label %365 i32 22022, label %404 i32 22031, label %416 i32 22023, label %467 i32 22021, label %474 i32 22024, label %498 i32 22025, label %591 i32 22026, label %629 i32 22027, label %713 i32 22028, label %716 i32 22029, label %719 i32 22030, label %728 ] br i1 %28, label %127, label %761 %128 = trunc i64 %2 to i32 %129 = tail call i32 @vt_do_kdskbmode(i32 %33, i32 %128) #78 Function:vt_do_kdskbmode %3 = zext i32 %0 to i64 %4 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @kbd_event_lock, i64 0, i32 0, i32 0)) #78 switch i32 %1, label %89 [ i32 0, label %5 i32 2, label %10 i32 1, label %15 i32 3, label %49 i32 4, label %84 ] %50 = getelementptr [63 x %struct.kbd_struct], [63 x %struct.kbd_struct]* @kbd_table, i64 0, i64 %3, i32 3 %51 = load i8, i8* %50, align 1 %52 = and i8 %51, -113 %53 = or i8 %52, 48 store i8 %53, i8* %50, align 1 store i32 0, i32* @shift_state, align 4 %54 = tail call i64 @_find_first_bit(i64* getelementptr inbounds ([12 x i64], [12 x i64]* @key_down, i64 0, i64 0), i64 256) #78 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdskbmode 1 vt_ioctl ------------- Path:  Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.365054*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.365044, %struct.tty_struct.365044* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.365054** %15 = load %struct.vc_data.365054*, %struct.vc_data.365054** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.364912** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.364912**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.364912* %19 = getelementptr inbounds %struct.task_struct.364912, %struct.task_struct.364912* %18, i64 0, i32 95 %20 = load %struct.signal_struct.364805*, %struct.signal_struct.364805** %19, align 32 %21 = getelementptr inbounds %struct.signal_struct.364805, %struct.signal_struct.364805* %20, i64 0, i32 24 %22 = load %struct.tty_struct.365044*, %struct.tty_struct.365044** %21, align 8 %23 = icmp eq %struct.tty_struct.365044* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #78 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = bitcast i64* %9 to %struct.util_est* %30 = load %struct.vc_data.365054*, %struct.vc_data.365054** %14, align 8 %31 = getelementptr inbounds %struct.vc_data.365054, %struct.vc_data.365054* %30, i64 0, i32 3 %32 = load i16, i16* %31, align 8 %33 = zext i16 %32 to i32 switch i32 %1, label %760 [ i32 19247, label %34 i32 19248, label %42 i32 19251, label %58 i32 19252, label %65 i32 19253, label %65 i32 19254, label %74 i32 19255, label %74 i32 19282, label %80 i32 19258, label %94 i32 19259, label %116 i32 19260, label %761 i32 19261, label %761 i32 19269, label %126 i32 19268, label %132 i32 19299, label %140 i32 19298, label %143 i32 19276, label %151 i32 19277, label %151 i32 19270, label %157 i32 19271, label %157 i32 19272, label %161 i32 19273, label %161 i32 19274, label %165 i32 19450, label %165 i32 19275, label %165 i32 19451, label %165 i32 19300, label %168 i32 19301, label %168 i32 19249, label %168 i32 19250, label %168 i32 19278, label %171 i32 19314, label %197 i32 19313, label %219 i32 19312, label %222 i32 19265, label %224 i32 19264, label %227 i32 19306, label %229 i32 19305, label %233 i32 19304, label %236 i32 19303, label %239 i32 19302, label %239 i32 21532, label %270 i32 22018, label %272 i32 22017, label %305 i32 22019, label %313 i32 22016, label %365 i32 22022, label %404 i32 22031, label %416 i32 22023, label %467 i32 22021, label %474 i32 22024, label %498 i32 22025, label %591 i32 22026, label %629 i32 22027, label %713 i32 22028, label %716 i32 22029, label %719 i32 22030, label %728 ] br i1 %28, label %127, label %761 %128 = trunc i64 %2 to i32 %129 = tail call i32 @vt_do_kdskbmode(i32 %33, i32 %128) #78 Function:vt_do_kdskbmode %3 = zext i32 %0 to i64 %4 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @kbd_event_lock, i64 0, i32 0, i32 0)) #78 switch i32 %1, label %89 [ i32 0, label %5 i32 2, label %10 i32 1, label %15 i32 3, label %49 i32 4, label %84 ] %16 = getelementptr [63 x %struct.kbd_struct], [63 x %struct.kbd_struct]* @kbd_table, i64 0, i64 %3, i32 3 %17 = load i8, i8* %16, align 1 %18 = and i8 %17, -113 store i8 %18, i8* %16, align 1 store i32 0, i32* @shift_state, align 4 %19 = tail call i64 @_find_first_bit(i64* getelementptr inbounds ([12 x i64], [12 x i64]* @key_down, i64 0, i64 0), i64 256) #78 ------------- Use: =BAD PATH= Call Stack: 0 vt_do_kdskbmode 1 vt_ioctl 2 vt_compat_ioctl ------------- Path:  Function:vt_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.console_font_op, align 8 %6 = getelementptr inbounds %struct.tty_struct.365044, %struct.tty_struct.365044* %0, i64 0, i32 30 %7 = bitcast i8** %6 to %struct.vc_data.365054** %8 = load %struct.vc_data.365054*, %struct.vc_data.365054** %7, align 8 %9 = bitcast %struct.console_font_op* %5 to i8* %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.364912** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.364912**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.364912* %14 = getelementptr inbounds %struct.task_struct.364912, %struct.task_struct.364912* %13, i64 0, i32 95 %15 = load %struct.signal_struct.364805*, %struct.signal_struct.364805** %14, align 32 %16 = getelementptr inbounds %struct.signal_struct.364805, %struct.signal_struct.364805* %15, i64 0, i32 24 %17 = load %struct.tty_struct.365044*, %struct.tty_struct.365044** %16, align 8 %18 = icmp eq %struct.tty_struct.365044* %17, %0 br i1 %18, label %21, label %19 %20 = tail call zeroext i1 @capable(i32 26) #78 br i1 %20, label %21, label %22 br label %22 %23 = phi i1 [ false, %21 ], [ true, %19 ] switch i32 %1, label %80 [ i32 19314, label %24 i32 19303, label %48 i32 19302, label %48 i32 19247, label %78 i32 19248, label %78 i32 19252, label %78 i32 19253, label %78 i32 19258, label %78 i32 19260, label %78 i32 19261, label %78 i32 19269, label %78 i32 19299, label %78 i32 19301, label %78 i32 19250, label %78 i32 19278, label %78 i32 22022, label %78 i32 22023, label %78 i32 22021, label %78 i32 22024, label %78 i32 22025, label %78 i32 22026, label %78 ] %81 = tail call i32 @vt_ioctl(%struct.tty_struct.365044* %0, i32 %1, i64 %10) #79 Function:vt_ioctl %4 = alloca %struct.vt_event_wait, align 8 %5 = alloca %struct.vt_consize, align 2 %6 = alloca [63 x %struct.vc_data.365054*], align 16 %7 = alloca %struct.vt_setactivate, align 4 %8 = alloca %struct.unimapdesc, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.console_font_op, align 8 %11 = alloca i64, align 8 %12 = alloca i64, align 8 %13 = getelementptr inbounds %struct.tty_struct.365044, %struct.tty_struct.365044* %0, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.vc_data.365054** %15 = load %struct.vc_data.365054*, %struct.vc_data.365054** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.364912** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.364912**)) #11, !srcloc !4 %18 = inttoptr i64 %17 to %struct.task_struct.364912* %19 = getelementptr inbounds %struct.task_struct.364912, %struct.task_struct.364912* %18, i64 0, i32 95 %20 = load %struct.signal_struct.364805*, %struct.signal_struct.364805** %19, align 32 %21 = getelementptr inbounds %struct.signal_struct.364805, %struct.signal_struct.364805* %20, i64 0, i32 24 %22 = load %struct.tty_struct.365044*, %struct.tty_struct.365044** %21, align 8 %23 = icmp eq %struct.tty_struct.365044* %22, %0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 26) #78 br i1 %25, label %26, label %27 br label %27 %28 = phi i1 [ true, %26 ], [ false, %24 ] %29 = bitcast i64* %9 to %struct.util_est* %30 = load %struct.vc_data.365054*, %struct.vc_data.365054** %14, align 8 %31 = getelementptr inbounds %struct.vc_data.365054, %struct.vc_data.365054* %30, i64 0, i32 3 %32 = load i16, i16* %31, align 8 %33 = zext i16 %32 to i32 switch i32 %1, label %760 [ i32 19247, label %34 i32 19248, label %42 i32 19251, label %58 i32 19252, label %65 i32 19253, label %65 i32 19254, label %74 i32 19255, label %74 i32 19282, label %80 i32 19258, label %94 i32 19259, label %116 i32 19260, label %761 i32 19261, label %761 i32 19269, label %126 i32 19268, label %132 i32 19299, label %140 i32 19298, label %143 i32 19276, label %151 i32 19277, label %151 i32 19270, label %157 i32 19271, label %157 i32 19272, label %161 i32 19273, label %161 i32 19274, label %165 i32 19450, label %165 i32 19275, label %165 i32 19451, label %165 i32 19300, label %168 i32 19301, label %168 i32 19249, label %168 i32 19250, label %168 i32 19278, label %171 i32 19314, label %197 i32 19313, label %219 i32 19312, label %222 i32 19265, label %224 i32 19264, label %227 i32 19306, label %229 i32 19305, label %233 i32 19304, label %236 i32 19303, label %239 i32 19302, label %239 i32 21532, label %270 i32 22018, label %272 i32 22017, label %305 i32 22019, label %313 i32 22016, label %365 i32 22022, label %404 i32 22031, label %416 i32 22023, label %467 i32 22021, label %474 i32 22024, label %498 i32 22025, label %591 i32 22026, label %629 i32 22027, label %713 i32 22028, label %716 i32 22029, label %719 i32 22030, label %728 ] br i1 %28, label %127, label %761 %128 = trunc i64 %2 to i32 %129 = tail call i32 @vt_do_kdskbmode(i32 %33, i32 %128) #78 Function:vt_do_kdskbmode %3 = zext i32 %0 to i64 %4 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @kbd_event_lock, i64 0, i32 0, i32 0)) #78 switch i32 %1, label %89 [ i32 0, label %5 i32 2, label %10 i32 1, label %15 i32 3, label %49 i32 4, label %84 ] %16 = getelementptr [63 x %struct.kbd_struct], [63 x %struct.kbd_struct]* @kbd_table, i64 0, i64 %3, i32 3 %17 = load i8, i8* %16, align 1 %18 = and i8 %17, -113 store i8 %18, i8* %16, align 1 store i32 0, i32* @shift_state, align 4 %19 = tail call i64 @_find_first_bit(i64* getelementptr inbounds ([12 x i64], [12 x i64]* @key_down, i64 0, i64 0), i64 256) #78 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 eventfd_release ------------- Path:  Function:eventfd_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.eventfd_ctx** %5 = load %struct.eventfd_ctx*, %struct.eventfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %6, i32 3, i32 1, i8* nonnull inttoptr (i64 16 to i8*)) #78 %7 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 %17 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 11, i32 0, i32 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp sgt i32 %19, -1 br i1 %20, label %21, label %22 tail call void @ida_free(%struct.ida* nonnull @eventfd_ida, i32 %19) #78 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp slt i32 %1, 0 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %59, label %17 %18 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %19 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %18) #78 %20 = call i8* @xas_load(%struct.xa_state* nonnull %3) #78 %21 = ptrtoint i8* %20 to i64 %22 = and i64 %21, 1 %23 = icmp eq i64 %22, 0 br i1 %23, label %41, label %24 %42 = zext i32 %14 to i64 %43 = bitcast i8* %20 to i64* %44 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !4 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %56, label %47 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !5 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #78 %48 = call i64 @_find_first_bit(i64* %43, i64 1024) #78 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 pde_put 2 proc_readdir_de 3 proc_tgid_net_readdir ------------- Path:  Function:proc_tgid_net_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %4) #78 %6 = icmp eq %struct.net* %5, null br i1 %6, label %21, label %7 %8 = getelementptr inbounds %struct.net, %struct.net* %5, i64 0, i32 16 %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 32 %10 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %9) #79 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18425, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #78 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #78 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18426, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #78 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #78 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #78 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #78 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #78 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #79 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #78 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp slt i32 %1, 0 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %59, label %17 %18 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %19 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %18) #78 %20 = call i8* @xas_load(%struct.xa_state* nonnull %3) #78 %21 = ptrtoint i8* %20 to i64 %22 = and i64 %21, 1 %23 = icmp eq i64 %22, 0 br i1 %23, label %41, label %24 %42 = zext i32 %14 to i64 %43 = bitcast i8* %20 to i64* %44 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !4 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %56, label %47 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !5 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #78 %48 = call i64 @_find_first_bit(i64* %43, i64 1024) #78 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 pde_put 2 proc_readdir_de 3 proc_readdir 4 proc_root_readdir ------------- Path:  Function:proc_root_readdir %3 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, 256 br i1 %5, label %6, label %10 %7 = tail call i32 @proc_readdir(%struct.file* %0, %struct.dir_context* %1) #78 Function:proc_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.proc_fs_info** %9 = load %struct.proc_fs_info*, %struct.proc_fs_info** %8, align 16 %10 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %9, i64 0, i32 5 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %19, label %13 %14 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 13 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 1, i32 1 %16 = bitcast %struct.list_head** %15 to %struct.proc_dir_entry** %17 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %16, align 8 %18 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %17) #78 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18425, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #78 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #78 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18426, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #78 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #78 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #78 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #78 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #78 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #79 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #78 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp slt i32 %1, 0 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %59, label %17 %18 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %19 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %18) #78 %20 = call i8* @xas_load(%struct.xa_state* nonnull %3) #78 %21 = ptrtoint i8* %20 to i64 %22 = and i64 %21, 1 %23 = icmp eq i64 %22, 0 br i1 %23, label %41, label %24 %42 = zext i32 %14 to i64 %43 = bitcast i8* %20 to i64* %44 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !4 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %56, label %47 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !5 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #78 %48 = call i64 @_find_first_bit(i64* %43, i64 1024) #78 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 pde_put 2 proc_readdir_de 3 proc_readdir ------------- Path:  Function:proc_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.proc_fs_info** %9 = load %struct.proc_fs_info*, %struct.proc_fs_info** %8, align 16 %10 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %9, i64 0, i32 5 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %19, label %13 %14 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 13 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 1, i32 1 %16 = bitcast %struct.list_head** %15 to %struct.proc_dir_entry** %17 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %16, align 8 %18 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %17) #78 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18425, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #78 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #78 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18426, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #78 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #78 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #78 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #78 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #78 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #79 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #78 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp slt i32 %1, 0 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %59, label %17 %18 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %19 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %18) #78 %20 = call i8* @xas_load(%struct.xa_state* nonnull %3) #78 %21 = ptrtoint i8* %20 to i64 %22 = and i64 %21, 1 %23 = icmp eq i64 %22, 0 br i1 %23, label %41, label %24 %42 = zext i32 %14 to i64 %43 = bitcast i8* %20 to i64* %44 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !4 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %56, label %47 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !5 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #78 %48 = call i64 @_find_first_bit(i64* %43, i64 1024) #78 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 devpts_kill_index 2 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #78 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #78 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp slt i32 %1, 0 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %59, label %17 %18 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %19 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %18) #78 %20 = call i8* @xas_load(%struct.xa_state* nonnull %3) #78 %21 = ptrtoint i8* %20 to i64 %22 = and i64 %21, 1 %23 = icmp eq i64 %22, 0 br i1 %23, label %41, label %24 %42 = zext i32 %14 to i64 %43 = bitcast i8* %20 to i64* %44 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !4 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %56, label %47 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !5 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #78 %48 = call i64 @_find_first_bit(i64* %43, i64 1024) #78 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 devpts_kill_index 2 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #78 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #78 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp slt i32 %1, 0 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %59, label %17 %18 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %19 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %18) #78 %20 = call i8* @xas_load(%struct.xa_state* nonnull %3) #78 %21 = ptrtoint i8* %20 to i64 %22 = and i64 %21, 1 %23 = icmp eq i64 %22, 0 br i1 %23, label %41, label %24 %42 = zext i32 %14 to i64 %43 = bitcast i8* %20 to i64* %44 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !4 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %56, label %47 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !5 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #78 %48 = call i64 @_find_first_bit(i64* %43, i64 1024) #78 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 nfs4_put_lock_state 2 nfs4_select_rw_stateid 3 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238113* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238112*, %struct.nfs_open_context.238112** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238112, %struct.nfs_open_context.238112* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #78 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238142** %30 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238142* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238142* %77) #78 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238142* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 br i1 %8, label %9, label %46 %10 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store volatile %struct.list_head* %13, %struct.list_head** %15, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %16 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 %18 = load volatile %struct.list_head*, %struct.list_head** %17, align 8 %19 = icmp eq %struct.list_head* %18, %16 br i1 %19, label %20, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %25 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 3 %26 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %25, align 8 %27 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %26, i64 0, i32 0 %28 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 2 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %41 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %28, i64 0, i32 46 %42 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 3, i32 1 %43 = load i32, i32* %42, align 8 tail call void @ida_free(%struct.ida* %41, i32 %43) #78 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp slt i32 %1, 0 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %59, label %17 %18 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %19 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %18) #78 %20 = call i8* @xas_load(%struct.xa_state* nonnull %3) #78 %21 = ptrtoint i8* %20 to i64 %22 = and i64 %21, 1 %23 = icmp eq i64 %22, 0 br i1 %23, label %41, label %24 %42 = zext i32 %14 to i64 %43 = bitcast i8* %20 to i64* %44 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !4 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %56, label %47 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !5 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #78 %48 = call i64 @_find_first_bit(i64* %43, i64 1024) #78 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 nfs4_put_lock_state 2 nfs4_select_rw_stateid 3 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238113* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238112*, %struct.nfs_open_context.238112** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238112, %struct.nfs_open_context.238112* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #78 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238142** %30 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238142* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238142* %77) #78 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238142* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 br i1 %8, label %9, label %46 %10 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store volatile %struct.list_head* %13, %struct.list_head** %15, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %16 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 %18 = load volatile %struct.list_head*, %struct.list_head** %17, align 8 %19 = icmp eq %struct.list_head* %18, %16 br i1 %19, label %20, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %25 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 3 %26 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %25, align 8 %27 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %26, i64 0, i32 0 %28 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 2 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %41 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %28, i64 0, i32 46 %42 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 3, i32 1 %43 = load i32, i32* %42, align 8 tail call void @ida_free(%struct.ida* %41, i32 %43) #78 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp slt i32 %1, 0 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %59, label %17 %18 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %19 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %18) #78 %20 = call i8* @xas_load(%struct.xa_state* nonnull %3) #78 %21 = ptrtoint i8* %20 to i64 %22 = and i64 %21, 1 %23 = icmp eq i64 %22, 0 br i1 %23, label %41, label %24 %42 = zext i32 %14 to i64 %43 = bitcast i8* %20 to i64* %44 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !4 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %56, label %47 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !5 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #78 %48 = call i64 @_find_first_bit(i64* %43, i64 1024) #78 ------------- Use: =BAD PATH= Call Stack: 0 ida_free 1 nfs4_set_lock_state 2 nfs4_proc_unlck 3 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.236429** %7 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %7, i64 0, i32 5 %9 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %16 = and i32 %1, -2 %17 = icmp eq i32 %16, 6 br i1 %17, label %18, label %143 %19 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %2, i64 0, i32 7 %20 = load i8, i8* %19, align 4 %21 = icmp eq i8 %20, 2 %22 = icmp eq %struct.nfs4_state.236428* %9, null br i1 %21, label %23, label %26 br i1 %22, label %143, label %24 %25 = tail call fastcc i32 @nfs4_proc_unlck(%struct.nfs4_state.236428* nonnull %9, %struct.file_lock* %2) #78 Function:nfs4_proc_unlck %3 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %0, i64 0, i32 4 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.236425*, %struct.nfs4_state_owner.236425** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 24, i32 2 %8 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.nfs4_state.238111*, %struct.file_lock*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.236428*, %struct.file_lock*)*)(%struct.nfs4_state.236428* %0, %struct.file_lock* %1) #78 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 17 %4 = load %struct.file_lock_operations*, %struct.file_lock_operations** %3, align 8 %5 = icmp eq %struct.file_lock_operations* %4, null br i1 %5, label %6, label %115 %7 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 5 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to %struct.nfs4_lock_state.238142** %13 = bitcast %struct.spinlock* %9 to i8* %14 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 br label %15 %16 = phi %struct.nfs4_lock_state.238142* [ null, %6 ], [ %63, %94 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #78 %17 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %12, align 8 %18 = getelementptr %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %17, i64 0, i32 0 %19 = icmp eq %struct.list_head* %18, %11 br i1 %19, label %47, label %20 %21 = phi %struct.nfs4_lock_state.238142* [ %30, %26 ], [ %17, %15 ] %22 = phi %struct.nfs4_lock_state.238142* [ %28, %26 ], [ null, %15 ] %23 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %21, i64 0, i32 6 %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, %8 br i1 %25, label %33, label %26 %27 = icmp eq i8* %24, null %28 = select i1 %27, %struct.nfs4_lock_state.238142* %21, %struct.nfs4_lock_state.238142* %22 %29 = bitcast %struct.nfs4_lock_state.238142* %21 to %struct.nfs4_lock_state.238142** %30 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %11 br i1 %32, label %33, label %20 %34 = phi %struct.nfs4_lock_state.238142* [ %28, %26 ], [ %21, %20 ] %35 = icmp eq %struct.nfs4_lock_state.238142* %34, null br i1 %35, label %47, label %36 %48 = icmp eq %struct.nfs4_lock_state.238142* %16, null br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %16, i64 0, i32 0 %51 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %52 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %17, i64 0, i32 0, i32 1 store %struct.list_head* %50, %struct.list_head** %52, align 8 %53 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %16, i64 0, i32 0, i32 0 store %struct.list_head* %18, %struct.list_head** %53, align 8 %54 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %16, i64 0, i32 0, i32 1 store %struct.list_head* %11, %struct.list_head** %54, align 8 store volatile %struct.list_head* %50, %struct.list_head** %51, align 8 %55 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %56 = bitcast i64* %55 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i32 1, i8* %56) #6, !srcloc !8 br label %99 %100 = phi %struct.nfs4_lock_state.238142* [ %16, %49 ], [ %34, %46 ], [ %34, %42 ], [ %34, %41 ] %101 = phi %struct.nfs4_lock_state.238142* [ null, %49 ], [ %16, %46 ], [ %16, %42 ], [ %16, %41 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %102 = icmp eq %struct.nfs4_lock_state.238142* %101, null br i1 %102, label %112, label %103 %104 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %14, align 8 %105 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %104, i64 0, i32 0 %106 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %105, align 8 %107 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %106, i64 0, i32 46 %108 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %101, i64 0, i32 3, i32 1 %109 = load i32, i32* %108, align 8 tail call void @ida_free(%struct.ida* %107, i32 %109) #78 Function:ida_free %3 = alloca %struct.xa_state, align 8 %4 = bitcast %struct.xa_state* %3 to i8* %5 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %6 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0 store %struct.xarray* %6, %struct.xarray** %5, align 8 %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %8 = lshr i32 %1, 10 %9 = zext i32 %8 to i64 store i64 %9, i64* %7, align 8 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %12 = bitcast i8* %10 to i32* store i32 0, i32* %12, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %11, align 8 %13 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %14 = and i32 %1, 1023 %15 = icmp slt i32 %1, 0 %16 = bitcast %struct.xa_node** %13 to i8* br i1 %15, label %59, label %17 %18 = getelementptr inbounds %struct.ida, %struct.ida* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %19 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %18) #78 %20 = call i8* @xas_load(%struct.xa_state* nonnull %3) #78 %21 = ptrtoint i8* %20 to i64 %22 = and i64 %21, 1 %23 = icmp eq i64 %22, 0 br i1 %23, label %41, label %24 %42 = zext i32 %14 to i64 %43 = bitcast i8* %20 to i64* %44 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !4 %45 = and i8 %44, 1 %46 = icmp eq i8 %45, 0 br i1 %46, label %56, label %47 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %43, i64 %42) #6, !srcloc !5 call void @xas_set_mark(%struct.xa_state* nonnull %3, i32 0) #78 %48 = call i64 @_find_first_bit(i64* %43, i64 1024) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %19 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %20 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %21 = bitcast i16* %8 to i8* store i16 0, i16* %8, align 2 %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %19 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %20 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %21 = bitcast i16* %8 to i8* store i16 0, i16* %8, align 2 %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 %100 = and i64 %99, 4294967168 %101 = icmp ult i64 %100, 384 br i1 %101, label %106, label %102 %107 = inttoptr i64 %96 to %struct.ebitmap_node* %108 = trunc i64 %99 to i32 %109 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %107, i64 0, i32 2 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, %108 %112 = load i32, i32* %85, align 8 %113 = icmp ult i32 %111, %112 br i1 %113, label %114, label %199 %115 = trunc i32 %91 to i16 %116 = add i16 %115, 1 br label %117 %118 = phi i32 [ %111, %114 ], [ %196, %194 ] %119 = phi i64 [ %96, %114 ], [ %195, %194 ] store i16 %116, i16* %86, align 8 %120 = trunc i32 %118 to i16 %121 = add i16 %120, 1 store i16 %121, i16* %87, align 2 %122 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %88, %struct.winsize* nonnull %15) #78 %123 = icmp eq %struct.avtab_node* %122, null br i1 %123, label %156, label %124 %125 = phi %struct.avtab_node* [ %154, %151 ], [ %122, %117 ] %126 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %125, i64 0, i32 0, i32 3 %127 = load i16, i16* %126, align 2 switch i16 %127, label %146 [ i16 1, label %128 i16 2, label %134 i16 4, label %140 ] %147 = and i16 %127, 1792 %148 = icmp eq i16 %147, 0 %149 = or i1 %20, %148 br i1 %149, label %151, label %150 %152 = load i16, i16* %46, align 2 %153 = zext i16 %152 to i32 %154 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %125, i32 %153) #78 %155 = icmp eq %struct.avtab_node* %154, null br i1 %155, label %156, label %124 call void @cond_compute_av(%struct.avtab* %89, %struct.winsize* nonnull %15, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 %157 = inttoptr i64 %119 to %struct.ebitmap_node* %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %157, i64 0, i32 1, i64 0 %159 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %157, i64 0, i32 2 %160 = load i32, i32* %159, align 8 %161 = add i32 %118, 1 %162 = sub i32 %161, %160 %163 = zext i32 %162 to i64 %164 = call i64 @_find_next_bit(i64* %158, i64* null, i64 384, i64 %163, i64 0, i64 0) #78 %165 = and i64 %164, 4294967168 %166 = icmp ult i64 %165, 384 br i1 %166, label %167, label %171 %172 = inttoptr i64 %119 to i64* %173 = load i64, i64* %172, align 8 %174 = icmp eq i64 %173, 0 br i1 %174, label %192, label %175 %176 = phi i64 [ %190, %188 ], [ %173, %171 ] %177 = inttoptr i64 %176 to %struct.ebitmap_node* %178 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %177, i64 0, i32 1, i64 0 %179 = call i64 @_find_first_bit(i64* %178, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 %100 = and i64 %99, 4294967168 %101 = icmp ult i64 %100, 384 br i1 %101, label %106, label %102 %107 = inttoptr i64 %96 to %struct.ebitmap_node* %108 = trunc i64 %99 to i32 %109 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %107, i64 0, i32 2 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, %108 %112 = load i32, i32* %85, align 8 %113 = icmp ult i32 %111, %112 br i1 %113, label %114, label %199 %115 = trunc i32 %91 to i16 %116 = add i16 %115, 1 br label %117 %118 = phi i32 [ %111, %114 ], [ %196, %194 ] %119 = phi i64 [ %96, %114 ], [ %195, %194 ] store i16 %116, i16* %86, align 8 %120 = trunc i32 %118 to i16 %121 = add i16 %120, 1 store i16 %121, i16* %87, align 2 %122 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %88, %struct.winsize* nonnull %15) #78 %123 = icmp eq %struct.avtab_node* %122, null br i1 %123, label %156, label %124 %125 = phi %struct.avtab_node* [ %154, %151 ], [ %122, %117 ] %126 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %125, i64 0, i32 0, i32 3 %127 = load i16, i16* %126, align 2 switch i16 %127, label %146 [ i16 1, label %128 i16 2, label %134 i16 4, label %140 ] %147 = and i16 %127, 1792 %148 = icmp eq i16 %147, 0 %149 = or i1 %20, %148 br i1 %149, label %151, label %150 %152 = load i16, i16* %46, align 2 %153 = zext i16 %152 to i32 %154 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %125, i32 %153) #78 %155 = icmp eq %struct.avtab_node* %154, null br i1 %155, label %156, label %124 call void @cond_compute_av(%struct.avtab* %89, %struct.winsize* nonnull %15, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 %157 = inttoptr i64 %119 to %struct.ebitmap_node* %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %157, i64 0, i32 1, i64 0 %159 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %157, i64 0, i32 2 %160 = load i32, i32* %159, align 8 %161 = add i32 %118, 1 %162 = sub i32 %161, %160 %163 = zext i32 %162 to i64 %164 = call i64 @_find_next_bit(i64* %158, i64* null, i64 384, i64 %163, i64 0, i64 0) #78 %165 = and i64 %164, 4294967168 %166 = icmp ult i64 %165, 384 br i1 %166, label %167, label %171 %172 = inttoptr i64 %119 to i64* %173 = load i64, i64* %172, align 8 %174 = icmp eq i64 %173, 0 br i1 %174, label %192, label %175 %176 = phi i64 [ %190, %188 ], [ %173, %171 ] %177 = inttoptr i64 %176 to %struct.ebitmap_node* %178 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %177, i64 0, i32 1, i64 0 %179 = call i64 @_find_first_bit(i64* %178, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %19 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %20 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %21 = bitcast i16* %8 to i8* store i16 0, i16* %8, align 2 %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 %100 = and i64 %99, 4294967168 %101 = icmp ult i64 %100, 384 br i1 %101, label %106, label %102 %107 = inttoptr i64 %96 to %struct.ebitmap_node* %108 = trunc i64 %99 to i32 %109 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %107, i64 0, i32 2 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, %108 %112 = load i32, i32* %85, align 8 %113 = icmp ult i32 %111, %112 br i1 %113, label %114, label %199 %115 = trunc i32 %91 to i16 %116 = add i16 %115, 1 br label %117 %118 = phi i32 [ %111, %114 ], [ %196, %194 ] %119 = phi i64 [ %96, %114 ], [ %195, %194 ] store i16 %116, i16* %86, align 8 %120 = trunc i32 %118 to i16 %121 = add i16 %120, 1 store i16 %121, i16* %87, align 2 %122 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %88, %struct.winsize* nonnull %15) #78 %123 = icmp eq %struct.avtab_node* %122, null br i1 %123, label %156, label %124 %125 = phi %struct.avtab_node* [ %154, %151 ], [ %122, %117 ] %126 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %125, i64 0, i32 0, i32 3 %127 = load i16, i16* %126, align 2 switch i16 %127, label %146 [ i16 1, label %128 i16 2, label %134 i16 4, label %140 ] %147 = and i16 %127, 1792 %148 = icmp eq i16 %147, 0 %149 = or i1 %20, %148 br i1 %149, label %151, label %150 %152 = load i16, i16* %46, align 2 %153 = zext i16 %152 to i32 %154 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %125, i32 %153) #78 %155 = icmp eq %struct.avtab_node* %154, null br i1 %155, label %156, label %124 call void @cond_compute_av(%struct.avtab* %89, %struct.winsize* nonnull %15, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 %157 = inttoptr i64 %119 to %struct.ebitmap_node* %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %157, i64 0, i32 1, i64 0 %159 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %157, i64 0, i32 2 %160 = load i32, i32* %159, align 8 %161 = add i32 %118, 1 %162 = sub i32 %161, %160 %163 = zext i32 %162 to i64 %164 = call i64 @_find_next_bit(i64* %158, i64* null, i64 384, i64 %163, i64 0, i64 0) #78 %165 = and i64 %164, 4294967168 %166 = icmp ult i64 %165, 384 br i1 %166, label %167, label %171 %172 = inttoptr i64 %119 to i64* %173 = load i64, i64* %172, align 8 %174 = icmp eq i64 %173, 0 br i1 %174, label %192, label %175 %176 = phi i64 [ %190, %188 ], [ %173, %171 ] %177 = inttoptr i64 %176 to %struct.ebitmap_node* %178 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %177, i64 0, i32 1, i64 0 %179 = call i64 @_find_first_bit(i64* %178, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 %100 = and i64 %99, 4294967168 %101 = icmp ult i64 %100, 384 br i1 %101, label %106, label %102 %107 = inttoptr i64 %96 to %struct.ebitmap_node* %108 = trunc i64 %99 to i32 %109 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %107, i64 0, i32 2 %110 = load i32, i32* %109, align 8 %111 = add i32 %110, %108 %112 = load i32, i32* %85, align 8 %113 = icmp ult i32 %111, %112 br i1 %113, label %114, label %199 %115 = trunc i32 %91 to i16 %116 = add i16 %115, 1 br label %117 %118 = phi i32 [ %111, %114 ], [ %196, %194 ] %119 = phi i64 [ %96, %114 ], [ %195, %194 ] store i16 %116, i16* %86, align 8 %120 = trunc i32 %118 to i16 %121 = add i16 %120, 1 store i16 %121, i16* %87, align 2 %122 = call %struct.avtab_node* @avtab_search_node(%struct.avtab* %88, %struct.winsize* nonnull %15) #78 %123 = icmp eq %struct.avtab_node* %122, null br i1 %123, label %156, label %124 %125 = phi %struct.avtab_node* [ %154, %151 ], [ %122, %117 ] %126 = getelementptr inbounds %struct.avtab_node, %struct.avtab_node* %125, i64 0, i32 0, i32 3 %127 = load i16, i16* %126, align 2 switch i16 %127, label %146 [ i16 1, label %128 i16 2, label %134 i16 4, label %140 ] %147 = and i16 %127, 1792 %148 = icmp eq i16 %147, 0 %149 = or i1 %20, %148 br i1 %149, label %151, label %150 %152 = load i16, i16* %46, align 2 %153 = zext i16 %152 to i32 %154 = call %struct.avtab_node* @avtab_search_node_next(%struct.avtab_node* nonnull %125, i32 %153) #78 %155 = icmp eq %struct.avtab_node* %154, null br i1 %155, label %156, label %124 call void @cond_compute_av(%struct.avtab* %89, %struct.winsize* nonnull %15, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #78 %157 = inttoptr i64 %119 to %struct.ebitmap_node* %158 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %157, i64 0, i32 1, i64 0 %159 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %157, i64 0, i32 2 %160 = load i32, i32* %159, align 8 %161 = add i32 %118, 1 %162 = sub i32 %161, %160 %163 = zext i32 %162 to i64 %164 = call i64 @_find_next_bit(i64* %158, i64* null, i64 384, i64 %163, i64 0, i64 0) #78 %165 = and i64 %164, 4294967168 %166 = icmp ult i64 %165, 384 br i1 %166, label %167, label %171 %172 = inttoptr i64 %119 to i64* %173 = load i64, i64* %172, align 8 %174 = icmp eq i64 %173, 0 br i1 %174, label %192, label %175 %176 = phi i64 [ %190, %188 ], [ %173, %171 ] %177 = inttoptr i64 %176 to %struct.ebitmap_node* %178 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %177, i64 0, i32 1, i64 0 %179 = call i64 @_find_first_bit(i64* %178, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 16 %14 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct* %17 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %16, i64 0, i32 85 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %26, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 %100 = and i64 %99, 4294967168 %101 = icmp ult i64 %100, 384 br i1 %101, label %106, label %102 %103 = inttoptr i64 %96 to i64* %104 = load i64, i64* %103, align 8 %105 = icmp eq i64 %104, 0 br i1 %105, label %199, label %95 %200 = inttoptr i64 %92 to %struct.ebitmap_node* %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %200, i64 0, i32 1, i64 0 %202 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %200, i64 0, i32 2 %203 = load i32, i32* %202, align 8 %204 = add i32 %91, 1 %205 = sub i32 %204, %203 %206 = zext i32 %205 to i64 %207 = call i64 @_find_next_bit(i64* %201, i64* null, i64 384, i64 %206, i64 0, i64 0) #78 %208 = and i64 %207, 4294967168 %209 = icmp ult i64 %208, 384 br i1 %209, label %210, label %214 %215 = inttoptr i64 %92 to i64* %216 = load i64, i64* %215, align 8 %217 = icmp eq i64 %216, 0 br i1 %217, label %235, label %218 %219 = phi i64 [ %233, %231 ], [ %216, %214 ] %220 = inttoptr i64 %219 to %struct.ebitmap_node* %221 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %220, i64 0, i32 1, i64 0 %222 = call i64 @_find_first_bit(i64* %221, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 85 %11 = load %struct.cred*, %struct.cred** %10, align 64 %12 = getelementptr inbounds %struct.cred, %struct.cred* %11, i64 0, i32 20 %13 = load i8*, i8** %12, align 8 %14 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %15 = sext i32 %14 to i64 %16 = getelementptr i8, i8* %13, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 %20 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %19, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 %100 = and i64 %99, 4294967168 %101 = icmp ult i64 %100, 384 br i1 %101, label %106, label %102 %103 = inttoptr i64 %96 to i64* %104 = load i64, i64* %103, align 8 %105 = icmp eq i64 %104, 0 br i1 %105, label %199, label %95 %200 = inttoptr i64 %92 to %struct.ebitmap_node* %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %200, i64 0, i32 1, i64 0 %202 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %200, i64 0, i32 2 %203 = load i32, i32* %202, align 8 %204 = add i32 %91, 1 %205 = sub i32 %204, %203 %206 = zext i32 %205 to i64 %207 = call i64 @_find_next_bit(i64* %201, i64* null, i64 384, i64 %206, i64 0, i64 0) #78 %208 = and i64 %207, 4294967168 %209 = icmp ult i64 %208, 384 br i1 %209, label %210, label %214 %215 = inttoptr i64 %92 to i64* %216 = load i64, i64* %215, align 8 %217 = icmp eq i64 %216, 0 br i1 %217, label %235, label %218 %219 = phi i64 [ %233, %231 ], [ %216, %214 ] %220 = inttoptr i64 %219 to %struct.ebitmap_node* %221 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %220, i64 0, i32 1, i64 0 %222 = call i64 @_find_first_bit(i64* %221, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 16 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 9 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %19 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %20 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %21 = bitcast i16* %8 to i8* store i16 0, i16* %8, align 2 %22 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %23 = inttoptr i64 %22 to %struct.task_struct* %24 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %23, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 20 %27 = load i8*, i8** %26, align 8 %28 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %29 = sext i32 %28 to i64 %30 = getelementptr i8, i8* %27, i64 %29 %31 = getelementptr inbounds i8, i8* %30, i64 4 %32 = bitcast i8* %31 to i32* %33 = load i32, i32* %32, align 4 %34 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %33, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 %100 = and i64 %99, 4294967168 %101 = icmp ult i64 %100, 384 br i1 %101, label %106, label %102 %103 = inttoptr i64 %96 to i64* %104 = load i64, i64* %103, align 8 %105 = icmp eq i64 %104, 0 br i1 %105, label %199, label %95 %200 = inttoptr i64 %92 to %struct.ebitmap_node* %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %200, i64 0, i32 1, i64 0 %202 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %200, i64 0, i32 2 %203 = load i32, i32* %202, align 8 %204 = add i32 %91, 1 %205 = sub i32 %204, %203 %206 = zext i32 %205 to i64 %207 = call i64 @_find_next_bit(i64* %201, i64* null, i64 384, i64 %206, i64 0, i64 0) #78 %208 = and i64 %207, 4294967168 %209 = icmp ult i64 %208, 384 br i1 %209, label %210, label %214 %215 = inttoptr i64 %92 to i64* %216 = load i64, i64* %215, align 8 %217 = icmp eq i64 %216, 0 br i1 %217, label %235, label %218 %219 = phi i64 [ %233, %231 ], [ %216, %214 ] %220 = inttoptr i64 %219 to %struct.ebitmap_node* %221 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %220, i64 0, i32 1, i64 0 %222 = call i64 @_find_first_bit(i64* %221, i64 384) #78 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 16 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 9 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %16 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %17 = inttoptr i64 %16 to %struct.task_struct* %18 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %17, i64 0, i32 85 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 20 %21 = load i8*, i8** %20, align 8 %22 = load i32, i32* getelementptr inbounds (%struct.x86_pmu_capability, %struct.x86_pmu_capability* @selinux_blob_sizes, i64 0, i32 0), align 4 %23 = sext i32 %22 to i64 %24 = getelementptr i8, i8* %21, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = tail call i32 @avc_has_perm(%struct.selinux_state* nonnull bitcast (%struct.selinux_state.273763* @selinux_state to %struct.selinux_state*), i32 %27, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data* null) #78 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #78 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 7 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !8 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = load volatile %struct.hlist_node*, %struct.hlist_node** %22, align 8 %24 = icmp eq %struct.hlist_node* %23, null %25 = getelementptr %struct.hlist_node, %struct.hlist_node* %23, i64 -3, i32 1 %26 = icmp eq %struct.hlist_node*** %25, null %27 = or i1 %24, %26 br i1 %27, label %53, label %28 %29 = bitcast %struct.hlist_node*** %25 to %struct.avc_node* br label %30 %31 = phi %struct.avc_node* [ %49, %43 ], [ %29, %28 ] %32 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 0 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, %1 br i1 %34, label %35, label %43 %36 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 2 %37 = load i16, i16* %36, align 8 %38 = icmp eq i16 %37, %3 br i1 %38, label %39, label %43 %40 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 0, i32 1 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %2 br i1 %42, label %51, label %43 %44 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %31, i64 0, i32 1, i32 0 %45 = load volatile %struct.hlist_node*, %struct.hlist_node** %44, align 8 %46 = icmp eq %struct.hlist_node* %45, null %47 = getelementptr %struct.hlist_node, %struct.hlist_node* %45, i64 -3, i32 1 %48 = bitcast %struct.hlist_node*** %47 to %struct.avc_node* %49 = select i1 %46, %struct.avc_node* null, %struct.avc_node* %48 %50 = icmp eq %struct.avc_node* %49, null br i1 %50, label %53, label %30 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !9 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #78 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void @rcu_read_unlock_strict() #78 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store volatile %struct.list_head* %7, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void bitcast (void (%struct.selinux_state.273763*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)* @security_compute_av to void (%struct.selinux_state*, i32, i32, i16, %struct.gnet_stats_queue*, %struct.extended_perms*)*)(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %10) #78 Function:security_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 8 %8 = load volatile %struct.selinux_policy*, %struct.selinux_policy** %7, align 8 %9 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %11, align 4 %12 = icmp eq %struct.selinux_policy* %8, null br i1 %12, label %16, label %13 %17 = phi i32 [ %15, %13 ], [ 0, %6 ] %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %17, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %20, align 4 %21 = getelementptr inbounds %struct.selinux_state.273763, %struct.selinux_state.273763* %0, i64 0, i32 3 %22 = load volatile i8, i8* %21, align 1, !range !5 %23 = icmp eq i8 %22, 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %23, label %298, label %24 %25 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1 %26 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 0 %27 = load %struct.sidtab*, %struct.sidtab** %26, align 8 %28 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %1) #78 %29 = icmp eq %struct.sidtab_entry* %28, null %30 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2 %31 = icmp eq %struct.context* %30, null %32 = or i1 %29, %31 br i1 %32, label %33, label %35 %36 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 1, i32 22 %37 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %28, i64 0, i32 2, i32 2 %38 = load i32, i32* %37, align 8 %39 = zext i32 %38 to i64 %40 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %36, i64 %39) #78 %41 = icmp eq i32 %40, 0 br i1 %41, label %45, label %42 %46 = tail call %struct.sidtab_entry* @sidtab_search_entry(%struct.sidtab* %27, i32 %2) #78 %47 = icmp eq %struct.sidtab_entry* %46, null %48 = getelementptr inbounds %struct.sidtab_entry, %struct.sidtab_entry* %46, i64 0, i32 2 %49 = icmp eq %struct.context* %48, null %50 = or i1 %47, %49 br i1 %50, label %51, label %53 %54 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2 %55 = getelementptr inbounds %struct.selinux_policy, %struct.selinux_policy* %8, i64 0, i32 2, i32 1 %56 = load i16, i16* %55, align 8 %57 = icmp ugt i16 %56, %3 br i1 %57, label %58, label %64 %65 = phi i16 [ %63, %58 ], [ %3, %53 ] %66 = icmp ne i16 %3, 0 %67 = icmp eq i16 %65, 0 %68 = and i1 %66, %67 br i1 %68, label %69, label %74, !prof !7, !misexpect !8 tail call fastcc void @context_struct_compute_av(%struct.policydb* %25, %struct.context* nonnull %30, %struct.context* nonnull %48, i16 zeroext %65, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #80 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.winsize* %16 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %19, align 4 %20 = icmp eq %struct.extended_perms* %5, null br i1 %20, label %25, label %21 %26 = icmp eq i16 %3, 0 br i1 %26, label %32, label %27, !prof !4 %28 = zext i16 %3 to i32 %29 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %30 = load i32, i32* %29, align 8 %31 = icmp ult i32 %30, %28 br i1 %31, label %32, label %38, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %40 = load %struct.class_datum**, %struct.class_datum*** %39, align 8 %41 = zext i16 %3 to i64 %42 = add nsw i64 %41, -1 %43 = getelementptr %struct.class_datum*, %struct.class_datum** %40, i64 %42 %44 = load %struct.class_datum*, %struct.class_datum** %43, align 8 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 2 store i16 %3, i16* %45, align 4 %46 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 3 store i16 1799, i16* %46, align 2 %47 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 20 %48 = load %struct.ebitmap*, %struct.ebitmap** %47, align 8 %49 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %50 = load i32, i32* %49, align 8 %51 = add i32 %50, -1 %52 = zext i32 %51 to i64 %53 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52 %54 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %55 = load i32, i32* %54, align 8 %56 = add i32 %55, -1 %57 = zext i32 %56 to i64 %58 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57 %59 = bitcast %struct.ebitmap* %53 to i64* %60 = load i64, i64* %59, align 8 %61 = icmp eq i64 %60, 0 br i1 %61, label %242, label %62 %63 = phi i64 [ %71, %69 ], [ %60, %38 ] %64 = inttoptr i64 %63 to %struct.ebitmap_node* %65 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %64, i64 0, i32 1, i64 0 %66 = tail call i64 @_find_first_bit(i64* %65, i64 384) #78 %67 = and i64 %66, 4294967168 %68 = icmp ult i64 %67, 384 br i1 %68, label %73, label %69 %74 = inttoptr i64 %63 to %struct.ebitmap_node* %75 = trunc i64 %66 to i32 %76 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %74, i64 0, i32 2 %77 = load i32, i32* %76, align 8 %78 = add i32 %77, %75 %79 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %80 = load i32, i32* %79, align 8 %81 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %52, i32 1 %82 = icmp ult i32 %78, %80 br i1 %82, label %83, label %242 %84 = bitcast %struct.ebitmap* %58 to i64* %85 = getelementptr %struct.ebitmap, %struct.ebitmap* %48, i64 %57, i32 1 %86 = bitcast i64* %14 to i16* %87 = getelementptr inbounds %struct.winsize, %struct.winsize* %15, i64 0, i32 1 %88 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 7 %89 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 13 br label %90 %91 = phi i32 [ %78, %83 ], [ %239, %237 ] %92 = phi i64 [ %63, %83 ], [ %238, %237 ] %93 = load i64, i64* %84, align 8 %94 = icmp eq i64 %93, 0 br i1 %94, label %199, label %95 %96 = phi i64 [ %104, %102 ], [ %93, %90 ] %97 = inttoptr i64 %96 to %struct.ebitmap_node* %98 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %97, i64 0, i32 1, i64 0 %99 = call i64 @_find_first_bit(i64* %98, i64 384) #78 %100 = and i64 %99, 4294967168 %101 = icmp ult i64 %100, 384 br i1 %101, label %106, label %102 %103 = inttoptr i64 %96 to i64* %104 = load i64, i64* %103, align 8 %105 = icmp eq i64 %104, 0 br i1 %105, label %199, label %95 %200 = inttoptr i64 %92 to %struct.ebitmap_node* %201 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %200, i64 0, i32 1, i64 0 %202 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %200, i64 0, i32 2 %203 = load i32, i32* %202, align 8 %204 = add i32 %91, 1 %205 = sub i32 %204, %203 %206 = zext i32 %205 to i64 %207 = call i64 @_find_next_bit(i64* %201, i64* null, i64 384, i64 %206, i64 0, i64 0) #78 %208 = and i64 %207, 4294967168 %209 = icmp ult i64 %208, 384 br i1 %209, label %210, label %214 %215 = inttoptr i64 %92 to i64* %216 = load i64, i64* %215, align 8 %217 = icmp eq i64 %216, 0 br i1 %217, label %235, label %218 %219 = phi i64 [ %233, %231 ], [ %216, %214 ] %220 = inttoptr i64 %219 to %struct.ebitmap_node* %221 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %220, i64 0, i32 1, i64 0 %222 = call i64 @_find_first_bit(i64* %221, i64 384) #78 ------------- Good: 661 Bad: 31 Ignored: 1423 Check Use of Function:vfat_rename Check Use of Function:d_splice_alias Check Use of Function:rtnl_register Check Use of Function:nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs4_do_setattr 1 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #78 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236429** %24 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236429* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236429* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236429* %31, %struct.nfs4_label* null) #79 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236401** %15 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236429* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236428* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 2 %27 = bitcast %struct.nfs_fh** %24 to %struct.seqcount_spinlock** %28 = bitcast %struct.nfs_setattrargs* %8 to i8* store %struct.seqcount_spinlock* %26, %struct.seqcount_spinlock** %27, align 8 %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %30 = bitcast %struct.nfs4_stateid_struct* %29 to i8* %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %32, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %34 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %34, i32** %33, align 8 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %35, align 8 %36 = bitcast %struct.nfs_setattrres* %9 to i8* %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 %38 = bitcast %struct.nfs_setattrres* %9 to i8* store %struct.nfs_fattr* %2, %struct.nfs_fattr** %37, align 8 %39 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %39, align 8 %40 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %40, align 8 %41 = bitcast %struct.nfs4_exception* %10 to i8* %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236428* %22, %struct.nfs4_state.236428** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %29, %struct.nfs4_stateid_struct** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = and i32 %49, 6145 %51 = icmp eq i32 %50, 0 %52 = select i1 %51, i64 256, i64 131328 %53 = and i32 %49, 6 %54 = icmp eq i32 %53, 0 %55 = or i64 %52, 4096 %56 = select i1 %54, i64 %52, i64 %55 %57 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 35, i64 0 %58 = bitcast i32* %57 to i8* %59 = icmp eq %struct.inode* %0, null %60 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 38 %61 = bitcast %struct.seqcount_spinlock* %60 to i64* %62 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 0 %64 = icmp eq %struct.nfs4_state.236428* %22, null %65 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %22, i64 0, i32 13 br label %66 br i1 %59, label %92, label %67 %68 = call i32 @nfs4_have_delegation(%struct.inode* nonnull %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_write_setup ------------- Path:  Function:nfs4_proc_write_setup %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %0, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.236401** %10 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %9, align 16 %11 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %0, i64 0, i32 26 %12 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %11, align 8 %13 = icmp eq %struct.nfs_client.236460* %12, null br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %0, i64 0, i32 13 %16 = load %struct.nfs_direct_req*, %struct.nfs_direct_req** %15, align 8 %17 = icmp eq %struct.nfs_direct_req* %16, null br i1 %17, label %18, label %21 %19 = tail call i32 @nfs4_have_delegation(%struct.inode* %5, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 2 %17 = bitcast %struct.nfs_fh** %14 to %struct.seqcount_spinlock** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %33 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236401** %62 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %61, align 16 store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 store i32* null, i32** %18, align 8 %63 = load i32, i32* %20, align 8 store i32 %63, i32* %19, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %64 = load i64, i64* %31, align 8 store i64 %64, i64* %32, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #78 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #78 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %33, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %109, label %70 %110 = phi i32 [ %99, %107 ], [ -12, %67 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_access, %111)) #6 to label %125 [label %111], !srcloc !4 %126 = load %struct.super_block*, %struct.super_block** %11, align 8 %127 = getelementptr inbounds %struct.super_block, %struct.super_block* %126, i64 0, i32 28 %128 = bitcast i8** %127 to %struct.nfs_server.236401** %129 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %128, align 16 %130 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %129, i32 %110, %struct.nfs4_exception* nonnull %8) #79 %131 = load i8, i8* %57, align 8 %132 = and i8 %131, 8 %133 = icmp eq i8 %132, 0 br i1 %133, label %134, label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236401** %62 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %61, align 16 store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 store i32* null, i32** %18, align 8 %63 = load i32, i32* %20, align 8 store i32 %63, i32* %19, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %64 = load i64, i64* %31, align 8 store i64 %64, i64* %32, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_getattr ------------- Path:  Function:nfs4_proc_getattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca [3 x i32], align 4 %9 = alloca %struct.nfs4_server_caps_arg, align 8 %10 = alloca %struct.nfs4_getattr_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 5 store i8 1, i8* %14, align 1 %15 = bitcast [3 x i32]* %8 to i8* %16 = bitcast %struct.nfs4_server_caps_arg* %9 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 0 %21 = bitcast %struct.nfs4_getattr_res* %10 to i8* %22 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0 %23 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 1 %24 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 2 %25 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 3 %26 = bitcast %struct.rpc_message* %11 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs4_server_caps_arg** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs4_getattr_res** %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %33 = icmp eq %struct.inode* %4, null %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 8 %35 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %36 = bitcast i32* %35 to i8* %37 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 24, i32 2 %38 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %37, i64 38 %39 = bitcast %struct.seqcount_spinlock* %38 to i64* %40 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 1 %41 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0, i32 0 %44 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %47 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 %51 = bitcast %struct.rpc_task_setup* %7 to i8* %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %53 = bitcast %struct.rpc_clnt** %52 to i64* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %56 = bitcast %struct.rpc_xprt** %54 to i8* %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %58 = bitcast %struct.rpc_call_ops** %57 to i64* %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %60 = bitcast i8** %59 to %struct.nfs4_call_sync_data** %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 9 %64 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %65 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %23, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %24, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %25, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 18), %struct.rpc_procinfo** %27, align 8 store %struct.nfs4_server_caps_arg* %9, %struct.nfs4_server_caps_arg** %29, align 8 store %struct.nfs4_getattr_res* %10, %struct.nfs4_getattr_res** %31, align 8 store %struct.cred* null, %struct.cred** %32, align 8 br i1 %33, label %66, label %67 %68 = load i32, i32* %34, align 8 %69 = lshr i32 %68, 11 %70 = trunc i32 %69 to i16 %71 = and i16 %70, 4096 %72 = call i32 @nfs4_have_delegation(%struct.inode* nonnull %4, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_setlease 1 nfs4_setlease ------------- Path:  Function:nfs4_setlease %5 = tail call i32 @nfs4_proc_setlease(%struct.file* %0, i64 %1, %struct.file_lock** %2, i8** %3) #78 Function:nfs4_proc_setlease switch i64 %1, label %22 [ i64 0, label %5 i64 1, label %5 i64 2, label %20 ] %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq i64 %1, 0 %9 = select i1 %8, i32 1, i32 2 %10 = tail call i32 @nfs4_have_delegation(%struct.inode* %7, i32 %9) #78 ------------- Good: 6 Bad: 5 Ignored: 2 Check Use of Function:mon_bin_ioctl Use: =BAD PATH= Call Stack: 0 mon_bin_compat_ioctl ------------- Path:  Function:mon_bin_compat_ioctl %4 = alloca %struct.uid_gid_extent, align 4 %5 = alloca %struct.uid_gid_extent, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mon_reader_bin** %8 = load %struct.mon_reader_bin*, %struct.mon_reader_bin** %7, align 8 switch i32 %1, label %79 [ i32 1074565638, label %9 i32 1074565642, label %9 i32 -1072918009, label %32 i32 -2146921981, label %81 i32 37377, label %84 i32 37381, label %84 i32 37380, label %84 i32 37384, label %84 ] %85 = tail call i64 @mon_bin_ioctl(%struct.file* %0, i32 %1, i64 %2) #79 ------------- Use: =BAD PATH= Call Stack: 0 mon_bin_compat_ioctl ------------- Path:  Function:mon_bin_compat_ioctl %4 = alloca %struct.uid_gid_extent, align 4 %5 = alloca %struct.uid_gid_extent, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.mon_reader_bin** %8 = load %struct.mon_reader_bin*, %struct.mon_reader_bin** %7, align 8 switch i32 %1, label %79 [ i32 1074565638, label %9 i32 1074565642, label %9 i32 -1072918009, label %32 i32 -2146921981, label %81 i32 37377, label %84 i32 37381, label %84 i32 37380, label %84 i32 37384, label %84 ] %82 = and i64 %2, 4294967295 %83 = tail call i64 @mon_bin_ioctl(%struct.file* %0, i32 -2146921981, i64 %82) #79 ------------- Good: 1 Bad: 2 Ignored: 2 Check Use of Function:irq_domain_free_irqs Check Use of Function:ext4_rename_dir_finish Check Use of Function:pgprot_writecombine Check Use of Function:pagecache_isize_extended Check Use of Function:ext4_extent_block_csum_set Check Use of Function:ieee80211_purge_tx_queue Check Use of Function:snd_disconnect_ioctl Check Use of Function:proc_reg_compat_ioctl Check Use of Function:dput_to_list Check Use of Function:compat_sock_ioctl Check Use of Function:qdisc_lookup Check Use of Function:msdos_rmdir Check Use of Function:ext4_xattr_inode_iget Check Use of Function:ext4_fc_stop_update Check Use of Function:qdisc_notify Check Use of Function:ext4_free_inode Check Use of Function:acpi_install_notify_handler Check Use of Function:ext4_xattr_set_entry Check Use of Function:acpi_bus_init_irq Check Use of Function:compat_blkdev_ioctl Check Use of Function:ext4_unregister_sysfs Check Use of Function:ieee80211_teardown_tdls_peers Check Use of Function:rtc_dev_ioctl Use: =BAD PATH= Call Stack: 0 rtc_dev_compat_ioctl ------------- Path:  Function:rtc_dev_compat_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.rtc_device.693670** %6 = load %struct.rtc_device.693670*, %struct.rtc_device.693670** %5, align 8 %7 = trunc i64 %2 to i32 %8 = and i64 %2, 4294967295 switch i32 %1, label %61 [ i32 -2147192821, label %9 i32 1074032652, label %20 i32 1074032654, label %38 ] %62 = tail call i64 @rtc_dev_ioctl(%struct.file* %0, i32 %1, i64 %8) #79 ------------- Good: 1 Bad: 1 Ignored: 3 Check Use of Function:try_to_free_swap Check Use of Function:pci_config_pm_runtime_put Check Use of Function:__setplane_check Check Use of Function:__ext4_msg Use: =BAD PATH= Call Stack: 0 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca %struct.readahead_control, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.hw_perf_event_extra, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 4 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 16384 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %853 %15 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %16 = bitcast i8** %15 to %struct.ext4_sb_info** %17 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %16, align 16 %18 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %17, i64 0, i32 15 %19 = load %struct.ext4_super_block*, %struct.ext4_super_block** %18, align 8 %20 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %19, i64 0, i32 28 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 32 %23 = icmp eq i32 %22, 0 br i1 %23, label %540, label %24 %25 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 34 %26 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %25, i64 10, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %540, label %42 %43 = bitcast %struct.anon.1* %25 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 33 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %540, label %47 %48 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #78 %60 = icmp eq i8* %59, null br i1 %60, label %853, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %88 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %93 %71 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %72 = inttoptr i64 %71 to %struct.task_struct* %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %72, i64 0, i32 0, i32 2 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, 2 %76 = icmp eq i32 %75, 0 %77 = trunc i64 %57 to i32 %78 = shl i32 %77, 1 %79 = lshr i64 %57, 31 %80 = trunc i64 %79 to i32 %81 = and i32 %80, -2 %82 = select i1 %76, i32 %81, i32 %78 %83 = getelementptr inbounds i8, i8* %59, i64 32 %84 = bitcast i8* %83 to i32* store i32 %82, i32* %84, align 8 %85 = load i32, i32* %73, align 8 %86 = and i32 %85, 2 %87 = icmp eq i32 %86, 0 br i1 %87, label %99, label %101 %100 = trunc i64 %57 to i32 br label %101 %102 = phi i32 [ %100, %99 ], [ 0, %70 ], [ 0, %88 ] %103 = getelementptr inbounds i8, i8* %59, i64 36 %104 = bitcast i8* %103 to i32* store i32 %102, i32* %104, align 4 store i8* %59, i8** %48, align 8 br label %105 %106 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %101 ] %107 = phi i32 [ %54, %52 ], [ %64, %101 ] %108 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %109 = load i64, i64* %108, align 8 %110 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %111 = and i32 %107, 512 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %124 %114 = and i32 %107, 1024 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %123 %117 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct* %119 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %123, label %124 br label %124 %125 = phi i64 [ 9223372036854775807, %123 ], [ 2147483647, %116 ], [ 2147483647, %105 ] %126 = icmp eq i64 %109, %125 br i1 %126, label %853, label %127 %128 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 3 %129 = load i64, i64* %128, align 8 %130 = icmp eq i64 %129, %109 br i1 %130, label %202, label %131 %203 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 2 %204 = load %struct.fname*, %struct.fname** %203, align 8 %205 = icmp eq %struct.fname* %204, null br i1 %205, label %277, label %206 %207 = load %struct.inode*, %struct.inode** %6, align 8 %208 = getelementptr inbounds %struct.inode, %struct.inode* %207, i64 0, i32 8 %209 = load %struct.super_block*, %struct.super_block** %208, align 8 %210 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 0 %211 = load i32, i32* %210, align 8 %212 = getelementptr inbounds %struct.fname, %struct.fname* %204, i64 0, i32 1 %213 = load i32, i32* %212, align 4 br i1 %112, label %214, label %224 %215 = and i32 %107, 1024 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %227 %218 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %219 = inttoptr i64 %218 to %struct.task_struct* %220 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %219, i64 0, i32 0, i32 2 %221 = load i32, i32* %220, align 8 %222 = and i32 %221, 2 %223 = icmp eq i32 %222, 0 br i1 %223, label %227, label %224 %228 = lshr i32 %211, 1 %229 = zext i32 %228 to i64 %230 = shl nuw nsw i64 %229, 32 %231 = zext i32 %213 to i64 %232 = or i64 %230, %231 br label %233 %234 = phi i64 [ %226, %224 ], [ %232, %227 ] store i64 %234, i64* %108, align 8 %235 = getelementptr inbounds %struct.super_block, %struct.super_block* %209, i64 0, i32 28 %236 = bitcast i8** %235 to %struct.ext4_sb_info** %237 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %238 %239 = phi %struct.fname* [ %204, %233 ], [ %271, %269 ] %240 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 7, i64 0 %241 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 5 %242 = load i8, i8* %241, align 4 %243 = zext i8 %242 to i32 %244 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 4 %245 = load i32, i32* %244, align 8 %246 = zext i32 %245 to i64 %247 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 6 %248 = load i8, i8* %247, align 1 %249 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %236, align 16 %250 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %249, i64 0, i32 15 %251 = load %struct.ext4_super_block*, %struct.ext4_super_block** %250, align 8 %252 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %251, i64 0, i32 29 %253 = load i32, i32* %252, align 8 %254 = and i32 %253, 2 %255 = icmp eq i32 %254, 0 %256 = icmp ugt i8 %248, 7 %257 = or i1 %256, %255 br i1 %257, label %262, label %258 %259 = zext i8 %248 to i64 %260 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %259 %261 = load i8, i8* %260, align 1 br label %262 %263 = phi i8 [ %261, %258 ], [ 0, %238 ] %264 = zext i8 %263 to i32 %265 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %237, align 8 %266 = load i64, i64* %108, align 8 %267 = tail call i32 %265(%struct.dir_context* %1, i8* %240, i32 %243, i64 %266, i64 %246, i32 %264) #78 %268 = icmp eq i32 %267, 0 br i1 %268, label %269, label %273 %270 = getelementptr inbounds %struct.fname, %struct.fname* %239, i64 0, i32 3 %271 = load %struct.fname*, %struct.fname** %270, align 8 %272 = icmp eq %struct.fname* %271, null br i1 %272, label %276, label %238 store %struct.fname* null, %struct.fname** %203, align 8 br label %464 %465 = phi i32 [ 0, %276 ], [ %375, %390 ], [ %375, %457 ] %466 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %467 = load %struct.rb_node*, %struct.rb_node** %466, align 8 %468 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %467) #78 store %struct.rb_node* %468, %struct.rb_node** %466, align 8 %469 = icmp eq %struct.rb_node* %468, null %470 = bitcast %struct.rb_node* %468 to i8* br i1 %469, label %480, label %471 %481 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %482 = load i32, i32* %481, align 8 %483 = icmp eq i32 %482, -1 br i1 %483, label %484, label %501 %502 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %482, i32* %502, align 8 %503 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 0, i32* %503, align 4 br label %287 %288 = phi i8* [ %470, %471 ], [ %470, %501 ], [ %281, %277 ], [ %286, %282 ] %289 = phi %struct.rb_node* [ %468, %471 ], [ null, %501 ], [ %279, %277 ], [ %285, %282 ] %290 = phi i32 [ %465, %471 ], [ %465, %501 ], [ 0, %277 ], [ 0, %282 ] %291 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 1 %292 = icmp eq %struct.rb_node* %289, null br i1 %292, label %300, label %293 %294 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 %295 = load i64, i64* %294, align 8 %296 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %297 = load volatile i64, i64* %296, align 8 %298 = lshr i64 %297, 1 %299 = icmp eq i64 %298, %295 br i1 %299, label %373, label %300 store %struct.rb_node* null, %struct.rb_node** %291, align 8 %301 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0 %302 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %301) #78 %303 = icmp eq %struct.rb_node* %302, null %304 = getelementptr %struct.rb_node, %struct.rb_node* %302, i64 -1, i32 2 %305 = icmp eq %struct.rb_node** %304, null %306 = or i1 %303, %305 br i1 %306, label %326, label %307 %308 = bitcast %struct.rb_node** %304 to %struct.fname* br label %311 %312 = phi %struct.fname* [ %318, %309 ], [ %308, %307 ] %313 = getelementptr inbounds %struct.fname, %struct.fname* %312, i64 0, i32 2 %314 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %313) #78 %315 = icmp eq %struct.rb_node* %314, null %316 = getelementptr %struct.rb_node, %struct.rb_node* %314, i64 -1, i32 2 %317 = bitcast %struct.rb_node** %316 to %struct.fname* %318 = select i1 %315, %struct.fname* null, %struct.fname* %317 %319 = icmp eq %struct.fname* %312, null br i1 %319, label %309, label %320 %321 = phi %struct.fname* [ %323, %320 ], [ %312, %311 ] %322 = getelementptr inbounds %struct.fname, %struct.fname* %321, i64 0, i32 3 %323 = load %struct.fname*, %struct.fname** %322, align 8 %324 = bitcast %struct.fname* %321 to i8* tail call void @kfree(i8* nonnull %324) #78 %325 = icmp eq %struct.fname* %323, null br i1 %325, label %309, label %320 %310 = icmp eq %struct.fname* %318, null br i1 %310, label %326, label %311 %327 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %327, align 8 %328 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 33, i32 0 %329 = load volatile i64, i64* %328, align 8 br label %330 %331 = phi i64 [ %329, %326 ], [ %337, %335 ] %332 = and i64 %331, 1 %333 = icmp eq i64 %332, 0 br i1 %333, label %335, label %334 %336 = or i64 %331, 1 %337 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %328, i64 %336, i64 %331, i64* %328) #6, !srcloc !6 %338 = icmp eq i64 %337, %331 br i1 %338, label %339, label %330, !prof !7, !misexpect !8 %340 = lshr i64 %331, 1 %341 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 store i64 %340, i64* %341, align 8 %342 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 %343 = load i32, i32* %342, align 8 %344 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 %345 = load i32, i32* %344, align 4 %346 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 6 %347 = tail call i32 @ext4_htree_fill_tree(%struct.file* %0, i32 %343, i32 %345, i32* %346) #78 %348 = icmp slt i32 %347, 0 br i1 %348, label %349, label %351 %352 = icmp eq i32 %347, 0 br i1 %352, label %353, label %370 %371 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %301) #78 store %struct.rb_node* %371, %struct.rb_node** %291, align 8 %372 = bitcast %struct.rb_node* %371 to i8* br label %373 %374 = phi i8* [ %288, %293 ], [ %372, %370 ] %375 = phi i32 [ %290, %293 ], [ %347, %370 ] %376 = getelementptr i8, i8* %374, i64 -8 %377 = bitcast i8* %376 to %struct.fname* %378 = bitcast i8* %376 to i32* %379 = load i32, i32* %378, align 8 %380 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 4 store i32 %379, i32* %380, align 8 %381 = getelementptr i8, i8* %374, i64 -4 %382 = bitcast i8* %381 to i32* %383 = load i32, i32* %382, align 4 %384 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %106, i64 0, i32 5 store i32 %383, i32* %384, align 4 %385 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %386 = load %struct.inode*, %struct.inode** %6, align 8 %387 = getelementptr inbounds %struct.inode, %struct.inode* %386, i64 0, i32 8 %388 = load %struct.super_block*, %struct.super_block** %387, align 8 %389 = icmp eq i8* %376, null br i1 %389, label %390, label %396 %391 = getelementptr inbounds %struct.inode, %struct.inode* %386, i64 0, i32 11 %392 = load i64, i64* %391, align 8 %393 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %394 = inttoptr i64 %393 to %struct.task_struct* %395 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %394, i64 0, i32 87, i64 0 tail call void (%struct.super_block*, i8*, i8*, ...) @__ext4_msg(%struct.super_block* %388, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.11.19008, i64 0, i64 0), i8* getelementptr inbounds ([54 x i8], [54 x i8]* @.str.12.19009, i64 0, i64 0), i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.call_filldir, i64 0, i64 0), i32 532, i64 %392, i8* %395) #78 ------------- Good: 330 Bad: 1 Ignored: 32 Check Use of Function:__ext4_journal_stop Check Use of Function:d_move Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #78 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %92, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222506*, %struct.dentry.222508*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #78 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %92 %93 = phi %struct.dentry* [ %56, %69 ], [ %56, %84 ], [ %56, %80 ], [ %56, %75 ], [ %4, %52 ], [ %4, %46 ] %94 = phi %struct.inode* [ %57, %69 ], [ %57, %84 ], [ %57, %80 ], [ %57, %75 ], [ %10, %52 ], [ %10, %46 ] %95 = phi %struct.dentry* [ %58, %69 ], [ %58, %84 ], [ %58, %80 ], [ %58, %75 ], [ %50, %52 ], [ null, %46 ] %96 = phi %struct.dentry* [ %59, %69 ], [ %59, %84 ], [ %59, %80 ], [ %59, %75 ], [ %40, %52 ], [ %40, %46 ] %97 = phi i32 [ %71, %69 ], [ 0, %84 ], [ %82, %80 ], [ %73, %75 ], [ -16, %52 ], [ -16, %46 ] %98 = icmp eq %struct.dentry* %96, null br i1 %98, label %100, label %99 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %101)) #6 to label %115 [label %101], !srcloc !4 switch i32 %97, label %180 [ i32 0, label %116 i32 -2, label %172 ] %117 = icmp eq %struct.inode* %94, null br i1 %117, label %131, label %118 tail call void bitcast (void (%struct.dentry.150061*, %struct.dentry.150061*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #78 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %92, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222506*, %struct.dentry.222508*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #78 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %92 %93 = phi %struct.dentry* [ %56, %69 ], [ %56, %84 ], [ %56, %80 ], [ %56, %75 ], [ %4, %52 ], [ %4, %46 ] %94 = phi %struct.inode* [ %57, %69 ], [ %57, %84 ], [ %57, %80 ], [ %57, %75 ], [ %10, %52 ], [ %10, %46 ] %95 = phi %struct.dentry* [ %58, %69 ], [ %58, %84 ], [ %58, %80 ], [ %58, %75 ], [ %50, %52 ], [ null, %46 ] %96 = phi %struct.dentry* [ %59, %69 ], [ %59, %84 ], [ %59, %80 ], [ %59, %75 ], [ %40, %52 ], [ %40, %46 ] %97 = phi i32 [ %71, %69 ], [ 0, %84 ], [ %82, %80 ], [ %73, %75 ], [ -16, %52 ], [ -16, %46 ] %98 = icmp eq %struct.dentry* %96, null br i1 %98, label %100, label %99 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %101)) #6 to label %115 [label %101], !srcloc !4 switch i32 %97, label %180 [ i32 0, label %116 i32 -2, label %172 ] %117 = icmp eq %struct.inode* %94, null br i1 %117, label %131, label %118 tail call void bitcast (void (%struct.dentry.150061*, %struct.dentry.150061*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 5 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = icmp eq i32 %5, 0 br i1 %11, label %12, label %183 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp eq %struct.inode* %10, null br i1 %28, label %55, label %29 %30 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 0 %31 = load i16, i16* %30, align 8 %32 = and i16 %31, -4096 %33 = icmp eq i16 %32, 16384 br i1 %33, label %55, label %34 %35 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 2, i32 1 %36 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %35, align 8 %37 = icmp eq %struct.hlist_bl_node** %36, null br i1 %37, label %39, label %38 %40 = phi %struct.dentry* [ null, %34 ], [ %4, %38 ] %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 7, i32 0 %42 = bitcast %struct.anon.1* %41 to %struct.swap_cluster_info* %43 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %42, i64 0, i32 1 %44 = load i32, i32* %43, align 4 %45 = icmp ugt i32 %44, 2 br i1 %45, label %46, label %55 %47 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 3 %48 = load %struct.dentry*, %struct.dentry** %47, align 8 %49 = getelementptr inbounds %struct.dentry, %struct.dentry* %4, i64 0, i32 4 %50 = tail call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_alloc to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %48, %struct.qstr* %49) #78 %51 = icmp eq %struct.dentry* %50, null br i1 %51, label %92, label %52 %53 = tail call i32 bitcast (i32 (%struct.inode.222506*, %struct.dentry.222508*)* @nfs_sillyrename to i32 (%struct.inode*, %struct.dentry*)*)(%struct.inode* %3, %struct.dentry* %4) #78 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %92 %93 = phi %struct.dentry* [ %56, %69 ], [ %56, %84 ], [ %56, %80 ], [ %56, %75 ], [ %4, %52 ], [ %4, %46 ] %94 = phi %struct.inode* [ %57, %69 ], [ %57, %84 ], [ %57, %80 ], [ %57, %75 ], [ %10, %52 ], [ %10, %46 ] %95 = phi %struct.dentry* [ %58, %69 ], [ %58, %84 ], [ %58, %80 ], [ %58, %75 ], [ %50, %52 ], [ null, %46 ] %96 = phi %struct.dentry* [ %59, %69 ], [ %59, %84 ], [ %59, %80 ], [ %59, %75 ], [ %40, %52 ], [ %40, %46 ] %97 = phi i32 [ %71, %69 ], [ 0, %84 ], [ %82, %80 ], [ %73, %75 ], [ -16, %52 ], [ -16, %46 ] %98 = icmp eq %struct.dentry* %96, null br i1 %98, label %100, label %99 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_rename, %101)) #6 to label %115 [label %101], !srcloc !4 switch i32 %97, label %180 [ i32 0, label %116 i32 -2, label %172 ] %117 = icmp eq %struct.inode* %94, null br i1 %117, label %131, label %118 tail call void bitcast (void (%struct.dentry.150061*, %struct.dentry.150061*)* @d_move to void (%struct.dentry*, %struct.dentry*)*)(%struct.dentry* %2, %struct.dentry* %93) #78 ------------- Good: 4 Bad: 3 Ignored: 3 Check Use of Function:unregister_netdevice_notifier Check Use of Function:acpi_early_processor_set_pdc Check Use of Function:__ext4_handle_dirty_metadata Check Use of Function:ip6_input Check Use of Function:ext4_zero_partial_blocks Check Use of Function:shmem_rmdir Check Use of Function:add_dirent_to_buf Check Use of Function:suspend_devices_and_enter Check Use of Function:bad_inode_atomic_open Check Use of Function:put_pid_ns Check Use of Function:__ext4_warning_inode Check Use of Function:ring_buffer_nest_end Check Use of Function:__ext4_find_entry Use: =BAD PATH= Call Stack: 0 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.util_est* %9 = getelementptr inbounds %struct.util_est, %struct.util_est* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 tail call void bitcast (void (%struct.dentry.153949*)* @generic_set_encrypted_ci_d_ops to void (%struct.dentry*)*)(%struct.dentry* %1) #78 %22 = call fastcc %struct.buffer_head* @__ext4_find_entry(%struct.inode* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #78 ------------- Good: 10 Bad: 1 Ignored: 3 Check Use of Function:crypto_destroy_tfm Check Use of Function:e1000e_reset_interrupt_capability Check Use of Function:mutex_is_locked Use: =BAD PATH= Call Stack: 0 n_tty_poll ------------- Path:  Function:n_tty_poll %4 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 27 %5 = icmp eq %struct.poll_table_struct.359966* %2, null br i1 %5, label %21, label %6 %22 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 29 %23 = bitcast i8** %22 to %struct.n_tty_data** %24 = load %struct.n_tty_data*, %struct.n_tty_data** %23, align 8 %25 = getelementptr %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 13, i32 5, i64 5 %26 = load i8, i8* %25, align 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %34 %29 = getelementptr %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 13, i32 5, i64 6 %30 = load i8, i8* %29, align 1 %31 = icmp eq i8 %30, 0 %32 = select i1 %31, i8 1, i8 %30 %33 = zext i8 %32 to i64 br label %34 %35 = phi i64 [ 1, %21 ], [ %33, %28 ] %36 = getelementptr inbounds %struct.n_tty_data, %struct.n_tty_data* %24, i64 0, i32 10 %37 = load i8, i8* %36, align 1 %38 = and i8 %37, 16 %39 = icmp eq i8 %38, 0 br i1 %39, label %45, label %40 %41 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 13, i32 3 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 65536 %44 = icmp eq i32 %43, 0 br i1 %44, label %52, label %45 %53 = getelementptr inbounds %struct.n_tty_data, %struct.n_tty_data* %24, i64 0, i32 2 %54 = load i64, i64* %53, align 8 %55 = getelementptr inbounds %struct.n_tty_data, %struct.n_tty_data* %24, i64 0, i32 14 %56 = load i64, i64* %55, align 8 %57 = icmp eq i64 %54, %56 br i1 %57, label %58, label %97 %98 = phi i32 [ 65, %52 ], [ %96, %94 ], [ 65, %45 ] %99 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 20, i32 4 %100 = load i8, i8* %99, align 1, !range !4 %101 = icmp eq i8 %100, 0 br i1 %101, label %109, label %102 %103 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 24 %104 = load %struct.tty_struct.360259*, %struct.tty_struct.360259** %103, align 8 %105 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %104, i64 0, i32 20, i32 3 %106 = load i8, i8* %105, align 8 %107 = icmp eq i8 %106, 0 %108 = select i1 %107, i32 %98, i32 67 br label %109 %110 = phi i32 [ %98, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 16 %112 = load volatile i64, i64* %111, align 8 %113 = and i64 %112, 4 %114 = icmp eq i64 %113, 0 %115 = or i32 %110, 16 %116 = tail call i32 bitcast (i32 (%struct.file*)* @tty_hung_up_p to i32 (%struct.file.360146*)*)(%struct.file.360146* %1) #78 %117 = icmp eq i32 %116, 0 %118 = and i1 %117, %114 %119 = select i1 %118, i32 %110, i32 %115 %120 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 4 %121 = load %struct.tty_operations.360253*, %struct.tty_operations.360253** %120, align 8 %122 = getelementptr inbounds %struct.tty_operations.360253, %struct.tty_operations.360253* %121, i64 0, i32 7 %123 = load i32 (%struct.tty_struct.360259*, i8*, i32)*, i32 (%struct.tty_struct.360259*, i8*, i32)** %122, align 8 %124 = icmp eq i32 (%struct.tty_struct.360259*, i8*, i32)* %123, null br i1 %124, label %136, label %125 %126 = getelementptr inbounds %struct.tty_struct.360259, %struct.tty_struct.360259* %0, i64 0, i32 8 %127 = tail call zeroext i1 @mutex_is_locked(%struct.mutex* %126) #78 ------------- Good: 303 Bad: 1 Ignored: 237 Check Use of Function:timens_commit Check Use of Function:release_dentry_name_snapshot Check Use of Function:ext4_mark_iloc_dirty Check Use of Function:dm_blk_ioctl Check Use of Function:ieee80211_check_fast_xmit Check Use of Function:free_nsproxy Check Use of Function:cn_netlink_send Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 comm_write ------------- Path:  Function:comm_write %5 = alloca [16 x i8], align 16 %6 = getelementptr inbounds %struct.file.177271, %struct.file.177271* %0, i64 0, i32 2 %7 = load %struct.inode.177454*, %struct.inode.177454** %6, align 8 %8 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %9 = icmp ult i64 %2, 15 %10 = select i1 %9, i64 %2, i64 15 %11 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %10) #78 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %41 %15 = getelementptr %struct.inode.177454, %struct.inode.177454* %7, i64 -1, i32 41, i32 13 %16 = bitcast %struct.list_head* %15 to %struct.pid.177248** %17 = load %struct.pid.177248*, %struct.pid.177248** %16, align 8 %18 = call %struct.task_struct.177581* bitcast (%struct.task_struct* (%struct.pid*, i32)* @get_pid_task to %struct.task_struct.177581* (%struct.pid.177248*, i32)*)(%struct.pid.177248* %17, i32 0) #78 %19 = icmp eq %struct.task_struct.177581* %18, null br i1 %19, label %41, label %20 %21 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.177581** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.177581**)) #11, !srcloc !4 %22 = inttoptr i64 %21 to %struct.task_struct.177581* %23 = getelementptr inbounds %struct.task_struct.177581, %struct.task_struct.177581* %22, i64 0, i32 95 %24 = load %struct.signal_struct.177540*, %struct.signal_struct.177540** %23, align 32 %25 = getelementptr inbounds %struct.task_struct.177581, %struct.task_struct.177581* %18, i64 0, i32 95 %26 = load %struct.signal_struct.177540*, %struct.signal_struct.177540** %25, align 32 %27 = icmp eq %struct.signal_struct.177540* %24, %26 br i1 %27, label %28, label %29 call void bitcast (void (%struct.task_struct*, i8*, i1)* @__set_task_comm to void (%struct.task_struct.177581*, i8*, i1)*)(%struct.task_struct.177581* nonnull %18, i8* nonnull %8, i1 zeroext false) #78 call void bitcast (void (%struct.task_struct.606034*)* @proc_comm_connector to void (%struct.task_struct.177581*)*)(%struct.task_struct.177581* nonnull %18) #78 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %42, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #78 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.606034, %struct.task_struct.606034* %0, i64 0, i32 53 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.606034, %struct.task_struct.606034* %0, i64 0, i32 54 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.606034*)*)(i8* %23, i64 16, %struct.task_struct.606034* %0) #78 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1) to %struct.lock_class_key*)) #6, !srcloc !5 %34 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1), i32 1, i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1)) #6, !srcloc !6 %35 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %38 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %39 = bitcast i8* %38 to i32* store i32 %37, i32* %39, align 4 %40 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 __do_sys_prctl 2 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = tail call fastcc i64 @__do_sys_prctl(i32 %16, i64 %6, i64 %9, i64 %12, i64 %15) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %48 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 15 store i8 0, i8* %48, align 1 %49 = inttoptr i64 %1 to i8* %50 = call i64 @strncpy_from_user(i8* nonnull %9, i8* %49, i64 15) #78 %51 = icmp slt i64 %50, 0 br i1 %51, label %276, label %52 call void @__set_task_comm(%struct.task_struct* %8, i8* nonnull %9, i1 zeroext false) #78 call void bitcast (void (%struct.task_struct.606034*)* @proc_comm_connector to void (%struct.task_struct*)*)(%struct.task_struct* %8) #78 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %42, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #78 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.606034, %struct.task_struct.606034* %0, i64 0, i32 53 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.606034, %struct.task_struct.606034* %0, i64 0, i32 54 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.606034*)*)(i8* %23, i64 16, %struct.task_struct.606034* %0) #78 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1) to %struct.lock_class_key*)) #6, !srcloc !5 %34 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1), i32 1, i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1)) #6, !srcloc !6 %35 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %38 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %39 = bitcast i8* %38 to i32* store i32 %37, i32* %39, align 4 %40 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 __do_sys_prctl 2 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i64 @__do_sys_prctl(i32 %12, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__do_sys_prctl %6 = alloca [16 x i8], align 16 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = tail call i32 @security_task_prctl(i32 %0, i64 %1, i64 %2, i64 %3, i64 %4) #78 %11 = icmp eq i32 %10, -38 br i1 %11, label %14, label %12 switch i32 %0, label %274 [ i32 1, label %15 i32 2, label %20 i32 3, label %31 i32 4, label %37 i32 59, label %270 i32 58, label %257 i32 57, label %242 i32 56, label %237 i32 55, label %233 i32 61, label %228 i32 13, label %43 i32 14, label %44 i32 15, label %47 i32 16, label %53 i32 60, label %225 i32 54, label %221 i32 21, label %58 i32 22, label %60 i32 25, label %63 i32 26, label %66 i32 31, label %70 i32 32, label %73 i32 30, label %76 i32 29, label %79 i32 33, label %87 i32 34, label %107 i32 35, label %121 i32 52, label %208 i32 36, label %125 i32 37, label %135 i32 38, label %150 i32 39, label %159 i32 42, label %168 i32 41, label %180 i32 43, label %276 i32 44, label %276 i32 53, label %215 ] %48 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 15 store i8 0, i8* %48, align 1 %49 = inttoptr i64 %1 to i8* %50 = call i64 @strncpy_from_user(i8* nonnull %9, i8* %49, i64 15) #78 %51 = icmp slt i64 %50, 0 br i1 %51, label %276, label %52 call void @__set_task_comm(%struct.task_struct* %8, i8* nonnull %9, i1 zeroext false) #78 call void bitcast (void (%struct.task_struct.606034*)* @proc_comm_connector to void (%struct.task_struct*)*)(%struct.task_struct* %8) #78 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %42, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #78 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.606034, %struct.task_struct.606034* %0, i64 0, i32 53 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.606034, %struct.task_struct.606034* %0, i64 0, i32 54 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.606034*)*)(i8* %23, i64 16, %struct.task_struct.606034* %0) #78 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* bitcast (i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1) to %struct.lock_class_key*)) #6, !srcloc !5 %34 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1), i32 1, i32* getelementptr inbounds (%struct.local_event, %struct.local_event* @local_event, i64 0, i32 1)) #6, !srcloc !6 %35 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %38 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %39 = bitcast i8* %38 to i32* store i32 %37, i32* %39, align 4 %40 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #78 ------------- Good: 36 Bad: 3 Ignored: 42 Check Use of Function:set_normalized_timespec64 Use: =BAD PATH= Call Stack: 0 select_estimate_accuracy 1 do_sys_poll 2 __se_sys_poll 3 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.174* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #78 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #78 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.174* %5, i32 %6, %struct.cpu_itimer* %28) #78 Function:do_sys_poll %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = alloca [32 x i64], align 16 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = bitcast [32 x i64]* %6 to i8* %9 = bitcast [32 x i64]* %6 to %struct.poll_list* %10 = getelementptr inbounds [32 x i64], [32 x i64]* %6, i64 0, i64 1 %11 = bitcast i64* %10 to i32* %12 = bitcast [32 x i64]* %6 to %struct.poll_list** %13 = zext i32 %1 to i64 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 95 %17 = load %struct.signal_struct*, %struct.signal_struct** %16, align 32 %18 = getelementptr %struct.signal_struct, %struct.signal_struct* %17, i64 0, i32 49, i64 7, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = icmp ult i64 %19, %13 br i1 %20, label %292, label %21 %22 = icmp ult i32 %1, 30 %23 = getelementptr %struct.anon.174, %struct.anon.174* %0, i64 %13 %24 = select i1 %22, i32 %1, i32 30 br label %25 %26 = phi i64 [ %50, %52 ], [ %13, %21 ] %27 = phi %struct.poll_list* [ %59, %52 ], [ %9, %21 ] %28 = phi i32 [ %55, %52 ], [ %24, %21 ] %29 = phi %struct.poll_list** [ %62, %52 ], [ %12, %21 ] %30 = phi i32* [ %61, %52 ], [ %11, %21 ] store %struct.poll_list* null, %struct.poll_list** %29, align 8 store i32 %28, i32* %30, align 8 %31 = icmp eq i32 %28, 0 br i1 %31, label %65, label %32 %33 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %27, i64 0, i32 1 %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = shl nsw i64 %35, 3 %37 = icmp ugt i64 %36, 2147483647 br i1 %37, label %38, label %39, !prof !5, !misexpect !6 %40 = sub i64 0, %26 %41 = getelementptr %struct.anon.174, %struct.anon.174* %23, i64 %40 %42 = bitcast %struct.anon.174* %41 to i8* %43 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %27, i64 0, i32 2, i64 0 %44 = bitcast %struct.anon.174* %43 to i8* %45 = call i64 @_copy_from_user(i8* %44, i8* %42, i64 %36) #78 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %281 %48 = load i32, i32* %33, align 8 %49 = sext i32 %48 to i64 %50 = sub i64 %26, %49 %51 = icmp eq i64 %50, 0 br i1 %51, label %65, label %52 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %70, align 4 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %72, align 8 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %74 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %75 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %76 = icmp eq i32 %75, 0 %77 = select i1 %76, i32 0, i32 32768 %78 = icmp eq %struct.cpu_itimer* %2, null br i1 %78, label %90, label %79 %80 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %88 %84 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %87, label %88 %89 = call i64 @select_estimate_accuracy(%struct.cpu_itimer* nonnull %2) #78 Function:select_estimate_accuracy %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = bitcast %struct.cpu_itimer* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, 99 br i1 %9, label %10, label %51 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %3) #78 %11 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = bitcast %struct.cpu_itimer* %2 to i8* %20 = sub i64 %12, %16 %21 = sub i64 %14, %18 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %20, i64 %21) #78 ------------- Use: =BAD PATH= Call Stack: 0 select_estimate_accuracy 1 do_sys_poll 2 __se_sys_poll 3 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_poll %4 = alloca %struct.cpu_itimer, align 8 %5 = inttoptr i64 %0 to %struct.anon.174* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.cpu_itimer* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %4) #78 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #78 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.cpu_itimer* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.anon.174* %5, i32 %6, %struct.cpu_itimer* %28) #78 Function:do_sys_poll %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = alloca [32 x i64], align 16 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = bitcast [32 x i64]* %6 to i8* %9 = bitcast [32 x i64]* %6 to %struct.poll_list* %10 = getelementptr inbounds [32 x i64], [32 x i64]* %6, i64 0, i64 1 %11 = bitcast i64* %10 to i32* %12 = bitcast [32 x i64]* %6 to %struct.poll_list** %13 = zext i32 %1 to i64 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 95 %17 = load %struct.signal_struct*, %struct.signal_struct** %16, align 32 %18 = getelementptr %struct.signal_struct, %struct.signal_struct* %17, i64 0, i32 49, i64 7, i32 0 %19 = load volatile i64, i64* %18, align 8 %20 = icmp ult i64 %19, %13 br i1 %20, label %292, label %21 %22 = icmp ult i32 %1, 30 %23 = getelementptr %struct.anon.174, %struct.anon.174* %0, i64 %13 %24 = select i1 %22, i32 %1, i32 30 br label %25 %26 = phi i64 [ %50, %52 ], [ %13, %21 ] %27 = phi %struct.poll_list* [ %59, %52 ], [ %9, %21 ] %28 = phi i32 [ %55, %52 ], [ %24, %21 ] %29 = phi %struct.poll_list** [ %62, %52 ], [ %12, %21 ] %30 = phi i32* [ %61, %52 ], [ %11, %21 ] store %struct.poll_list* null, %struct.poll_list** %29, align 8 store i32 %28, i32* %30, align 8 %31 = icmp eq i32 %28, 0 br i1 %31, label %65, label %32 %33 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %27, i64 0, i32 1 %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = shl nsw i64 %35, 3 %37 = icmp ugt i64 %36, 2147483647 br i1 %37, label %38, label %39, !prof !5, !misexpect !6 %40 = sub i64 0, %26 %41 = getelementptr %struct.anon.174, %struct.anon.174* %23, i64 %40 %42 = bitcast %struct.anon.174* %41 to i8* %43 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %27, i64 0, i32 2, i64 0 %44 = bitcast %struct.anon.174* %43 to i8* %45 = call i64 @_copy_from_user(i8* %44, i8* %42, i64 %36) #78 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %281 %48 = load i32, i32* %33, align 8 %49 = sext i32 %48 to i64 %50 = sub i64 %26, %49 %51 = icmp eq i64 %50, 0 br i1 %51, label %65, label %52 %66 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %66, align 8 %67 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %67, align 8 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %70, align 4 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %72, align 8 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %74 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %75 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %76 = icmp eq i32 %75, 0 %77 = select i1 %76, i32 0, i32 32768 %78 = icmp eq %struct.cpu_itimer* %2, null br i1 %78, label %90, label %79 %80 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %81 = load i64, i64* %80, align 8 %82 = icmp eq i64 %81, 0 br i1 %82, label %83, label %88 %84 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %87, label %88 %89 = call i64 @select_estimate_accuracy(%struct.cpu_itimer* nonnull %2) #78 Function:select_estimate_accuracy %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = bitcast %struct.cpu_itimer* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, 99 br i1 %9, label %10, label %51 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %3) #78 %11 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = bitcast %struct.cpu_itimer* %2 to i8* %20 = sub i64 %12, %16 %21 = sub i64 %14, %18 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %20, i64 %21) #78 ------------- Use: =BAD PATH= Call Stack: 0 select_estimate_accuracy 1 do_select 2 compat_core_sys_select 3 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.gnet_stats_queue, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = bitcast %struct.gnet_stats_queue* %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = call i64 @_copy_from_user(i8* nonnull %8, i8* %9, i64 20) #78 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %71 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = inttoptr i64 %17 to i32* %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = inttoptr i64 %21 to i32* %23 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = inttoptr i64 %25 to i32* %27 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = zext i32 %28 to i64 %30 = inttoptr i64 %29 to i8* %31 = bitcast i64* %3 to %struct.util_est* %32 = bitcast %struct.cpu_itimer* %2 to i8* %33 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %34 = icmp eq i32 %28, 0 br i1 %34, label %64, label %35 %36 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %30, i64 8) #78 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %69 %39 = bitcast i64* %3 to i32* %40 = load i32, i32* %39, align 8 %41 = sext i32 %40 to i64 %42 = getelementptr inbounds %struct.util_est, %struct.util_est* %31, i64 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = sdiv i64 %44, 1000000 %46 = add nsw i64 %45, %41 %47 = srem i64 %44, 1000000 %48 = mul nsw i64 %47, 1000 %49 = icmp sgt i64 %46, -1 %50 = icmp ult i64 %48, 1000000000 %51 = and i1 %49, %50 br i1 %51, label %52, label %69 %53 = or i64 %48, %46 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %56 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %2) #78 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %58 = load i64, i64* %57, align 8 %59 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %60 = load i64, i64* %59, align 8 %61 = call { i64, i64 } @timespec64_add_safe(i64 %58, i64 %60, i64 %46, i64 %48) #78 %62 = extractvalue { i64, i64 } %61, 0 %63 = extractvalue { i64, i64 } %61, 1 store i64 %62, i64* %57, align 8 store i64 %63, i64* %59, align 8 br label %64 %65 = phi %struct.cpu_itimer* [ null, %12 ], [ %2, %56 ], [ %2, %55 ] %66 = call fastcc i32 @compat_core_sys_select(i32 %14, i32* %18, i32* %22, i32* %26, %struct.cpu_itimer* %65) #78 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !7, !misexpect !8 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #78 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #78 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #79 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = sext i32 %0 to i64 %12 = and i64 %11, 63 %13 = lshr i64 %11, 6 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 92 %17 = load %struct.files_struct*, %struct.files_struct** %16, align 8 %18 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %17, i64 0, i32 3 %19 = load volatile %struct.fdtable*, %struct.fdtable** %18, align 32 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 3 %21 = load i64*, i64** %20, align 8 %22 = getelementptr i64, i64* %21, i64 %13 %23 = icmp eq i64 %12, 0 br i1 %23, label %48, label %24 %49 = phi i32 [ %96, %93 ], [ 0, %24 ], [ 0, %3 ] %50 = phi i64* [ %85, %93 ], [ %22, %24 ], [ %22, %3 ] %51 = phi i64 [ %86, %93 ], [ %13, %24 ], [ %13, %3 ] %52 = icmp eq i64 %51, 0 br i1 %52, label %97, label %53 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %55 = load i64*, i64** %54, align 8 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %59 = load i64*, i64** %58, align 8 %60 = icmp eq i32 %49, 0 br label %61 %62 = phi i64 [ %51, %53 ], [ %65, %75 ] %63 = phi i64* [ %50, %53 ], [ %64, %75 ] %64 = getelementptr i64, i64* %63, i64 -1 %65 = add i64 %62, -1 %66 = getelementptr i64, i64* %55, i64 %65 %67 = load i64, i64* %66, align 8 %68 = getelementptr i64, i64* %57, i64 %65 %69 = load i64, i64* %68, align 8 %70 = or i64 %69, %67 %71 = getelementptr i64, i64* %59, i64 %65 %72 = load i64, i64* %71, align 8 %73 = or i64 %70, %72 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %77 %78 = load i64, i64* %64, align 8 %79 = xor i64 %78, -1 %80 = and i64 %73, %79 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %97 br i1 %60, label %83, label %75 %76 = icmp eq i64 %65, 0 br i1 %76, label %97, label %61 %98 = phi i32 [ -9, %43 ], [ %49, %48 ], [ %49, %75 ], [ -9, %77 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %99 = icmp slt i32 %98, 0 br i1 %99, label %370, label %100 %101 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %102 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %102, align 8 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %105, align 4 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %109 = icmp eq %struct.cpu_itimer* %2, null br i1 %109, label %121, label %110 %111 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %112 = load i64, i64* %111, align 8 %113 = icmp eq i64 %112, 0 br i1 %113, label %114, label %119 %120 = tail call i64 @select_estimate_accuracy(%struct.cpu_itimer* nonnull %2) #79 Function:select_estimate_accuracy %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = bitcast %struct.cpu_itimer* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, 99 br i1 %9, label %10, label %51 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %3) #78 %11 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = bitcast %struct.cpu_itimer* %2 to i8* %20 = sub i64 %12, %16 %21 = sub i64 %14, %18 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %20, i64 %21) #78 ------------- Use: =BAD PATH= Call Stack: 0 select_estimate_accuracy 1 do_select 2 compat_core_sys_select 3 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to i32* %20 = inttoptr i64 %11 to i32* %21 = inttoptr i64 %14 to i32* %22 = bitcast i64* %3 to %struct.util_est* %23 = bitcast %struct.cpu_itimer* %2 to i8* %24 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %25 = icmp eq i64 %17, 0 %26 = inttoptr i64 %17 to i8* br i1 %25, label %56, label %27 %28 = call i64 @_copy_from_user(i8* nonnull %24, i8* nonnull %26, i64 8) #78 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %61 %31 = bitcast i64* %3 to i32* %32 = load i32, i32* %31, align 8 %33 = sext i32 %32 to i64 %34 = getelementptr inbounds %struct.util_est, %struct.util_est* %22, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = sdiv i64 %36, 1000000 %38 = add nsw i64 %37, %33 %39 = srem i64 %36, 1000000 %40 = mul nsw i64 %39, 1000 %41 = icmp sgt i64 %38, -1 %42 = icmp ult i64 %40, 1000000000 %43 = and i1 %41, %42 br i1 %43, label %44, label %61 %45 = or i64 %40, %38 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %48 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %2) #78 %49 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %52 = load i64, i64* %51, align 8 %53 = call { i64, i64 } @timespec64_add_safe(i64 %50, i64 %52, i64 %38, i64 %40) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 store i64 %54, i64* %49, align 8 store i64 %55, i64* %51, align 8 br label %56 %57 = phi %struct.cpu_itimer* [ null, %1 ], [ %2, %48 ], [ %2, %47 ] %58 = call fastcc i32 @compat_core_sys_select(i32 %18, i32* %19, i32* %20, i32* %21, %struct.cpu_itimer* %57) #78 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %134, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl i64 %24, 35 %26 = ashr exact i64 %25, 32 %27 = icmp ugt i64 %26, 42 br i1 %27, label %28, label %35 %30 = extractvalue { i64, i1 } %29, 1 br i1 %30, label %134, label %31, !prof !7, !misexpect !8 %32 = extractvalue { i64, i1 } %29, 0 %33 = tail call noalias align 8 i8* @__kmalloc(i64 %32, i32 3264) #78 %34 = icmp eq i8* %33, null br i1 %34, label %134, label %35 %36 = phi i8* [ %33, %31 ], [ %9, %11 ] %37 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %36, i8** %37, align 8 %38 = getelementptr i8, i8* %36, i64 %26 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = shl i64 %24, 36 %42 = ashr exact i64 %41, 32 %43 = getelementptr i8, i8* %36, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = mul i64 %24, 103079215104 %47 = ashr exact i64 %46, 32 %48 = getelementptr i8, i8* %36, i64 %47 %49 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %50 = bitcast i64** %49 to i8** store i8* %48, i8** %50, align 8 %51 = shl i64 %24, 37 %52 = ashr exact i64 %51, 32 %53 = getelementptr i8, i8* %36, i64 %52 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %55 = bitcast i64** %54 to i8** store i8* %53, i8** %55, align 8 %56 = mul i64 %24, 171798691840 %57 = ashr exact i64 %56, 32 %58 = getelementptr i8, i8* %36, i64 %57 %59 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %60 = bitcast i64** %59 to i8** store i8* %58, i8** %60, align 8 %61 = icmp eq i32* %1, null br i1 %61, label %62, label %65 %63 = shl nuw nsw i64 %24, 3 %64 = load i64*, i64** %39, align 8 br label %71 %72 = phi i64* [ %64, %62 ], [ %66, %65 ] %73 = icmp eq i32* %2, null br i1 %73, label %74, label %77 %75 = bitcast i64* %72 to i8* %76 = shl nuw nsw i64 %24, 3 br label %81 %82 = load i64*, i64** %44, align 8 %83 = icmp eq i32* %3, null br i1 %83, label %84, label %87 %88 = call i64 @compat_get_bitmap(i64* %82, i32* nonnull %3, i64 %22) #78 %89 = trunc i64 %88 to i32 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %130 %92 = shl nuw nsw i64 %24, 3 br label %93 %94 = phi i64 [ %92, %91 ], [ %86, %84 ] %95 = load i64*, i64** %49, align 8 %96 = bitcast i64* %95 to i8* %97 = load i64*, i64** %54, align 8 %98 = bitcast i64* %97 to i8* %99 = load i64*, i64** %59, align 8 %100 = bitcast i64* %99 to i8* %101 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #79 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = sext i32 %0 to i64 %12 = and i64 %11, 63 %13 = lshr i64 %11, 6 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 92 %17 = load %struct.files_struct*, %struct.files_struct** %16, align 8 %18 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %17, i64 0, i32 3 %19 = load volatile %struct.fdtable*, %struct.fdtable** %18, align 32 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 3 %21 = load i64*, i64** %20, align 8 %22 = getelementptr i64, i64* %21, i64 %13 %23 = icmp eq i64 %12, 0 br i1 %23, label %48, label %24 %49 = phi i32 [ %96, %93 ], [ 0, %24 ], [ 0, %3 ] %50 = phi i64* [ %85, %93 ], [ %22, %24 ], [ %22, %3 ] %51 = phi i64 [ %86, %93 ], [ %13, %24 ], [ %13, %3 ] %52 = icmp eq i64 %51, 0 br i1 %52, label %97, label %53 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %55 = load i64*, i64** %54, align 8 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %59 = load i64*, i64** %58, align 8 %60 = icmp eq i32 %49, 0 br label %61 %62 = phi i64 [ %51, %53 ], [ %65, %75 ] %63 = phi i64* [ %50, %53 ], [ %64, %75 ] %64 = getelementptr i64, i64* %63, i64 -1 %65 = add i64 %62, -1 %66 = getelementptr i64, i64* %55, i64 %65 %67 = load i64, i64* %66, align 8 %68 = getelementptr i64, i64* %57, i64 %65 %69 = load i64, i64* %68, align 8 %70 = or i64 %69, %67 %71 = getelementptr i64, i64* %59, i64 %65 %72 = load i64, i64* %71, align 8 %73 = or i64 %70, %72 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %77 %78 = load i64, i64* %64, align 8 %79 = xor i64 %78, -1 %80 = and i64 %73, %79 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %97 br i1 %60, label %83, label %75 %76 = icmp eq i64 %65, 0 br i1 %76, label %97, label %61 %98 = phi i32 [ -9, %43 ], [ %49, %48 ], [ %49, %75 ], [ -9, %77 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %99 = icmp slt i32 %98, 0 br i1 %99, label %370, label %100 %101 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %102 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %102, align 8 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %105, align 4 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %109 = icmp eq %struct.cpu_itimer* %2, null br i1 %109, label %121, label %110 %111 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %112 = load i64, i64* %111, align 8 %113 = icmp eq i64 %112, 0 br i1 %113, label %114, label %119 %120 = tail call i64 @select_estimate_accuracy(%struct.cpu_itimer* nonnull %2) #79 Function:select_estimate_accuracy %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = bitcast %struct.cpu_itimer* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, 99 br i1 %9, label %10, label %51 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %3) #78 %11 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = bitcast %struct.cpu_itimer* %2 to i8* %20 = sub i64 %12, %16 %21 = sub i64 %14, %18 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %20, i64 %21) #78 ------------- Use: =BAD PATH= Call Stack: 0 select_estimate_accuracy 1 do_select 2 core_sys_select 3 __se_sys_select 4 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #78 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #78 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #78 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #78 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !7, !misexpect !8 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #78 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !7, !misexpect !8 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #78 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !7, !misexpect !8 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #78 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #79 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = sext i32 %0 to i64 %12 = and i64 %11, 63 %13 = lshr i64 %11, 6 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 92 %17 = load %struct.files_struct*, %struct.files_struct** %16, align 8 %18 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %17, i64 0, i32 3 %19 = load volatile %struct.fdtable*, %struct.fdtable** %18, align 32 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 3 %21 = load i64*, i64** %20, align 8 %22 = getelementptr i64, i64* %21, i64 %13 %23 = icmp eq i64 %12, 0 br i1 %23, label %48, label %24 %49 = phi i32 [ %96, %93 ], [ 0, %24 ], [ 0, %3 ] %50 = phi i64* [ %85, %93 ], [ %22, %24 ], [ %22, %3 ] %51 = phi i64 [ %86, %93 ], [ %13, %24 ], [ %13, %3 ] %52 = icmp eq i64 %51, 0 br i1 %52, label %97, label %53 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %55 = load i64*, i64** %54, align 8 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %59 = load i64*, i64** %58, align 8 %60 = icmp eq i32 %49, 0 br label %61 %62 = phi i64 [ %51, %53 ], [ %65, %75 ] %63 = phi i64* [ %50, %53 ], [ %64, %75 ] %64 = getelementptr i64, i64* %63, i64 -1 %65 = add i64 %62, -1 %66 = getelementptr i64, i64* %55, i64 %65 %67 = load i64, i64* %66, align 8 %68 = getelementptr i64, i64* %57, i64 %65 %69 = load i64, i64* %68, align 8 %70 = or i64 %69, %67 %71 = getelementptr i64, i64* %59, i64 %65 %72 = load i64, i64* %71, align 8 %73 = or i64 %70, %72 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %77 %78 = load i64, i64* %64, align 8 %79 = xor i64 %78, -1 %80 = and i64 %73, %79 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %97 br i1 %60, label %83, label %75 %76 = icmp eq i64 %65, 0 br i1 %76, label %97, label %61 %98 = phi i32 [ -9, %43 ], [ %49, %48 ], [ %49, %75 ], [ -9, %77 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %99 = icmp slt i32 %98, 0 br i1 %99, label %370, label %100 %101 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %102 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %102, align 8 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %105, align 4 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %109 = icmp eq %struct.cpu_itimer* %2, null br i1 %109, label %121, label %110 %111 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %112 = load i64, i64* %111, align 8 %113 = icmp eq i64 %112, 0 br i1 %113, label %114, label %119 %120 = tail call i64 @select_estimate_accuracy(%struct.cpu_itimer* nonnull %2) #79 Function:select_estimate_accuracy %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = bitcast %struct.cpu_itimer* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, 99 br i1 %9, label %10, label %51 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %3) #78 %11 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = bitcast %struct.cpu_itimer* %2 to i8* %20 = sub i64 %12, %16 %21 = sub i64 %14, %18 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %20, i64 %21) #78 ------------- Use: =BAD PATH= Call Stack: 0 select_estimate_accuracy 1 do_select 2 core_sys_select 3 __se_sys_select 4 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_select %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %6) #78 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #78 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.cpu_itimer* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.cpu_itimer* %44) #78 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 92 %15 = load %struct.files_struct*, %struct.files_struct** %14, align 8 %16 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %15, i64 0, i32 3 %17 = load volatile %struct.fdtable*, %struct.fdtable** %16, align 32 %18 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %20 = icmp slt i32 %19, %0 %21 = select i1 %20, i32 %19, i32 %0 %22 = sext i32 %21 to i64 %23 = add nsw i64 %22, 63 %24 = lshr i64 %23, 6 %25 = shl nuw nsw i64 %24, 3 %26 = icmp ugt i64 %23, 383 br i1 %26, label %27, label %31 %28 = mul nuw i64 %24, 48 %29 = tail call i8* @kvmalloc_node(i64 %28, i32 3264, i32 -1) #78 %30 = icmp eq i8* %29, null br i1 %30, label %131, label %31 %32 = phi i8* [ %29, %27 ], [ %9, %11 ] %33 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %32, i8** %33, align 8 %34 = getelementptr i8, i8* %32, i64 %25 %35 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %36 = bitcast i64** %35 to i8** store i8* %34, i8** %36, align 8 %37 = shl nuw nsw i64 %24, 4 %38 = getelementptr i8, i8* %32, i64 %37 %39 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %40 = bitcast i64** %39 to i8** store i8* %38, i8** %40, align 8 %41 = mul nuw nsw i64 %24, 24 %42 = getelementptr i8, i8* %32, i64 %41 %43 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %44 = bitcast i64** %43 to i8** store i8* %42, i8** %44, align 8 %45 = shl nuw nsw i64 %24, 5 %46 = getelementptr i8, i8* %32, i64 %45 %47 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %48 = bitcast i64** %47 to i8** store i8* %46, i8** %48, align 8 %49 = mul nuw i64 %24, 40 %50 = getelementptr i8, i8* %32, i64 %49 %51 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %52 = bitcast i64** %51 to i8** store i8* %50, i8** %52, align 8 %53 = bitcast %struct.tcp_mib* %1 to i8* %54 = icmp eq %struct.tcp_mib* %1, null br i1 %54, label %63, label %55 %56 = icmp ugt i64 %23, 17179869183 br i1 %56, label %57, label %58, !prof !7, !misexpect !8 %59 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %53, i64 %25) #78 br label %60 %61 = phi i64 [ %59, %58 ], [ %25, %57 ] %62 = icmp eq i64 %61, 0 br i1 %62, label %64, label %127 %65 = bitcast %struct.tcp_mib* %2 to i8* %66 = icmp eq %struct.tcp_mib* %2, null br i1 %66, label %75, label %67 %68 = icmp ugt i64 %23, 17179869183 br i1 %68, label %69, label %70, !prof !7, !misexpect !8 %71 = call i64 @_copy_from_user(i8* %34, i8* nonnull %65, i64 %25) #78 br label %72 %73 = phi i64 [ %71, %70 ], [ %25, %69 ] %74 = icmp eq i64 %73, 0 br i1 %74, label %76, label %127 %77 = bitcast %struct.tcp_mib* %3 to i8* %78 = icmp eq %struct.tcp_mib* %3, null br i1 %78, label %87, label %79 %80 = icmp ugt i64 %23, 17179869183 br i1 %80, label %81, label %82, !prof !7, !misexpect !8 %83 = call i64 @_copy_from_user(i8* %38, i8* nonnull %77, i64 %25) #78 br label %84 %85 = phi i64 [ %83, %82 ], [ %25, %81 ] %86 = icmp eq i64 %85, 0 br i1 %86, label %88, label %127 %89 = call fastcc i32 @do_select(i32 %21, %struct.fd_set_bits* nonnull %6, %struct.cpu_itimer* %4) #79 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.poll_wqueues, align 8 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = bitcast %struct.poll_wqueues* %5 to i8* %8 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = sext i32 %0 to i64 %12 = and i64 %11, 63 %13 = lshr i64 %11, 6 %14 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %15 = inttoptr i64 %14 to %struct.task_struct* %16 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %15, i64 0, i32 92 %17 = load %struct.files_struct*, %struct.files_struct** %16, align 8 %18 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %17, i64 0, i32 3 %19 = load volatile %struct.fdtable*, %struct.fdtable** %18, align 32 %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 3 %21 = load i64*, i64** %20, align 8 %22 = getelementptr i64, i64* %21, i64 %13 %23 = icmp eq i64 %12, 0 br i1 %23, label %48, label %24 %49 = phi i32 [ %96, %93 ], [ 0, %24 ], [ 0, %3 ] %50 = phi i64* [ %85, %93 ], [ %22, %24 ], [ %22, %3 ] %51 = phi i64 [ %86, %93 ], [ %13, %24 ], [ %13, %3 ] %52 = icmp eq i64 %51, 0 br i1 %52, label %97, label %53 %54 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %55 = load i64*, i64** %54, align 8 %56 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %57 = load i64*, i64** %56, align 8 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %59 = load i64*, i64** %58, align 8 %60 = icmp eq i32 %49, 0 br label %61 %62 = phi i64 [ %51, %53 ], [ %65, %75 ] %63 = phi i64* [ %50, %53 ], [ %64, %75 ] %64 = getelementptr i64, i64* %63, i64 -1 %65 = add i64 %62, -1 %66 = getelementptr i64, i64* %55, i64 %65 %67 = load i64, i64* %66, align 8 %68 = getelementptr i64, i64* %57, i64 %65 %69 = load i64, i64* %68, align 8 %70 = or i64 %69, %67 %71 = getelementptr i64, i64* %59, i64 %65 %72 = load i64, i64* %71, align 8 %73 = or i64 %70, %72 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %77 %78 = load i64, i64* %64, align 8 %79 = xor i64 %78, -1 %80 = and i64 %73, %79 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %97 br i1 %60, label %83, label %75 %76 = icmp eq i64 %65, 0 br i1 %76, label %97, label %61 %98 = phi i32 [ -9, %43 ], [ %49, %48 ], [ %49, %75 ], [ -9, %77 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %99 = icmp slt i32 %98, 0 br i1 %99, label %370, label %100 %101 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 0 store void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)* @__pollwait, void (%struct.file*, %struct.wait_queue_head*, %struct.poll_table_struct*)** %101, align 8 %102 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0, i32 1 store i32 -1, i32* %102, align 8 %103 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 2 store %struct.task_struct* %15, %struct.task_struct** %103, align 8 %104 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 3 store i32 0, i32* %104, align 8 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 4 store i32 0, i32* %105, align 4 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 5 store i32 0, i32* %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %5, i64 0, i32 0 %109 = icmp eq %struct.cpu_itimer* %2, null br i1 %109, label %121, label %110 %111 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %112 = load i64, i64* %111, align 8 %113 = icmp eq i64 %112, 0 br i1 %113, label %114, label %119 %120 = tail call i64 @select_estimate_accuracy(%struct.cpu_itimer* nonnull %2) #79 Function:select_estimate_accuracy %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = bitcast %struct.cpu_itimer* %3 to i8* %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, 99 br i1 %9, label %10, label %51 call void @ktime_get_ts64(%struct.cpu_itimer* nonnull %3) #78 %11 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = bitcast %struct.cpu_itimer* %2 to i8* %20 = sub i64 %12, %16 %21 = sub i64 %14, %18 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %20, i64 %21) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #78 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 %144 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 %144 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 %144 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 %144 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 %144 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 %144 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast i64* %3 to %struct.util_est* %12 = bitcast %struct.cpu_itimer* %2 to i8* %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = icmp eq i64 %6, 0 br i1 %14, label %43, label %15 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %18 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %17, i64 4, i64 %16) #6, !srcloc !4 %19 = extractvalue { i32*, i32, i64 } %18, 0 %20 = extractvalue { i32*, i32, i64 } %18, 1 %21 = extractvalue { i32*, i32, i64 } %18, 2 %22 = ptrtoint i32* %19 to i64 %23 = sext i32 %20 to i64 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %23, i64* %24, align 8 %25 = and i64 %22, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %84, !prof !5, !misexpect !6 %29 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %30 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i32, i64 } %30, 0 %32 = extractvalue { i32*, i32, i64 } %30, 1 %33 = extractvalue { i32*, i32, i64 } %30, 2 %34 = ptrtoint i32* %31 to i64 %35 = sext i32 %32 to i64 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %35, i64* %36, align 8 %37 = and i64 %34, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %84, !prof !5, !misexpect !6 %40 = icmp ugt i32 %32, 1000000 br i1 %40, label %84, label %41 %42 = mul nsw i64 %35, 1000 store i64 %42, i64* %36, align 8 br label %43 %44 = icmp eq i64 %9, 0 br i1 %44, label %49, label %45 %46 = inttoptr i64 %9 to i8* %47 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %46, i64 8) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %84 %50 = phi %struct.util_est* [ null, %43 ], [ %11, %45 ] %51 = select i1 %14, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %14, label %62, label %52 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %54 = load i64, i64* %53, align 8 %55 = icmp slt i64 %54, 0 br i1 %55, label %81, label %56 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %58 = load i64, i64* %57, align 8 %59 = icmp ult i64 %58, 1000000000 %60 = icmp ult i64 %54, 8277292036 %61 = and i1 %60, %59 br i1 %61, label %62, label %81 %63 = call i32 @security_settime64(%struct.cpu_itimer* %51, %struct.util_est* %50) #78 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %81 %66 = icmp eq %struct.util_est* %50, null br i1 %66, label %78, label %67 %68 = getelementptr inbounds %struct.util_est, %struct.util_est* %50, i64 0, i32 0 %69 = load i32, i32* %68, align 4 %70 = add i32 %69, 900 %71 = icmp ugt i32 %70, 1800 br i1 %71, label %81, label %72 %73 = bitcast %struct.util_est* %50 to i64* %74 = load i64, i64* %73, align 4 store i64 %74, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %75 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %75, label %78, label %76 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %14, label %77, label %79 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 %144 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %145 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %148 = load i64, i64* %147, align 8 %149 = icmp sgt i64 %146, 9223372035 %150 = mul i64 %146, 1000000000 %151 = add i64 %150, %148 %152 = select i1 %149, i64 9223372036854775807, i64 %151, !prof !5 %153 = icmp eq i64 %144, %152 br i1 %153, label %155, label %154, !prof !6, !misexpect !7 store i64 %136, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %138, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %156 = sub i64 0, %136 %157 = sub i64 0, %138 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %156, i64 %157) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #78 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast i64* %3 to %struct.util_est* %12 = bitcast %struct.cpu_itimer* %2 to i8* %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = icmp eq i64 %6, 0 br i1 %14, label %43, label %15 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %18 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %17, i64 4, i64 %16) #6, !srcloc !4 %19 = extractvalue { i32*, i32, i64 } %18, 0 %20 = extractvalue { i32*, i32, i64 } %18, 1 %21 = extractvalue { i32*, i32, i64 } %18, 2 %22 = ptrtoint i32* %19 to i64 %23 = sext i32 %20 to i64 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %23, i64* %24, align 8 %25 = and i64 %22, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %84, !prof !5, !misexpect !6 %29 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %30 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i32, i64 } %30, 0 %32 = extractvalue { i32*, i32, i64 } %30, 1 %33 = extractvalue { i32*, i32, i64 } %30, 2 %34 = ptrtoint i32* %31 to i64 %35 = sext i32 %32 to i64 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %35, i64* %36, align 8 %37 = and i64 %34, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %84, !prof !5, !misexpect !6 %40 = icmp ugt i32 %32, 1000000 br i1 %40, label %84, label %41 %42 = mul nsw i64 %35, 1000 store i64 %42, i64* %36, align 8 br label %43 %44 = icmp eq i64 %9, 0 br i1 %44, label %49, label %45 %46 = inttoptr i64 %9 to i8* %47 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %46, i64 8) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %84 %50 = phi %struct.util_est* [ null, %43 ], [ %11, %45 ] %51 = select i1 %14, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %14, label %62, label %52 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %54 = load i64, i64* %53, align 8 %55 = icmp slt i64 %54, 0 br i1 %55, label %81, label %56 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %58 = load i64, i64* %57, align 8 %59 = icmp ult i64 %58, 1000000000 %60 = icmp ult i64 %54, 8277292036 %61 = and i1 %60, %59 br i1 %61, label %62, label %81 %63 = call i32 @security_settime64(%struct.cpu_itimer* %51, %struct.util_est* %50) #78 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %81 %66 = icmp eq %struct.util_est* %50, null br i1 %66, label %78, label %67 %68 = getelementptr inbounds %struct.util_est, %struct.util_est* %50, i64 0, i32 0 %69 = load i32, i32* %68, align 4 %70 = add i32 %69, 900 %71 = icmp ugt i32 %70, 1800 br i1 %71, label %81, label %72 %73 = bitcast %struct.util_est* %50 to i64* %74 = load i64, i64* %73, align 4 store i64 %74, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %75 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %75, label %78, label %76 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %14, label %77, label %79 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 %135 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %136 = load i64, i64* %135, align 8 %137 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %138 = load i64, i64* %137, align 8 %139 = bitcast %struct.cpu_itimer* %4 to i8* %140 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %141 = sub i64 0, %140 %142 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %143 = sub i64 0, %142 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %141, i64 %143) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #78 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast i64* %3 to %struct.util_est* %12 = bitcast %struct.cpu_itimer* %2 to i8* %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = icmp eq i64 %6, 0 br i1 %14, label %43, label %15 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %18 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %17, i64 4, i64 %16) #6, !srcloc !4 %19 = extractvalue { i32*, i32, i64 } %18, 0 %20 = extractvalue { i32*, i32, i64 } %18, 1 %21 = extractvalue { i32*, i32, i64 } %18, 2 %22 = ptrtoint i32* %19 to i64 %23 = sext i32 %20 to i64 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %23, i64* %24, align 8 %25 = and i64 %22, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %84, !prof !5, !misexpect !6 %29 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %30 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i32, i64 } %30, 0 %32 = extractvalue { i32*, i32, i64 } %30, 1 %33 = extractvalue { i32*, i32, i64 } %30, 2 %34 = ptrtoint i32* %31 to i64 %35 = sext i32 %32 to i64 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %35, i64* %36, align 8 %37 = and i64 %34, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %84, !prof !5, !misexpect !6 %40 = icmp ugt i32 %32, 1000000 br i1 %40, label %84, label %41 %42 = mul nsw i64 %35, 1000 store i64 %42, i64* %36, align 8 br label %43 %44 = icmp eq i64 %9, 0 br i1 %44, label %49, label %45 %46 = inttoptr i64 %9 to i8* %47 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %46, i64 8) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %84 %50 = phi %struct.util_est* [ null, %43 ], [ %11, %45 ] %51 = select i1 %14, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %14, label %62, label %52 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %54 = load i64, i64* %53, align 8 %55 = icmp slt i64 %54, 0 br i1 %55, label %81, label %56 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %58 = load i64, i64* %57, align 8 %59 = icmp ult i64 %58, 1000000000 %60 = icmp ult i64 %54, 8277292036 %61 = and i1 %60, %59 br i1 %61, label %62, label %81 %63 = call i32 @security_settime64(%struct.cpu_itimer* %51, %struct.util_est* %50) #78 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %81 %66 = icmp eq %struct.util_est* %50, null br i1 %66, label %78, label %67 %68 = getelementptr inbounds %struct.util_est, %struct.util_est* %50, i64 0, i32 0 %69 = load i32, i32* %68, align 4 %70 = add i32 %69, 900 %71 = icmp ugt i32 %70, 1800 br i1 %71, label %81, label %72 %73 = bitcast %struct.util_est* %50 to i64* %74 = load i64, i64* %73, align 4 store i64 %74, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %75 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %75, label %78, label %76 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %14, label %77, label %79 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %80 = icmp sgt i64 %76, %77 br i1 %80, label %168, label %81 %82 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %83 = load i64, i64* %5, align 8 %84 = sub i64 %82, %83 %85 = trunc i64 %84 to i32 %86 = icmp sgt i32 %85, 0 %87 = icmp slt i64 %73, 0 %88 = or i1 %87, %86 br i1 %88, label %168, label %91 %92 = icmp ult i64 %75, 1000000000 %93 = icmp ult i64 %73, 8277292036 %94 = and i1 %93, %92 br i1 %94, label %95, label %168 %96 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %97 = add i64 %96, %77 store i64 %97, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %98 = load i64, i64* %5, align 8 %99 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %100 = zext i32 %99 to i64 %101 = shl i64 %98, %100 %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %103 = add i64 %101, %102 store i64 %103, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %104 = shl i64 1000000000, %100 %105 = icmp ult i64 %103, %104 br i1 %105, label %107, label %115 %116 = phi i64 [ %119, %115 ], [ %97, %95 ] %117 = phi i64 [ %118, %115 ], [ %103, %95 ] %118 = sub i64 %117, %104 %119 = add i64 %116, 1 %120 = icmp ult i64 %118, %104 br i1 %120, label %106, label %115 store i64 %118, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %119, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %107 %108 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %109 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %110 = zext i32 %109 to i64 %111 = shl i64 1000000000, %110 %112 = icmp ult i64 %108, %111 br i1 %112, label %128, label %113 %129 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %130 = load i64, i64* %66, align 8 %131 = load i64, i64* %5, align 8 %132 = bitcast %struct.cpu_itimer* %2 to i8* %133 = sub i64 %76, %130 %134 = sub i64 %129, %131 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %133, i64 %134) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #78 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __se_sys_settimeofday 3 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 timekeeping_inject_offset 1 timekeeping_warp_clock 2 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast i64* %3 to %struct.util_est* %12 = bitcast %struct.cpu_itimer* %2 to i8* %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = icmp eq i64 %6, 0 br i1 %14, label %43, label %15 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %18 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %17, i64 4, i64 %16) #6, !srcloc !4 %19 = extractvalue { i32*, i32, i64 } %18, 0 %20 = extractvalue { i32*, i32, i64 } %18, 1 %21 = extractvalue { i32*, i32, i64 } %18, 2 %22 = ptrtoint i32* %19 to i64 %23 = sext i32 %20 to i64 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %23, i64* %24, align 8 %25 = and i64 %22, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %84, !prof !5, !misexpect !6 %29 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %30 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i32, i64 } %30, 0 %32 = extractvalue { i32*, i32, i64 } %30, 1 %33 = extractvalue { i32*, i32, i64 } %30, 2 %34 = ptrtoint i32* %31 to i64 %35 = sext i32 %32 to i64 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %35, i64* %36, align 8 %37 = and i64 %34, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %84, !prof !5, !misexpect !6 %40 = icmp ugt i32 %32, 1000000 br i1 %40, label %84, label %41 %42 = mul nsw i64 %35, 1000 store i64 %42, i64* %36, align 8 br label %43 %44 = icmp eq i64 %9, 0 br i1 %44, label %49, label %45 %46 = inttoptr i64 %9 to i8* %47 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %46, i64 8) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %84 %50 = phi %struct.util_est* [ null, %43 ], [ %11, %45 ] %51 = select i1 %14, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %14, label %62, label %52 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %54 = load i64, i64* %53, align 8 %55 = icmp slt i64 %54, 0 br i1 %55, label %81, label %56 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %58 = load i64, i64* %57, align 8 %59 = icmp ult i64 %58, 1000000000 %60 = icmp ult i64 %54, 8277292036 %61 = and i1 %60, %59 br i1 %61, label %62, label %81 %63 = call i32 @security_settime64(%struct.cpu_itimer* %51, %struct.util_est* %50) #78 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %81 %66 = icmp eq %struct.util_est* %50, null br i1 %66, label %78, label %67 %68 = getelementptr inbounds %struct.util_est, %struct.util_est* %50, i64 0, i32 0 %69 = load i32, i32* %68, align 4 %70 = add i32 %69, 900 %71 = icmp ugt i32 %70, 1800 br i1 %71, label %81, label %72 %73 = bitcast %struct.util_est* %50 to i64* %74 = load i64, i64* %73, align 4 store i64 %74, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %75 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %75, label %78, label %76 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %14, label %77, label %79 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %24, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 %106 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %9) #6, !srcloc !4 %11 = extractvalue { i64*, i64, i64 } %10, 0 %12 = extractvalue { i64*, i64, i64 } %10, 1 %13 = extractvalue { i64*, i64, i64 } %10, 2 %14 = ptrtoint i64* %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %12, i64* %15, align 8 %16 = and i64 %14, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 %106 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 %106 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %9) #6, !srcloc !4 %11 = extractvalue { i32*, i32, i64 } %10, 0 %12 = extractvalue { i32*, i32, i64 } %10, 1 %13 = extractvalue { i32*, i32, i64 } %10, 2 %14 = ptrtoint i32* %11 to i64 %15 = sext i32 %12 to i64 %16 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = and i64 %14, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %26, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 %106 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 br i1 %9, label %74, label %72 %73 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %44) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 %106 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 br i1 %9, label %74, label %72 %73 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %44) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 %106 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast i64* %3 to %struct.util_est* %12 = bitcast %struct.cpu_itimer* %2 to i8* %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = icmp eq i64 %6, 0 br i1 %14, label %43, label %15 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %18 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %17, i64 4, i64 %16) #6, !srcloc !4 %19 = extractvalue { i32*, i32, i64 } %18, 0 %20 = extractvalue { i32*, i32, i64 } %18, 1 %21 = extractvalue { i32*, i32, i64 } %18, 2 %22 = ptrtoint i32* %19 to i64 %23 = sext i32 %20 to i64 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %23, i64* %24, align 8 %25 = and i64 %22, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %84, !prof !5, !misexpect !6 %29 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %30 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i32, i64 } %30, 0 %32 = extractvalue { i32*, i32, i64 } %30, 1 %33 = extractvalue { i32*, i32, i64 } %30, 2 %34 = ptrtoint i32* %31 to i64 %35 = sext i32 %32 to i64 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %35, i64* %36, align 8 %37 = and i64 %34, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %84, !prof !5, !misexpect !6 %40 = icmp ugt i32 %32, 1000000 br i1 %40, label %84, label %41 %42 = mul nsw i64 %35, 1000 store i64 %42, i64* %36, align 8 br label %43 %44 = icmp eq i64 %9, 0 br i1 %44, label %49, label %45 %46 = inttoptr i64 %9 to i8* %47 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %46, i64 8) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %84 %50 = phi %struct.util_est* [ null, %43 ], [ %11, %45 ] %51 = select i1 %14, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %14, label %62, label %52 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %54 = load i64, i64* %53, align 8 %55 = icmp slt i64 %54, 0 br i1 %55, label %81, label %56 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %58 = load i64, i64* %57, align 8 %59 = icmp ult i64 %58, 1000000000 %60 = icmp ult i64 %54, 8277292036 %61 = and i1 %60, %59 br i1 %61, label %62, label %81 %63 = call i32 @security_settime64(%struct.cpu_itimer* %51, %struct.util_est* %50) #78 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %81 %66 = icmp eq %struct.util_est* %50, null br i1 %66, label %78, label %67 %68 = getelementptr inbounds %struct.util_est, %struct.util_est* %50, i64 0, i32 0 %69 = load i32, i32* %68, align 4 %70 = add i32 %69, 900 %71 = icmp ugt i32 %70, 1800 br i1 %71, label %81, label %72 %73 = bitcast %struct.util_est* %50 to i64* %74 = load i64, i64* %73, align 4 store i64 %74, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %75 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %75, label %78, label %76 br i1 %14, label %81, label %79 %80 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %51) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 %106 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 5), align 8 %107 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 0 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %4, i64 0, i32 1 %110 = load i64, i64* %109, align 8 %111 = icmp sgt i64 %108, 9223372035 %112 = mul i64 %108, 1000000000 %113 = add i64 %112, %110 %114 = select i1 %111, i64 9223372036854775807, i64 %113, !prof !5 %115 = icmp eq i64 %106, %114 br i1 %115, label %117, label %116, !prof !6, !misexpect !7 store i64 %98, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 store i64 %100, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %118 = sub i64 0, %98 %119 = sub i64 0, %100 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %118, i64 %119) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %24, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %9) #6, !srcloc !4 %11 = extractvalue { i64*, i64, i64 } %10, 0 %12 = extractvalue { i64*, i64, i64 } %10, 1 %13 = extractvalue { i64*, i64, i64 } %10, 2 %14 = ptrtoint i64* %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %12, i64* %15, align 8 %16 = and i64 %14, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %9) #6, !srcloc !4 %11 = extractvalue { i32*, i32, i64 } %10, 0 %12 = extractvalue { i32*, i32, i64 } %10, 1 %13 = extractvalue { i32*, i32, i64 } %10, 2 %14 = ptrtoint i32* %11 to i64 %15 = sext i32 %12 to i64 %16 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = and i64 %14, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %26, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 br i1 %9, label %74, label %72 %73 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %44) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 br i1 %9, label %74, label %72 %73 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %44) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast i64* %3 to %struct.util_est* %12 = bitcast %struct.cpu_itimer* %2 to i8* %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = icmp eq i64 %6, 0 br i1 %14, label %43, label %15 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %18 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %17, i64 4, i64 %16) #6, !srcloc !4 %19 = extractvalue { i32*, i32, i64 } %18, 0 %20 = extractvalue { i32*, i32, i64 } %18, 1 %21 = extractvalue { i32*, i32, i64 } %18, 2 %22 = ptrtoint i32* %19 to i64 %23 = sext i32 %20 to i64 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %23, i64* %24, align 8 %25 = and i64 %22, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %84, !prof !5, !misexpect !6 %29 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %30 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i32, i64 } %30, 0 %32 = extractvalue { i32*, i32, i64 } %30, 1 %33 = extractvalue { i32*, i32, i64 } %30, 2 %34 = ptrtoint i32* %31 to i64 %35 = sext i32 %32 to i64 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %35, i64* %36, align 8 %37 = and i64 %34, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %84, !prof !5, !misexpect !6 %40 = icmp ugt i32 %32, 1000000 br i1 %40, label %84, label %41 %42 = mul nsw i64 %35, 1000 store i64 %42, i64* %36, align 8 br label %43 %44 = icmp eq i64 %9, 0 br i1 %44, label %49, label %45 %46 = inttoptr i64 %9 to i8* %47 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %46, i64 8) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %84 %50 = phi %struct.util_est* [ null, %43 ], [ %11, %45 ] %51 = select i1 %14, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %14, label %62, label %52 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %54 = load i64, i64* %53, align 8 %55 = icmp slt i64 %54, 0 br i1 %55, label %81, label %56 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %58 = load i64, i64* %57, align 8 %59 = icmp ult i64 %58, 1000000000 %60 = icmp ult i64 %54, 8277292036 %61 = and i1 %60, %59 br i1 %61, label %62, label %81 %63 = call i32 @security_settime64(%struct.cpu_itimer* %51, %struct.util_est* %50) #78 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %81 %66 = icmp eq %struct.util_est* %50, null br i1 %66, label %78, label %67 %68 = getelementptr inbounds %struct.util_est, %struct.util_est* %50, i64 0, i32 0 %69 = load i32, i32* %68, align 4 %70 = add i32 %69, 900 %71 = icmp ugt i32 %70, 1800 br i1 %71, label %81, label %72 %73 = bitcast %struct.util_est* %50 to i64* %74 = load i64, i64* %73, align 4 store i64 %74, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %75 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %75, label %78, label %76 br i1 %14, label %81, label %79 %80 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %51) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 %97 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.cpu_itimer* %4 to i8* %102 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %103 = sub i64 0, %102 %104 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %105 = sub i64 0, %104 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %4, i64 %103, i64 %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %24, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %9) #6, !srcloc !4 %11 = extractvalue { i64*, i64, i64 } %10, 0 %12 = extractvalue { i64*, i64, i64 } %10, 1 %13 = extractvalue { i64*, i64, i64 } %10, 2 %14 = ptrtoint i64* %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %12, i64* %15, align 8 %16 = and i64 %14, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %9) #6, !srcloc !4 %11 = extractvalue { i32*, i32, i64 } %10, 0 %12 = extractvalue { i32*, i32, i64 } %10, 1 %13 = extractvalue { i32*, i32, i64 } %10, 2 %14 = ptrtoint i32* %11 to i64 %15 = sext i32 %12 to i64 %16 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = and i64 %14, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %26, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 br i1 %9, label %74, label %72 %73 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %44) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 br i1 %9, label %74, label %72 %73 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %44) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast i64* %3 to %struct.util_est* %12 = bitcast %struct.cpu_itimer* %2 to i8* %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = icmp eq i64 %6, 0 br i1 %14, label %43, label %15 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %18 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %17, i64 4, i64 %16) #6, !srcloc !4 %19 = extractvalue { i32*, i32, i64 } %18, 0 %20 = extractvalue { i32*, i32, i64 } %18, 1 %21 = extractvalue { i32*, i32, i64 } %18, 2 %22 = ptrtoint i32* %19 to i64 %23 = sext i32 %20 to i64 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %23, i64* %24, align 8 %25 = and i64 %22, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %84, !prof !5, !misexpect !6 %29 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %30 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i32, i64 } %30, 0 %32 = extractvalue { i32*, i32, i64 } %30, 1 %33 = extractvalue { i32*, i32, i64 } %30, 2 %34 = ptrtoint i32* %31 to i64 %35 = sext i32 %32 to i64 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %35, i64* %36, align 8 %37 = and i64 %34, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %84, !prof !5, !misexpect !6 %40 = icmp ugt i32 %32, 1000000 br i1 %40, label %84, label %41 %42 = mul nsw i64 %35, 1000 store i64 %42, i64* %36, align 8 br label %43 %44 = icmp eq i64 %9, 0 br i1 %44, label %49, label %45 %46 = inttoptr i64 %9 to i8* %47 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %46, i64 8) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %84 %50 = phi %struct.util_est* [ null, %43 ], [ %11, %45 ] %51 = select i1 %14, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %14, label %62, label %52 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %54 = load i64, i64* %53, align 8 %55 = icmp slt i64 %54, 0 br i1 %55, label %81, label %56 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %58 = load i64, i64* %57, align 8 %59 = icmp ult i64 %58, 1000000000 %60 = icmp ult i64 %54, 8277292036 %61 = and i1 %60, %59 br i1 %61, label %62, label %81 %63 = call i32 @security_settime64(%struct.cpu_itimer* %51, %struct.util_est* %50) #78 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %81 %66 = icmp eq %struct.util_est* %50, null br i1 %66, label %78, label %67 %68 = getelementptr inbounds %struct.util_est, %struct.util_est* %50, i64 0, i32 0 %69 = load i32, i32* %68, align 4 %70 = add i32 %69, 900 %71 = icmp ugt i32 %70, 1800 br i1 %71, label %81, label %72 %73 = bitcast %struct.util_est* %50 to i64* %74 = load i64, i64* %73, align 4 store i64 %74, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %75 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %75, label %78, label %76 br i1 %14, label %81, label %79 %80 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %51) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %84 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 1), align 8 %85 = sub i64 %84, %80 br label %93 %94 = phi i64 [ %85, %83 ], [ %90, %88 ] %95 = bitcast %struct.cpu_itimer* %2 to i8* %96 = sub i64 %81, %78 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %96, i64 %94) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %24, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %9) #6, !srcloc !4 %11 = extractvalue { i64*, i64, i64 } %10, 0 %12 = extractvalue { i64*, i64, i64 } %10, 1 %13 = extractvalue { i64*, i64, i64 } %10, 2 %14 = ptrtoint i64* %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %12, i64* %15, align 8 %16 = and i64 %14, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %9) #6, !srcloc !4 %11 = extractvalue { i32*, i32, i64 } %10, 0 %12 = extractvalue { i32*, i32, i64 } %10, 1 %13 = extractvalue { i32*, i32, i64 } %10, 2 %14 = ptrtoint i32* %11 to i64 %15 = sext i32 %12 to i64 %16 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = and i64 %14, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %26, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 br i1 %9, label %74, label %72 %73 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %44) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __se_sys_settimeofday 2 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 br i1 %9, label %74, label %72 %73 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %44) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_settimeofday64 1 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast i64* %3 to %struct.util_est* %12 = bitcast %struct.cpu_itimer* %2 to i8* %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = icmp eq i64 %6, 0 br i1 %14, label %43, label %15 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %18 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %17, i64 4, i64 %16) #6, !srcloc !4 %19 = extractvalue { i32*, i32, i64 } %18, 0 %20 = extractvalue { i32*, i32, i64 } %18, 1 %21 = extractvalue { i32*, i32, i64 } %18, 2 %22 = ptrtoint i32* %19 to i64 %23 = sext i32 %20 to i64 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %23, i64* %24, align 8 %25 = and i64 %22, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %84, !prof !5, !misexpect !6 %29 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %30 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i32, i64 } %30, 0 %32 = extractvalue { i32*, i32, i64 } %30, 1 %33 = extractvalue { i32*, i32, i64 } %30, 2 %34 = ptrtoint i32* %31 to i64 %35 = sext i32 %32 to i64 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %35, i64* %36, align 8 %37 = and i64 %34, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %84, !prof !5, !misexpect !6 %40 = icmp ugt i32 %32, 1000000 br i1 %40, label %84, label %41 %42 = mul nsw i64 %35, 1000 store i64 %42, i64* %36, align 8 br label %43 %44 = icmp eq i64 %9, 0 br i1 %44, label %49, label %45 %46 = inttoptr i64 %9 to i8* %47 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %46, i64 8) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %84 %50 = phi %struct.util_est* [ null, %43 ], [ %11, %45 ] %51 = select i1 %14, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %14, label %62, label %52 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %54 = load i64, i64* %53, align 8 %55 = icmp slt i64 %54, 0 br i1 %55, label %81, label %56 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %58 = load i64, i64* %57, align 8 %59 = icmp ult i64 %58, 1000000000 %60 = icmp ult i64 %54, 8277292036 %61 = and i1 %60, %59 br i1 %61, label %62, label %81 %63 = call i32 @security_settime64(%struct.cpu_itimer* %51, %struct.util_est* %50) #78 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %81 %66 = icmp eq %struct.util_est* %50, null br i1 %66, label %78, label %67 %68 = getelementptr inbounds %struct.util_est, %struct.util_est* %50, i64 0, i32 0 %69 = load i32, i32* %68, align 4 %70 = add i32 %69, 900 %71 = icmp ugt i32 %70, 1800 br i1 %71, label %81, label %72 %73 = bitcast %struct.util_est* %50 to i64* %74 = load i64, i64* %73, align 4 store i64 %74, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %75 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %75, label %78, label %76 br i1 %14, label %81, label %79 %80 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %51) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_compat_sys_sysinfo ------------- Path:  Function:__ia32_compat_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = alloca %struct.compat_sysinfo, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* %7 = bitcast %struct.compat_sysinfo* %3 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #78 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #78 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #78 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 8 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 6 %13 = load %struct.time_namespace*, %struct.time_namespace** %12, align 8 %14 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 0 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 1 %17 = load i64, i64* %16, align 8 %18 = bitcast %struct.cpu_itimer* %2 to i8* %19 = add i64 %15, %6 %20 = add i64 %17, %7 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %19, i64 %20) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_sys_sysinfo ------------- Path:  Function:__ia32_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #78 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #78 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #78 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 8 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 6 %13 = load %struct.time_namespace*, %struct.time_namespace** %12, align 8 %14 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 0 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 1 %17 = load i64, i64* %16, align 8 %18 = bitcast %struct.cpu_itimer* %2 to i8* %19 = add i64 %15, %6 %20 = add i64 %17, %7 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %19, i64 %20) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __x64_sys_sysinfo ------------- Path:  Function:__x64_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #78 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #78 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #78 %6 = extractvalue { i64, i64 } %5, 0 %7 = extractvalue { i64, i64 } %5, 1 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 94 %11 = load %struct.nsproxy*, %struct.nsproxy** %10, align 8 %12 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %11, i64 0, i32 6 %13 = load %struct.time_namespace*, %struct.time_namespace** %12, align 8 %14 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 0 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.time_namespace, %struct.time_namespace* %13, i64 0, i32 3, i32 1, i32 1 %17 = load i64, i64* %16, align 8 %18 = bitcast %struct.cpu_itimer* %2 to i8* %19 = add i64 %15, %6 %20 = add i64 %17, %7 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %2, i64 %19, i64 %20) #78 ------------- Good: 39 Bad: 65 Ignored: 40 Check Use of Function:page_cache_sync_ra Check Use of Function:qdisc_put Check Use of Function:proc_lookup Check Use of Function:ext4_xattr_destroy_cache Check Use of Function:ext4_ext_shift_extents Check Use of Function:do_move_mount Check Use of Function:irq_set_affinity Check Use of Function:sock_wfree Check Use of Function:ext4_fc_mark_ineligible Check Use of Function:hibernation_platform_enter Check Use of Function:ext4_xattr_delete_inode Check Use of Function:shmem_create Check Use of Function:ext4_fc_record_regions Check Use of Function:synchronize_net Check Use of Function:ext4_last_io_end_vec Check Use of Function:ieee80211_mgd_quiesce Check Use of Function:ext4_ext_tree_init Check Use of Function:kfree_skb_list Check Use of Function:__sta_info_flush Check Use of Function:genl_unregister_family Check Use of Function:rtc_set_time Check Use of Function:pci_mmap_page_range Check Use of Function:_credit_init_bits Check Use of Function:ext4_free_blocks Check Use of Function:__drm_dbg Use: =BAD PATH= Call Stack: 0 i915_perf_remove_config_ioctl ------------- Path:  Function:i915_perf_remove_config_ioctl %4 = bitcast i8* %1 to i64* %5 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %6 = bitcast %struct.drm_property.382312** %5 to %struct.drm_i915_private.449467** %7 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %6, align 8 %8 = icmp eq %struct.drm_i915_private.449467* %7, null br i1 %8, label %9, label %10 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.46365, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %6 = bitcast %struct.drm_property.382312** %5 to %struct.i915_perf.449450* %7 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %8 = bitcast %struct.drm_property.382312** %5 to %struct.drm_i915_private.449467** %9 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %8, align 8 %10 = icmp eq %struct.drm_i915_private.449467* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 71 %14 = bitcast %struct.drm_property.382312** %13 to %struct.kobject** %15 = load %struct.kobject*, %struct.kobject** %14, align 8 %16 = icmp eq %struct.kobject* %15, null br i1 %16, label %17, label %18 %19 = load i32, i32* @i915_perf_stream_paranoid, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = tail call zeroext i1 @capable(i32 38) #78 br i1 %22, label %26, label %23 %27 = getelementptr inbounds i8, i8* %1, i64 48 %28 = bitcast i8* %27 to i64* %29 = load i64, i64* %28, align 8 %30 = icmp eq i64 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds i8, i8* %1, i64 36 %33 = bitcast i8* %32 to i32* %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %57 %37 = getelementptr inbounds i8, i8* %1, i64 56 %38 = bitcast i8* %37 to i64* %39 = load i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds i8, i8* %1, i64 40 %43 = bitcast i8* %42 to i32* %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %57 %47 = getelementptr inbounds i8, i8* %1, i64 64 %48 = bitcast i8* %47 to i64* %49 = load i64, i64* %48, align 8 %50 = icmp eq i64 %49, 0 br i1 %50, label %56, label %51 %52 = getelementptr inbounds i8, i8* %1, i64 44 %53 = bitcast i8* %52 to i32* %54 = load i32, i32* %53, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %57 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.5.46418, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %6 = bitcast %struct.drm_property.382312** %5 to %struct.i915_perf.449450* %7 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %8 = bitcast %struct.drm_property.382312** %5 to %struct.drm_i915_private.449467** %9 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %8, align 8 %10 = icmp eq %struct.drm_i915_private.449467* %9, null br i1 %10, label %11, label %12 %13 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 71 %14 = bitcast %struct.drm_property.382312** %13 to %struct.kobject** %15 = load %struct.kobject*, %struct.kobject** %14, align 8 %16 = icmp eq %struct.kobject* %15, null br i1 %16, label %17, label %18 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([41 x i8], [41 x i8]* @.str.3.46386, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %6 = bitcast %struct.drm_property.382312** %5 to %struct.i915_perf.449450* %7 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %8 = bitcast %struct.drm_property.382312** %5 to %struct.drm_i915_private.449467** %9 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %8, align 8 %10 = icmp eq %struct.drm_i915_private.449467* %9, null br i1 %10, label %11, label %12 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.46365, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.449478* bitcast (%struct.intel_engine_cs.419395* (%struct.drm_i915_private.419382*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.449478* (%struct.drm_i915_private.449467*, i8, i8)*)(%struct.drm_i915_private.449467* nonnull %13, i8 zeroext 0, i8 zeroext 0) #78 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.449478* %32, %struct.intel_engine_cs.449478** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.449478* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.382312*, %struct.drm_property.382312** %10, i64 37 %48 = bitcast %struct.drm_property.382312** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1443 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1447 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %161 = icmp ult i64 %70, 100000 br i1 %161, label %162, label %164 %163 = extractvalue { i64*, i64, i64 } %68, 1 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([50 x i8], [50 x i8]* @.str.32.46378, i64 0, i64 0), i64 %163) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.449478* bitcast (%struct.intel_engine_cs.419395* (%struct.drm_i915_private.419382*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.449478* (%struct.drm_i915_private.449467*, i8, i8)*)(%struct.drm_i915_private.449467* nonnull %13, i8 zeroext 0, i8 zeroext 0) #78 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.449478* %32, %struct.intel_engine_cs.449478** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.449478* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.382312*, %struct.drm_property.382312** %10, i64 37 %48 = bitcast %struct.drm_property.382312** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1443 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1447 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %137 = inttoptr i64 %70 to i8* %138 = call i64 @_copy_from_user(i8* nonnull %39, i8* %137, i64 32) #78 %139 = icmp eq i64 %138, 0 br i1 %139, label %140, label %156 %141 = load %struct.intel_engine_cs.449478*, %struct.intel_engine_cs.449478** %33, align 8 %142 = load i16, i16* %41, align 8 %143 = getelementptr inbounds %struct.intel_engine_cs.449478, %struct.intel_engine_cs.449478* %141, i64 0, i32 10 %144 = load i16, i16* %143, align 2 %145 = icmp eq i16 %142, %144 br i1 %145, label %146, label %156 %157 = phi i8* [ getelementptr inbounds ([38 x i8], [38 x i8]* @.str.30.46376, i64 0, i64 0), %136 ], [ getelementptr inbounds ([28 x i8], [28 x i8]* @.str.31.46377, i64 0, i64 0), %151 ], [ getelementptr inbounds ([28 x i8], [28 x i8]* @.str.31.46377, i64 0, i64 0), %146 ], [ getelementptr inbounds ([28 x i8], [28 x i8]* @.str.31.46377, i64 0, i64 0), %140 ] %158 = phi i32 [ -14, %136 ], [ %154, %151 ], [ -22, %146 ], [ -22, %140 ] call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* %157) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.449478* bitcast (%struct.intel_engine_cs.419395* (%struct.drm_i915_private.419382*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.449478* (%struct.drm_i915_private.449467*, i8, i8)*)(%struct.drm_i915_private.449467* nonnull %13, i8 zeroext 0, i8 zeroext 0) #78 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.449478* %32, %struct.intel_engine_cs.449478** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.449478* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.382312*, %struct.drm_property.382312** %10, i64 37 %48 = bitcast %struct.drm_property.382312** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1443 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1447 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %108 = icmp ugt i64 %70, 31 br i1 %108, label %109, label %110 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.28.46374, i64 0, i64 0), i32 31) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.449478* bitcast (%struct.intel_engine_cs.419395* (%struct.drm_i915_private.419382*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.449478* (%struct.drm_i915_private.449467*, i8, i8)*)(%struct.drm_i915_private.449467* nonnull %13, i8 zeroext 0, i8 zeroext 0) #78 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.449478* %32, %struct.intel_engine_cs.449478** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.449478* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.382312*, %struct.drm_property.382312** %10, i64 37 %48 = bitcast %struct.drm_property.382312** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1443 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1447 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %95 = add i64 %70, -1 %96 = icmp ugt i64 %95, 9 br i1 %96, label %97, label %99 %100 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %48, i64 %70) #6, !srcloc !6 %101 = and i8 %100, 1 %102 = icmp eq i8 %101, 0 br i1 %102, label %103, label %105 %104 = extractvalue { i64*, i64, i64 } %68, 1 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.27.46373, i64 0, i64 0), i64 %104) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.449478* bitcast (%struct.intel_engine_cs.419395* (%struct.drm_i915_private.419382*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.449478* (%struct.drm_i915_private.449467*, i8, i8)*)(%struct.drm_i915_private.449467* nonnull %13, i8 zeroext 0, i8 zeroext 0) #78 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.449478* %32, %struct.intel_engine_cs.449478** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.449478* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.382312*, %struct.drm_property.382312** %10, i64 37 %48 = bitcast %struct.drm_property.382312** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1443 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1447 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %95 = add i64 %70, -1 %96 = icmp ugt i64 %95, 9 br i1 %96, label %97, label %99 %98 = extractvalue { i64*, i64, i64 } %68, 1 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.26.46372, i64 0, i64 0), i64 %98) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.449478* bitcast (%struct.intel_engine_cs.419395* (%struct.drm_i915_private.419382*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.449478* (%struct.drm_i915_private.449467*, i8, i8)*)(%struct.drm_i915_private.449467* nonnull %13, i8 zeroext 0, i8 zeroext 0) #78 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.449478* %32, %struct.intel_engine_cs.449478** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.449478* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.382312*, %struct.drm_property.382312** %10, i64 37 %48 = bitcast %struct.drm_property.382312** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1443 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1447 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 %80 = trunc i64 %60 to i32 switch i32 %80, label %167 [ i32 1, label %81 i32 2, label %84 i32 3, label %89 i32 4, label %94 i32 5, label %107 i32 6, label %130 i32 7, label %136 i32 8, label %160 i32 9, label %165 ] %90 = icmp eq i64 %70, 0 br i1 %90, label %91, label %92 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.25.46371, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.449478* bitcast (%struct.intel_engine_cs.419395* (%struct.drm_i915_private.419382*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.449478* (%struct.drm_i915_private.449467*, i8, i8)*)(%struct.drm_i915_private.449467* nonnull %13, i8 zeroext 0, i8 zeroext 0) #78 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.449478* %32, %struct.intel_engine_cs.449478** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.449478* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 %39 = bitcast %struct.drm_i915_gem_context_param_sseu* %4 to i8* %40 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 9 %41 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.drm_i915_gem_context_param_sseu, %struct.drm_i915_gem_context_param_sseu* %4, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 8 %44 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 1 %45 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 5 %46 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 6 %47 = getelementptr inbounds %struct.drm_property.382312*, %struct.drm_property.382312** %10, i64 37 %48 = bitcast %struct.drm_property.382312** %47 to i64* %49 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 4 %50 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 3 %51 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 0 %52 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 2 br label %54 %55 = phi i64* [ %24, %38 ], [ %168, %167 ] %56 = phi i32 [ 0, %38 ], [ %169, %167 ] %58 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 8, i64 %57) #6, !srcloc !4 %59 = extractvalue { i64*, i64, i64 } %58, 0 %60 = extractvalue { i64*, i64, i64 } %58, 1 %61 = extractvalue { i64*, i64, i64 } %58, 2 %62 = ptrtoint i64* %59 to i64 %63 = trunc i64 %62 to i32 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %1443 %67 = getelementptr i64, i64* %55, i64 1 %68 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %67, i64 8, i64 %66) #6, !srcloc !5 %69 = extractvalue { i64*, i64, i64 } %68, 0 %70 = extractvalue { i64*, i64, i64 } %68, 1 %71 = extractvalue { i64*, i64, i64 } %68, 2 %72 = ptrtoint i64* %69 to i64 %73 = trunc i64 %72 to i32 %74 = icmp eq i32 %73, 0 br i1 %74, label %75, label %1447 %76 = add i64 %60, -1 %77 = icmp ugt i64 %76, 7 br i1 %77, label %78, label %79 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.24.46370, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.449478* bitcast (%struct.intel_engine_cs.419395* (%struct.drm_i915_private.419382*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.449478* (%struct.drm_i915_private.449467*, i8, i8)*)(%struct.drm_i915_private.449467* nonnull %13, i8 zeroext 0, i8 zeroext 0) #78 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.449478* %32, %struct.intel_engine_cs.449478** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.449478* %32, null br i1 %34, label %35, label %36 %37 = icmp ugt i32 %27, 8 br i1 %37, label %53, label %38 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([48 x i8], [48 x i8]* @.str.23.46369, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 %32 = tail call %struct.intel_engine_cs.449478* bitcast (%struct.intel_engine_cs.419395* (%struct.drm_i915_private.419382*, i8, i8)* @intel_engine_lookup_user to %struct.intel_engine_cs.449478* (%struct.drm_i915_private.449467*, i8, i8)*)(%struct.drm_i915_private.449467* nonnull %13, i8 zeroext 0, i8 zeroext 0) #78 %33 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 7 store %struct.intel_engine_cs.449478* %32, %struct.intel_engine_cs.449478** %33, align 8 %34 = icmp eq %struct.intel_engine_cs.449478* %32, null br i1 %34, label %35, label %36 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.22.46368, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 %22 = getelementptr inbounds i8, i8* %1, i64 8 %23 = bitcast i8* %22 to i64** %24 = load i64*, i64** %23, align 8 %25 = getelementptr inbounds i8, i8* %1, i64 4 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.perf_open_properties, %struct.perf_open_properties* %9, i64 0, i32 10 store i64 5000000, i64* %28, align 8 %29 = icmp eq i32 %27, 0 br i1 %29, label %30, label %31 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.21.46367, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 %17 = bitcast i8* %1 to i32* %18 = load i32, i32* %17, align 8 %19 = icmp ult i32 %18, 8 br i1 %19, label %21, label %20 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.1.46366, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %5 = alloca %struct.i915_vma.449289*, align 8 %6 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %7 = alloca %struct.i915_gem_engines_iter, align 8 %8 = alloca %struct.i915_gem_ww_ctx.449248, align 8 %9 = alloca %struct.perf_open_properties, align 8 %10 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 17, i32 30, i32 70 %11 = bitcast %struct.perf_open_properties* %9 to i8* %12 = bitcast %struct.drm_property.382312** %10 to %struct.drm_i915_private.449467** %13 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %12, align 8 %14 = icmp eq %struct.drm_i915_private.449467* %13, null br i1 %14, label %15, label %16 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.46365, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %5 = getelementptr inbounds i8, i8* %1, i64 8 %6 = bitcast i8* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = zext i32 %7 to i64 %9 = add nsw i64 %8, -1 %10 = icmp ult i64 %9, 2147483647 br i1 %10, label %18, label %11 %19 = getelementptr inbounds i8, i8* %1, i64 40 %20 = bitcast i8* %19 to i64* %21 = load i64, i64* %20, align 8 %22 = and i64 %21, -4161344 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %130 %25 = and i64 %21, 2621440 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %37 %28 = getelementptr inbounds i8, i8* %1, i64 28 %29 = bitcast i8* %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %130 %33 = getelementptr inbounds i8, i8* %1, i64 32 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %130 %38 = getelementptr inbounds i8, i8* %1, i64 24 %39 = bitcast i8* %38 to i32* %40 = load i32, i32* %39, align 8 %41 = icmp eq i32 %40, -1 br i1 %41, label %48, label %42 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.3.41056, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_getparam_ioctl ------------- Path:  Function:i915_getparam_ioctl %4 = alloca i32, align 4 %5 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.419382* %6 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 0, i32 2 %7 = bitcast %struct.device** %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 18, i32 2 %10 = bitcast %struct.device** %9 to %struct.intel_gt.419314* %11 = getelementptr inbounds %struct.drm_i915_private.419382, %struct.drm_i915_private.419382* %5, i64 0, i32 102, i32 34, i32 4 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 switch i32 %14, label %152 [ i32 1, label %166 i32 2, label %166 i32 3, label %166 i32 14, label %166 i32 4, label %15 i32 32, label %20 i32 6, label %24 i32 7, label %27 i32 10, label %33 i32 11, label %37 i32 22, label %41 i32 31, label %45 i32 17, label %49 i32 27, label %56 i32 18, label %59 i32 20, label %63 i32 23, label %68 i32 28, label %78 i32 33, label %80 i32 34, label %83 i32 35, label %89 i32 36, label %100 i32 38, label %101 i32 39, label %108 i32 42, label %112 i32 40, label %117 i32 41, label %119 i32 30, label %122 i32 5, label %122 i32 8, label %122 i32 9, label %122 i32 12, label %122 i32 13, label %122 i32 15, label %122 i32 16, label %122 i32 19, label %122 i32 21, label %122 i32 24, label %122 i32 25, label %122 i32 26, label %122 i32 29, label %122 i32 37, label %122 i32 43, label %122 i32 44, label %122 i32 45, label %122 i32 48, label %122 i32 49, label %122 i32 53, label %122 i32 55, label %122 i32 56, label %122 i32 50, label %123 i32 46, label %125 i32 47, label %130 i32 51, label %140 i32 52, label %143 i32 54, label %150 ] tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.38803, i64 0, i64 0), i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_write ------------- Path:  Function:crc_control_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.drm_crtc.411393** %11 = load %struct.drm_crtc.411393*, %struct.drm_crtc.411393** %10, align 8 %12 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %13 = icmp eq i64 %2, 0 br i1 %13, label %51, label %14 %15 = icmp ugt i64 %2, 4095 br i1 %15, label %16, label %17 tail call void (i32, i8*, ...) @__drm_dbg(i32 4, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.38499, i64 0, i64 0), i64 4096) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %10 = tail call i64 bitcast (i64 (%struct.file.409321*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.435818*, i32, i64)*)(%struct.file.435818* %0, i32 %1, i64 %2) #78 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.409321, %struct.file.409321* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.409369** %7 = load %struct.drm_file.409369*, %struct.drm_file.409369** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %12 = zext i32 %4 to i64 %13 = getelementptr [185 x %struct.anon.82.409322], [185 x %struct.anon.82.409322]* @drm_compat_ioctls, i64 0, i64 %12, i32 0 %14 = load i32 (%struct.file.409321*, i32, i64)*, i32 (%struct.file.409321*, i32, i64)** %13, align 16 %15 = icmp eq i32 (%struct.file.409321*, i32, i64)* %14, null br i1 %15, label %16, label %18 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.409202** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.409202**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.409202* %21 = getelementptr inbounds %struct.task_struct.409202, %struct.task_struct.409202* %20, i64 0, i32 87, i64 0 %22 = getelementptr inbounds %struct.task_struct.409202, %struct.task_struct.409202* %20, i64 0, i32 53 %23 = load i32, i32* %22, align 8 %24 = getelementptr inbounds %struct.drm_file.409369, %struct.drm_file.409369* %7, i64 0, i32 13 %25 = load %struct.drm_minor.409356*, %struct.drm_minor.409356** %24, align 8 %26 = getelementptr inbounds %struct.drm_minor.409356, %struct.drm_minor.409356* %25, i64 0, i32 2 %27 = load %struct.device.409353*, %struct.device.409353** %26, align 8 %28 = getelementptr inbounds %struct.device.409353, %struct.device.409353* %27, i64 0, i32 28 %29 = load i32, i32* %28, align 4 %30 = lshr i32 %29, 20 %31 = shl nuw nsw i32 %30, 8 %32 = or i32 %31, %29 %33 = and i32 %32, 65535 %34 = zext i32 %33 to i64 %35 = getelementptr inbounds %struct.drm_file.409369, %struct.drm_file.409369* %7, i64 0, i32 0 %36 = load i8, i8* %35, align 8, !range !5 %37 = zext i8 %36 to i32 %38 = getelementptr [185 x %struct.anon.82.409322], [185 x %struct.anon.82.409322]* @drm_compat_ioctls, i64 0, i64 %12, i32 1 %39 = load i8*, i8** %38, align 8 tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.38408, i64 0, i64 0), i8* %21, i32 %23, i64 %34, i32 %37, i8* %39) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_noop ------------- Path:  Function:drm_noop tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.36909, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %12 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %12, i64 0, i32 3 %14 = load %struct.drm_device.392954*, %struct.drm_device.392954** %13, align 8 %15 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %14, i32* nonnull %4) #78 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #78 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.392954, %struct.drm_device.392954* %14, i64 0, i32 4 %27 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.392928*, %struct.drm_ioctl_desc.392928** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.392928* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 87, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 53 %74 = load i32, i32* %73, align 8 %75 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.37020, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %35 %36 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.435818*, i32, i64)*)(%struct.file.435818* %0, i32 %1, i64 %2) #78 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %12 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %12, i64 0, i32 3 %14 = load %struct.drm_device.392954*, %struct.drm_device.392954** %13, align 8 %15 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %14, i32* nonnull %4) #78 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #78 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.392954, %struct.drm_device.392954* %14, i64 0, i32 4 %27 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.392928*, %struct.drm_ioctl_desc.392928** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.392928* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 87, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 53 %74 = load i32, i32* %73, align 8 %75 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.37020, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %12 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %12, i64 0, i32 3 %14 = load %struct.drm_device.392954*, %struct.drm_device.392954** %13, align 8 %15 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %14, i32* nonnull %4) #78 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #78 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.392954, %struct.drm_device.392954* %14, i64 0, i32 4 %27 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %127 = phi i32 [ %52, %122 ], [ %9, %42 ], [ %9, %25 ] %128 = phi i32 [ %124, %122 ], [ -22, %42 ], [ -22, %25 ] %129 = phi i8* [ %123, %122 ], [ null, %42 ], [ null, %25 ] %130 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %131 = inttoptr i64 %130 to %struct.task_struct* %132 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 87, i64 0 %133 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 53 %134 = load i32, i32* %133, align 8 %135 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %136 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %135, i64 0, i32 2 %137 = load %struct.device*, %struct.device** %136, align 8 %138 = getelementptr inbounds %struct.device, %struct.device* %137, i64 0, i32 28 %139 = load i32, i32* %138, align 4 %140 = lshr i32 %139, 20 %141 = shl nuw nsw i32 %140, 8 %142 = or i32 %141, %139 %143 = and i32 %142, 65535 %144 = zext i32 %143 to i64 %145 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 0 %146 = load i8, i8* %145, align 8, !range !6 %147 = zext i8 %146 to i32 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([77 x i8], [77 x i8]* @.str.3.37022, i64 0, i64 0), i8* %132, i32 %134, i64 %144, i32 %147, i32 %1, i32 %127) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %35 %36 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.435818*, i32, i64)*)(%struct.file.435818* %0, i32 %1, i64 %2) #78 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %12 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %12, i64 0, i32 3 %14 = load %struct.drm_device.392954*, %struct.drm_device.392954** %13, align 8 %15 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %14, i32* nonnull %4) #78 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #78 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.392954, %struct.drm_device.392954* %14, i64 0, i32 4 %27 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %127 = phi i32 [ %52, %122 ], [ %9, %42 ], [ %9, %25 ] %128 = phi i32 [ %124, %122 ], [ -22, %42 ], [ -22, %25 ] %129 = phi i8* [ %123, %122 ], [ null, %42 ], [ null, %25 ] %130 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %131 = inttoptr i64 %130 to %struct.task_struct* %132 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 87, i64 0 %133 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %131, i64 0, i32 53 %134 = load i32, i32* %133, align 8 %135 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %136 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %135, i64 0, i32 2 %137 = load %struct.device*, %struct.device** %136, align 8 %138 = getelementptr inbounds %struct.device, %struct.device* %137, i64 0, i32 28 %139 = load i32, i32* %138, align 4 %140 = lshr i32 %139, 20 %141 = shl nuw nsw i32 %140, 8 %142 = or i32 %141, %139 %143 = and i32 %142, 65535 %144 = zext i32 %143 to i64 %145 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 0 %146 = load i8, i8* %145, align 8, !range !6 %147 = zext i8 %146 to i32 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([77 x i8], [77 x i8]* @.str.3.37022, i64 0, i64 0), i8* %132, i32 %134, i64 %144, i32 %147, i32 %1, i32 %127) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %12 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %12, i64 0, i32 3 %14 = load %struct.drm_device.392954*, %struct.drm_device.392954** %13, align 8 %15 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %14, i32* nonnull %4) #78 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #78 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.392954, %struct.drm_device.392954* %14, i64 0, i32 4 %27 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.392928*, %struct.drm_ioctl_desc.392928** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.392928* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 87, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 53 %74 = load i32, i32* %73, align 8 %75 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.37020, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #78 %90 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 2 %91 = bitcast {}** %90 to i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)** %92 = load i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)*, i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)** %91, align 8 %93 = icmp eq i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)* %92, null br i1 %93, label %94, label %95, !prof !7, !misexpect !8 %96 = icmp ult i32 %69, 129 br i1 %96, label %101, label %97 %102 = phi i8* [ %99, %97 ], [ %10, %95 ] %103 = inttoptr i64 %2 to i8* %104 = zext i32 %63 to i64 %105 = call i64 @_copy_from_user(i8* %102, i8* %103, i64 %104) #78 %106 = icmp eq i64 %105, 0 br i1 %106, label %107, label %122 %108 = icmp ugt i32 %69, %63 br i1 %108, label %109, label %113 %110 = getelementptr i8, i8* %102, i64 %104 %111 = sub nsw i32 %69, %63 %112 = zext i32 %111 to i64 br label %113 %114 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 1 %115 = load i32, i32* %114, align 4 %116 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)* nonnull %92, i8* %102, i32 %115) #79 %117 = trunc i64 %116 to i32 %118 = zext i32 %65 to i64 %119 = call i64 @_copy_to_user(i8* %103, i8* %102, i64 %118) #78 %120 = icmp eq i64 %119, 0 %121 = select i1 %120, i32 %117, i32 -14 br label %122 %123 = phi i8* [ null, %94 ], [ null, %97 ], [ %102, %101 ], [ %102, %113 ] %124 = phi i32 [ -22, %94 ], [ -12, %97 ], [ -14, %101 ], [ %121, %113 ] %125 = icmp eq %struct.drm_ioctl_desc.392928* %53, null br i1 %125, label %126, label %148 %149 = phi i32 [ %124, %122 ], [ %128, %126 ] %150 = phi i8* [ %123, %122 ], [ %129, %126 ] %151 = icmp eq i8* %150, %10 br i1 %151, label %153, label %152 %154 = icmp eq i32 %149, 0 br i1 %154, label %161, label %155 %156 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %157 = inttoptr i64 %156 to %struct.task_struct* %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 87, i64 0 %159 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 53 %160 = load i32, i32* %159, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.4.37023, i64 0, i64 0), i8* %158, i32 %160, i32 %149) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %35 %36 = tail call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.435818*, i32, i64)*)(%struct.file.435818* %0, i32 %1, i64 %2) #78 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %12 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %12, i64 0, i32 3 %14 = load %struct.drm_device.392954*, %struct.drm_device.392954** %13, align 8 %15 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %14, i32* nonnull %4) #78 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #78 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %163 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.392954, %struct.drm_device.392954* %14, i64 0, i32 4 %27 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %27, i64 0, i32 26 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %126 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.392929*, %struct.drm_driver.392929** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.392929, %struct.drm_driver.392929* %37, i64 0, i32 25 %39 = load %struct.drm_ioctl_desc.392928*, %struct.drm_ioctl_desc.392928** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.392928* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %71 = inttoptr i64 %70 to %struct.task_struct* %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 87, i64 0 %73 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 53 %74 = load i32, i32* %73, align 8 %75 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %11, align 8 %76 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %75, i64 0, i32 2 %77 = load %struct.device*, %struct.device** %76, align 8 %78 = getelementptr inbounds %struct.device, %struct.device* %77, i64 0, i32 28 %79 = load i32, i32* %78, align 4 %80 = lshr i32 %79, 20 %81 = shl nuw nsw i32 %80, 8 %82 = or i32 %81, %79 %83 = and i32 %82, 65535 %84 = zext i32 %83 to i64 %85 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 0 %86 = load i8, i8* %85, align 8, !range !6 %87 = zext i8 %86 to i32 %88 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 3 %89 = load i8*, i8** %88, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.1.37020, i64 0, i64 0), i8* %72, i32 %74, i64 %84, i32 %87, i8* %89) #78 %90 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 2 %91 = bitcast {}** %90 to i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)** %92 = load i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)*, i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)** %91, align 8 %93 = icmp eq i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)* %92, null br i1 %93, label %94, label %95, !prof !7, !misexpect !8 %96 = icmp ult i32 %69, 129 br i1 %96, label %101, label %97 %102 = phi i8* [ %99, %97 ], [ %10, %95 ] %103 = inttoptr i64 %2 to i8* %104 = zext i32 %63 to i64 %105 = call i64 @_copy_from_user(i8* %102, i8* %103, i64 %104) #78 %106 = icmp eq i64 %105, 0 br i1 %106, label %107, label %122 %108 = icmp ugt i32 %69, %63 br i1 %108, label %109, label %113 %110 = getelementptr i8, i8* %102, i64 %104 %111 = sub nsw i32 %69, %63 %112 = zext i32 %111 to i64 br label %113 %114 = getelementptr inbounds %struct.drm_ioctl_desc.392928, %struct.drm_ioctl_desc.392928* %53, i64 0, i32 1 %115 = load i32, i32* %114, align 4 %116 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)* nonnull %92, i8* %102, i32 %115) #79 %117 = trunc i64 %116 to i32 %118 = zext i32 %65 to i64 %119 = call i64 @_copy_to_user(i8* %103, i8* %102, i64 %118) #78 %120 = icmp eq i64 %119, 0 %121 = select i1 %120, i32 %117, i32 -14 br label %122 %123 = phi i8* [ null, %94 ], [ null, %97 ], [ %102, %101 ], [ %102, %113 ] %124 = phi i32 [ -22, %94 ], [ -12, %97 ], [ -14, %101 ], [ %121, %113 ] %125 = icmp eq %struct.drm_ioctl_desc.392928* %53, null br i1 %125, label %126, label %148 %149 = phi i32 [ %124, %122 ], [ %128, %126 ] %150 = phi i8* [ %123, %122 ], [ %129, %126 ] %151 = icmp eq i8* %150, %10 br i1 %151, label %153, label %152 %154 = icmp eq i32 %149, 0 br i1 %154, label %161, label %155 %156 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %157 = inttoptr i64 %156 to %struct.task_struct* %158 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 87, i64 0 %159 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %157, i64 0, i32 53 %160 = load i32, i32* %159, align 8 call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.4.37023, i64 0, i64 0), i8* %158, i32 %160, i32 %149) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_stub_open ------------- Path:  Function:drm_stub_open tail call void (i32, i8*, ...) @__drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.37026, i64 0, i64 0)) #78 ------------- Good: 1287 Bad: 28 Ignored: 800 Check Use of Function:ext4_release_system_zone Check Use of Function:snapshot_ioctl Use: =BAD PATH= Call Stack: 0 snapshot_compat_ioctl ------------- Path:  Function:snapshot_compat_ioctl switch i32 %1, label %6 [ i32 -2146946290, label %4 i32 -2146946285, label %4 i32 -2146946284, label %4 i32 1074017041, label %4 i32 1074541325, label %4 ] %7 = phi i64 [ %5, %4 ], [ %2, %3 ] %8 = tail call i64 @snapshot_ioctl(%struct.file* %0, i32 %1, i64 %7) #78 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:ext4_inode_attach_jinode Check Use of Function:ext4_enable_quotas Check Use of Function:qdisc_get_stab Check Use of Function:tty_lock Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %25 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct*, %struct.tty_struct** %7, align 8 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* %8) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct*, %struct.tty_struct** %6, align 8 %8 = icmp eq %struct.tty_struct* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %7) #79 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #78 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #78 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl 5 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #78 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #78 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl 5 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #78 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #78 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 tail call void bitcast (void (%struct.tty_struct*)* @tty_vhangup_session to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 1) #78 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #78 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup 2 pty_close ------------- Path:  Function:pty_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %13 %9 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, 1 br i1 %11, label %12, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 16 %24 = bitcast i64* %23 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 2, i8* %24) #6, !srcloc !7 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %25, i32 1, i32 1, i8* null) #78 %26 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 1, i8* null) #78 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 0 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 4 store i8 0, i8* %29, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %30, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 24 %32 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %33 = icmp eq %struct.tty_struct* %32, null br i1 %33, label %59, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %32, i64 0, i32 16 %36 = bitcast i64* %35 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %36, i32 4, i8* %36) #6, !srcloc !7 %37 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %38 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %37, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %38, i32 1, i32 1, i8* null) #78 %39 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %40 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %39, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %40, i32 1, i32 1, i8* null) #78 %41 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %42 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %41, i64 0, i32 11 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 1 br i1 %44, label %45, label %59 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 4, i8* %24) #6, !srcloc !7 %46 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %47 = load %struct.tty_driver*, %struct.tty_driver** @ptm_driver, align 8 %48 = icmp eq %struct.tty_driver* %46, %47 br i1 %48, label %49, label %57 tail call void @mutex_lock(%struct.mutex* nonnull @devpts_mutex) #78 %50 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %51 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %50, i64 0, i32 30 %52 = load i8*, i8** %51, align 8 %53 = icmp eq i8* %52, null br i1 %53, label %56, label %54 tail call void @mutex_unlock(%struct.mutex* nonnull @devpts_mutex) #78 br label %57 %58 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 tail call void @tty_vhangup(%struct.tty_struct* %58) #78 Function:tty_vhangup tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 0) #78 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #78 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup 2 pty_close ------------- Path:  Function:pty_close %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %8, label %13 %9 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, 1 br i1 %11, label %12, label %22, !prof !4, !misexpect !5 %23 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 16 %24 = bitcast i64* %23 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 2, i8* %24) #6, !srcloc !7 %25 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %25, i32 1, i32 1, i8* null) #78 %26 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %26, i32 1, i32 1, i8* null) #78 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 0 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 20, i32 4 store i8 0, i8* %29, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %30 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %30, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 24 %32 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %33 = icmp eq %struct.tty_struct* %32, null br i1 %33, label %59, label %34 %35 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %32, i64 0, i32 16 %36 = bitcast i64* %35 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %36, i32 4, i8* %36) #6, !srcloc !7 %37 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %38 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %37, i64 0, i32 27 tail call void @__wake_up(%struct.wait_queue_head* %38, i32 1, i32 1, i8* null) #78 %39 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %40 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %39, i64 0, i32 26 tail call void @__wake_up(%struct.wait_queue_head* %40, i32 1, i32 1, i8* null) #78 %41 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %42 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %41, i64 0, i32 11 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 1 br i1 %44, label %45, label %59 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 4, i8* %24) #6, !srcloc !7 %46 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %47 = load %struct.tty_driver*, %struct.tty_driver** @ptm_driver, align 8 %48 = icmp eq %struct.tty_driver* %46, %47 br i1 %48, label %49, label %57 tail call void @mutex_lock(%struct.mutex* nonnull @devpts_mutex) #78 %50 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 %51 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %50, i64 0, i32 30 %52 = load i8*, i8** %51, align 8 %53 = icmp eq i8* %52, null br i1 %53, label %56, label %54 tail call void @mutex_unlock(%struct.mutex* nonnull @devpts_mutex) #78 br label %57 %58 = load %struct.tty_struct*, %struct.tty_struct** %31, align 8 tail call void @tty_vhangup(%struct.tty_struct* %58) #78 Function:tty_vhangup tail call fastcc void @__tty_hangup(%struct.tty_struct* %0, i32 0) #78 Function:__tty_hangup %3 = icmp eq %struct.tty_struct* %0, null br i1 %3, label %202, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #78 %5 = load %struct.file*, %struct.file** @redirect, align 8 %6 = icmp eq %struct.file* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.362033*)* @tty_lock to void (%struct.tty_struct*)*)(%struct.tty_struct* nonnull %0) #78 ------------- Good: 11 Bad: 15 Ignored: 26 Check Use of Function:security_sb_umount Check Use of Function:__ext4_check_dir_entry Check Use of Function:blk_queue_flag_set Use: =BAD PATH= Call Stack: 0 blk_stat_add_callback 1 blk_poll 2 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %4 = load %struct.file.294911*, %struct.file.294911** %3, align 8 %5 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %4, i64 0, i32 18 %6 = load %struct.address_space.294992*, %struct.address_space.294992** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %6, i64 0, i32 0 %8 = load %struct.inode.294985*, %struct.inode.294985** %7, align 8 %9 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %8) #78 %10 = getelementptr inbounds %struct.block_device.294846, %struct.block_device.294846* %9, i64 0, i32 16 %11 = load %struct.gendisk.294844*, %struct.gendisk.294844** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.294844, %struct.gendisk.294844* %11, i64 0, i32 9 %13 = load %struct.request_queue.294836*, %struct.request_queue.294836** %12, align 8 %14 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 7 %15 = bitcast %union.anon.68.294590* %14 to i32* %16 = load volatile i32, i32* %15, align 8 %17 = tail call i32 bitcast (i32 (%struct.request_queue.296182*, i32, i1)* @blk_poll to i32 (%struct.request_queue.294836*, i32, i1)*)(%struct.request_queue.294836* %13, i32 %16, i1 zeroext %1) #78 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.300462, align 8 %5 = icmp eq i32 %1, -1 br i1 %5, label %197, label %6 %7 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 11 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %197, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.296233* %14 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %13, i64 0, i32 120 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 16 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 %19 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 8 %20 = load %struct.blk_mq_hw_ctx.296144**, %struct.blk_mq_hw_ctx.296144*** %19, align 8 %21 = lshr i32 %1, 16 %22 = and i32 %21, 32767 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %20, i64 %23 %25 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %24, align 8 br i1 %2, label %26, label %144 %27 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 24 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, -1 br i1 %29, label %144, label %30 %31 = icmp slt i32 %1, 0 br i1 %31, label %47, label %32 %48 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %25, i64 0, i32 20 %49 = load %struct.blk_mq_tags.296139*, %struct.blk_mq_tags.296139** %48, align 8 %50 = and i32 %1, 65535 %51 = getelementptr inbounds %struct.blk_mq_tags.296139, %struct.blk_mq_tags.296139* %49, i64 0, i32 0 %52 = load i32, i32* %51, align 8 %53 = icmp ugt i32 %52, %50 br i1 %53, label %54, label %144 %55 = getelementptr inbounds %struct.blk_mq_tags.296139, %struct.blk_mq_tags.296139* %49, i64 0, i32 7 %56 = load %struct.request.296153**, %struct.request.296153*** %55, align 8 %57 = zext i32 %50 to i64 %58 = getelementptr %struct.request.296153*, %struct.request.296153** %56, i64 %57 %59 = bitcast %struct.request.296153** %58 to i8** %60 = load i8*, i8** %59, align 8 %61 = bitcast i8* %60 to %struct.request.296153* %62 = icmp eq i8* %60, null br i1 %62, label %144, label %63 %64 = phi %struct.request.296153* [ %61, %54 ], [ %46, %39 ], [ null, %32 ] %65 = bitcast %struct.hrtimer_sleeper.300462* %4 to i8* %66 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %64, i64 0, i32 4 %67 = load i32, i32* %66, align 4 %68 = and i32 %67, 1048576 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %142 %71 = icmp sgt i32 %28, 0 br i1 %71, label %109, label %72 %73 = load volatile i64, i64* %7, align 8 %74 = and i64 %73, 2097152 %75 = icmp eq i64 %74, 0 br i1 %75, label %76, label %81 %77 = tail call zeroext i1 @blk_queue_flag_test_and_set(i32 21, %struct.request_queue.296182* %0) #78 br i1 %77, label %81, label %78 %79 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 25 %80 = load %struct.blk_stat_callback.296172*, %struct.blk_stat_callback.296172** %79, align 8 tail call void bitcast (void (%struct.request_queue.301226*, %struct.blk_stat_callback.301223*)* @blk_stat_add_callback to void (%struct.request_queue.296182*, %struct.blk_stat_callback.296172*)*)(%struct.request_queue.296182* %0, %struct.blk_stat_callback.296172* %80) #78 Function:blk_stat_add_callback %3 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_possible_mask) #78 %4 = load i32, i32* @nr_cpu_ids, align 4 %5 = icmp ult i32 %3, %4 br i1 %5, label %6, label %40 %7 = getelementptr inbounds %struct.blk_stat_callback.301223, %struct.blk_stat_callback.301223* %1, i64 0, i32 2 %8 = bitcast %struct.blk_rq_stat** %7 to i64* %9 = getelementptr inbounds %struct.blk_stat_callback.301223, %struct.blk_stat_callback.301223* %1, i64 0, i32 4 %10 = load i32, i32* %9, align 8 br label %18 %19 = phi i32 [ %4, %6 ], [ %14, %13 ] %20 = phi i32 [ %10, %6 ], [ %15, %13 ] %21 = phi i32 [ %3, %6 ], [ %16, %13 ] %22 = load i64, i64* %8, align 8 %23 = sext i32 %21 to i64 %24 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %23 %25 = load i64, i64* %24, align 8 %26 = add i64 %25, %22 %27 = inttoptr i64 %26 to %struct.blk_rq_stat* %28 = icmp eq i32 %20, 0 br i1 %28, label %13, label %29 %30 = phi i64 [ %36, %29 ], [ 0, %18 ] %31 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 1 store i64 -1, i64* %31, align 8 %32 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 0 store i64 0, i64* %32, align 8 %33 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 3 store i32 0, i32* %33, align 8 %34 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 2 store i64 0, i64* %34, align 8 %35 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %27, i64 %30, i32 4 store i64 0, i64* %35, align 8 %36 = add nuw nsw i64 %30, 1 %37 = load i32, i32* %9, align 8 %38 = zext i32 %37 to i64 %39 = icmp ult i64 %36, %38 br i1 %39, label %29, label %11 %12 = load i32, i32* @nr_cpu_ids, align 4 br label %13 %14 = phi i32 [ %12, %11 ], [ %19, %18 ] %15 = phi i32 [ %37, %11 ], [ 0, %18 ] %16 = tail call i32 @cpumask_next(i32 %21, %struct.cpumask* nonnull @__cpu_possible_mask) #78 %17 = icmp ult i32 %16, %14 br i1 %17, label %18, label %40 %41 = getelementptr inbounds %struct.request_queue.301226, %struct.request_queue.301226* %0, i64 0, i32 3 %42 = load %struct.blk_queue_stats*, %struct.blk_queue_stats** %41, align 8 %43 = getelementptr inbounds %struct.blk_queue_stats, %struct.blk_queue_stats* %42, i64 0, i32 1, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #79 %45 = getelementptr inbounds %struct.blk_stat_callback.301223, %struct.blk_stat_callback.301223* %1, i64 0, i32 0 %46 = load %struct.blk_queue_stats*, %struct.blk_queue_stats** %41, align 8 %47 = getelementptr inbounds %struct.blk_queue_stats, %struct.blk_queue_stats* %46, i64 0, i32 0 %48 = getelementptr inbounds %struct.blk_queue_stats, %struct.blk_queue_stats* %46, i64 0, i32 0, i32 1 %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = getelementptr inbounds %struct.blk_stat_callback.301223, %struct.blk_stat_callback.301223* %1, i64 0, i32 0, i32 0 store %struct.list_head* %47, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.blk_stat_callback.301223, %struct.blk_stat_callback.301223* %1, i64 0, i32 0, i32 1 store %struct.list_head* %49, %struct.list_head** %51, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %52, align 8 store %struct.list_head* %45, %struct.list_head** %48, align 8 tail call void bitcast (void (i32, %struct.request_queue.296182*)* @blk_queue_flag_set to void (i32, %struct.request_queue.301226*)*)(i32 20, %struct.request_queue.301226* %0) #79 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to %struct.scsi_sense_hdr* %9 = getelementptr %struct.device.628629, %struct.device.628629* %0, i64 -1, i32 36 %10 = bitcast %struct.dev_iommu** %9 to %struct.scsi_disk* %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %9, i64 1 %12 = bitcast %struct.dev_iommu** %11 to %struct.scsi_device.628647** %13 = load %struct.scsi_device.628647*, %struct.scsi_device.628647** %12, align 8 %14 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %15 = bitcast %struct.scsi_mode_data* %6 to i8* %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = getelementptr inbounds %struct.scsi_device.628647, %struct.scsi_device.628647* %13, i64 0, i32 22 %18 = load i8, i8* %17, align 8 switch i8 %18, label %119 [ i8 0, label %19 i8 20, label %19 ] %20 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #78 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %28 %29 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %10, i64 0, i32 24 %30 = bitcast i24* %29 to i32* %31 = load i32, i32* %30, align 1 %32 = and i32 %31, -3 store i32 %32, i32* %30, align 1 br label %33 %34 = phi i8* [ %23, %22 ], [ %2, %28 ] %35 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %34) #79 %36 = icmp slt i32 %35, 0 br i1 %36, label %119, label %37 %38 = and i32 %35, 1 %39 = and i32 %35, 2 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %47 = phi i32 [ 0, %37 ], [ %45, %41 ] %48 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %10, i64 0, i32 24 %49 = bitcast i24* %48 to i32* %50 = load i32, i32* %49, align 1 %51 = and i32 %50, 2 %52 = icmp eq i32 %51, 0 br i1 %52, label %66, label %53 %54 = and i32 %50, -13 %55 = or i32 %54, %47 %56 = shl nuw nsw i32 %38, 3 %57 = or i32 %55, %56 store i32 %57, i32* %49, align 1 %58 = icmp ne i32 %47, 0 %59 = and i32 %55, 20 %60 = icmp eq i32 %59, 20 %61 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %9, i64 93 %62 = bitcast %struct.dev_iommu** %61 to %struct.gendisk.628464** %63 = load %struct.gendisk.628464*, %struct.gendisk.628464** %62, align 8 %64 = getelementptr inbounds %struct.gendisk.628464, %struct.gendisk.628464* %63, i64 0, i32 9 %65 = load %struct.request_queue.628458*, %struct.request_queue.628458** %64, align 8 tail call void bitcast (void (%struct.request_queue.296182*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.628458*, i1, i1)*)(%struct.request_queue.628458* %65, i1 zeroext %58, i1 zeroext %60) #79 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void @blk_queue_flag_clear(i32 17, %struct.request_queue.296182* %0) #78 br label %6 br i1 %2, label %7, label %8 tail call void @blk_queue_flag_set(i32 18, %struct.request_queue.296182* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca i64, align 8 %8 = bitcast i64* %7 to %struct.scsi_sense_hdr* %9 = getelementptr %struct.device.628629, %struct.device.628629* %0, i64 -1, i32 36 %10 = bitcast %struct.dev_iommu** %9 to %struct.scsi_disk* %11 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %9, i64 1 %12 = bitcast %struct.dev_iommu** %11 to %struct.scsi_device.628647** %13 = load %struct.scsi_device.628647*, %struct.scsi_device.628647** %12, align 8 %14 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %15 = bitcast %struct.scsi_mode_data* %6 to i8* %16 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %17 = getelementptr inbounds %struct.scsi_device.628647, %struct.scsi_device.628647* %13, i64 0, i32 22 %18 = load i8, i8* %17, align 8 switch i8 %18, label %119 [ i8 0, label %19 i8 20, label %19 ] %20 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #78 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %28 %29 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %10, i64 0, i32 24 %30 = bitcast i24* %29 to i32* %31 = load i32, i32* %30, align 1 %32 = and i32 %31, -3 store i32 %32, i32* %30, align 1 br label %33 %34 = phi i8* [ %23, %22 ], [ %2, %28 ] %35 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %34) #79 %36 = icmp slt i32 %35, 0 br i1 %36, label %119, label %37 %38 = and i32 %35, 1 %39 = and i32 %35, 2 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %47 = phi i32 [ 0, %37 ], [ %45, %41 ] %48 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %10, i64 0, i32 24 %49 = bitcast i24* %48 to i32* %50 = load i32, i32* %49, align 1 %51 = and i32 %50, 2 %52 = icmp eq i32 %51, 0 br i1 %52, label %66, label %53 %54 = and i32 %50, -13 %55 = or i32 %54, %47 %56 = shl nuw nsw i32 %38, 3 %57 = or i32 %55, %56 store i32 %57, i32* %49, align 1 %58 = icmp ne i32 %47, 0 %59 = and i32 %55, 20 %60 = icmp eq i32 %59, 20 %61 = getelementptr inbounds %struct.dev_iommu*, %struct.dev_iommu** %9, i64 93 %62 = bitcast %struct.dev_iommu** %61 to %struct.gendisk.628464** %63 = load %struct.gendisk.628464*, %struct.gendisk.628464** %62, align 8 %64 = getelementptr inbounds %struct.gendisk.628464, %struct.gendisk.628464* %63, i64 0, i32 9 %65 = load %struct.request_queue.628458*, %struct.request_queue.628458** %64, align 8 tail call void bitcast (void (%struct.request_queue.296182*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.628458*, i1, i1)*)(%struct.request_queue.628458* %65, i1 zeroext %58, i1 zeroext %60) #79 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void @blk_queue_flag_set(i32 17, %struct.request_queue.296182* %0) #78 ------------- Good: 71 Bad: 3 Ignored: 66 Check Use of Function:percpu_ref_exit Check Use of Function:ieee80211_set_sdata_offload_flags Check Use of Function:ext4_rename_dir_prepare Check Use of Function:ext4_es_insert_extent Check Use of Function:ieee80211_recalc_idle Check Use of Function:ieee80211_tx_monitor Check Use of Function:io_issue_sqe Check Use of Function:ip_local_deliver Check Use of Function:random_read_iter Check Use of Function:dev_ethtool Check Use of Function:sched_post_fork Check Use of Function:snd_card_disconnect Check Use of Function:drm_framebuffer_free Check Use of Function:drm_master_open Check Use of Function:phy_connect_direct Check Use of Function:invalidate_bdev Check Use of Function:e1000_set_phy_loopback Check Use of Function:ieee80211_do_open Check Use of Function:bad_inode_create Check Use of Function:kernel_halt Check Use of Function:tty_vhangup_self Check Use of Function:ext4_issue_zeroout Check Use of Function:xt_target_to_user Check Use of Function:ring_buffer_unlock_commit Check Use of Function:ext4_htree_store_dirent Check Use of Function:__ext4_error_file Check Use of Function:copy_strings Check Use of Function:thermal_cooling_device_unregister Check Use of Function:acpi_os_acquire_lock Check Use of Function:jbd2_journal_inode_ranged_write Check Use of Function:loop_info64_to_compat Check Use of Function:ieee80211_sta_join_ibss Check Use of Function:proc_root_lookup Check Use of Function:init_mknod Check Use of Function:do_truncate Check Use of Function:qdisc_put_unlocked Check Use of Function:avc_set_cache_threshold Check Use of Function:ida_free Use: =BAD PATH= Call Stack: 0 eventfd_release ------------- Path:  Function:eventfd_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.eventfd_ctx** %5 = load %struct.eventfd_ctx*, %struct.eventfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %6, i32 3, i32 1, i8* nonnull inttoptr (i64 16 to i8*)) #78 %7 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 %17 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 11, i32 0, i32 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp sgt i32 %19, -1 br i1 %20, label %21, label %22 tail call void @ida_free(%struct.ida* nonnull @eventfd_ida, i32 %19) #78 ------------- Use: =BAD PATH= Call Stack: 0 pde_put 1 proc_readdir_de 2 proc_tgid_net_readdir ------------- Path:  Function:proc_tgid_net_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %4) #78 %6 = icmp eq %struct.net* %5, null br i1 %6, label %21, label %7 %8 = getelementptr inbounds %struct.net, %struct.net* %5, i64 0, i32 16 %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 32 %10 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %9) #79 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18425, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #78 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #78 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18426, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #78 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #78 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #78 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #78 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #78 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #79 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 pde_put 1 proc_readdir_de 2 proc_readdir 3 proc_root_readdir ------------- Path:  Function:proc_root_readdir %3 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, 256 br i1 %5, label %6, label %10 %7 = tail call i32 @proc_readdir(%struct.file* %0, %struct.dir_context* %1) #78 Function:proc_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.proc_fs_info** %9 = load %struct.proc_fs_info*, %struct.proc_fs_info** %8, align 16 %10 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %9, i64 0, i32 5 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %19, label %13 %14 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 13 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 1, i32 1 %16 = bitcast %struct.list_head** %15 to %struct.proc_dir_entry** %17 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %16, align 8 %18 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %17) #78 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18425, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #78 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #78 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18426, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #78 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #78 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #78 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #78 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #78 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #79 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 pde_put 1 proc_readdir_de 2 proc_readdir ------------- Path:  Function:proc_readdir %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.proc_fs_info** %9 = load %struct.proc_fs_info*, %struct.proc_fs_info** %8, align 16 %10 = getelementptr inbounds %struct.proc_fs_info, %struct.proc_fs_info* %9, i64 0, i32 5 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %19, label %13 %14 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 13 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 1, i32 1 %16 = bitcast %struct.list_head** %15 to %struct.proc_dir_entry** %17 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %16, align 8 %18 = tail call i32 @proc_readdir_de(%struct.file* %0, %struct.dir_context* %1, %struct.proc_dir_entry* %17) #78 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry*, %struct.dentry** %9, align 8 %11 = getelementptr inbounds %struct.dentry, %struct.dentry* %10, i64 0, i32 5 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.6.18425, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #78 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry*, %struct.dentry** %21, align 8 %23 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #78 %25 = getelementptr inbounds %struct.dentry, %struct.dentry* %22, i64 0, i32 3 %26 = load %struct.dentry*, %struct.dentry** %25, align 8 %27 = getelementptr inbounds %struct.dentry, %struct.dentry* %26, i64 0, i32 5 %28 = load %struct.inode*, %struct.inode** %27, align 8 %29 = getelementptr inbounds %struct.inode, %struct.inode* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.7.18426, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #78 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %37 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #78 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 1 %67 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %66, i32 %75) #78 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 23 %81 = load i8, i8* %80, align 1 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #78 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #78 %98 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #78 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry* %103 = select i1 %100, %struct.proc_dir_entry* null, %struct.proc_dir_entry* %102 tail call void @pde_put(%struct.proc_dir_entry* nonnull %65) #79 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 1 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 devpts_kill_index 1 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #78 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 devpts_kill_index 1 pty_unix98_remove ------------- Path:  Function:pty_unix98_remove %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 3 %4 = load %struct.tty_driver*, %struct.tty_driver** %3, align 8 %5 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %4, i64 0, i32 11 %6 = load i16, i16* %5, align 2 %7 = icmp eq i16 %6, 1 br i1 %7, label %11, label %8 %12 = phi %struct.tty_struct* [ %10, %8 ], [ %1, %2 ] %13 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %12, i64 0, i32 30 %14 = bitcast i8** %13 to %struct.pts_fs_info** %15 = load %struct.pts_fs_info*, %struct.pts_fs_info** %14, align 8 %16 = icmp eq %struct.pts_fs_info* %15, null br i1 %16, label %20, label %17 %18 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %1, i64 0, i32 5 %19 = load i32, i32* %18, align 8 tail call void @devpts_kill_index(%struct.pts_fs_info* nonnull %15, i32 %19) #78 Function:devpts_kill_index %3 = getelementptr inbounds %struct.pts_fs_info, %struct.pts_fs_info* %0, i64 0, i32 0 tail call void @ida_free(%struct.ida* %3, i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238113* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238112*, %struct.nfs_open_context.238112** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238112, %struct.nfs_open_context.238112* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #78 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238142** %30 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238142* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238142* %77) #78 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238142* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 br i1 %8, label %9, label %46 %10 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store volatile %struct.list_head* %13, %struct.list_head** %15, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %16 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 %18 = load volatile %struct.list_head*, %struct.list_head** %17, align 8 %19 = icmp eq %struct.list_head* %18, %16 br i1 %19, label %20, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %25 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 3 %26 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %25, align 8 %27 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %26, i64 0, i32 0 %28 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 2 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %41 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %28, i64 0, i32 46 %42 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 3, i32 1 %43 = load i32, i32* %42, align 8 tail call void @ida_free(%struct.ida* %41, i32 %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.238113* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.238113, %struct.nfs_lock_context.238113* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.238112*, %struct.nfs_open_context.238112** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.238112, %struct.nfs_open_context.238112* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #78 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.238142** %30 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.238142* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.238142* %77) #78 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.238142* %0, null br i1 %2, label %46, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.238111*, %struct.nfs4_state.238111** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 br i1 %8, label %9, label %46 %10 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store volatile %struct.list_head* %13, %struct.list_head** %15, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %16 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 %18 = load volatile %struct.list_head*, %struct.list_head** %17, align 8 %19 = icmp eq %struct.list_head* %18, %16 br i1 %19, label %20, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %25 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %5, i64 0, i32 3 %26 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %25, align 8 %27 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %26, i64 0, i32 0 %28 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 2 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 1 %32 = icmp eq i64 %31, 0 br i1 %32, label %40, label %33 %41 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %28, i64 0, i32 46 %42 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %0, i64 0, i32 3, i32 1 %43 = load i32, i32* %42, align 8 tail call void @ida_free(%struct.ida* %41, i32 %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_set_lock_state 1 nfs4_proc_unlck 2 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.236429** %7 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %7, i64 0, i32 5 %9 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %16 = and i32 %1, -2 %17 = icmp eq i32 %16, 6 br i1 %17, label %18, label %143 %19 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %2, i64 0, i32 7 %20 = load i8, i8* %19, align 4 %21 = icmp eq i8 %20, 2 %22 = icmp eq %struct.nfs4_state.236428* %9, null br i1 %21, label %23, label %26 br i1 %22, label %143, label %24 %25 = tail call fastcc i32 @nfs4_proc_unlck(%struct.nfs4_state.236428* nonnull %9, %struct.file_lock* %2) #78 Function:nfs4_proc_unlck %3 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %0, i64 0, i32 4 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.236425*, %struct.nfs4_state_owner.236425** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 24, i32 2 %8 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.nfs4_state.238111*, %struct.file_lock*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.236428*, %struct.file_lock*)*)(%struct.nfs4_state.236428* %0, %struct.file_lock* %1) #78 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 17 %4 = load %struct.file_lock_operations*, %struct.file_lock_operations** %3, align 8 %5 = icmp eq %struct.file_lock_operations* %4, null br i1 %5, label %6, label %115 %7 = getelementptr inbounds %struct.file_lock, %struct.file_lock* %1, i64 0, i32 5 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 %11 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to %struct.nfs4_lock_state.238142** %13 = bitcast %struct.spinlock* %9 to i8* %14 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 br label %15 %16 = phi %struct.nfs4_lock_state.238142* [ null, %6 ], [ %63, %94 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #78 %17 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %12, align 8 %18 = getelementptr %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %17, i64 0, i32 0 %19 = icmp eq %struct.list_head* %18, %11 br i1 %19, label %47, label %20 %21 = phi %struct.nfs4_lock_state.238142* [ %30, %26 ], [ %17, %15 ] %22 = phi %struct.nfs4_lock_state.238142* [ %28, %26 ], [ null, %15 ] %23 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %21, i64 0, i32 6 %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, %8 br i1 %25, label %33, label %26 %27 = icmp eq i8* %24, null %28 = select i1 %27, %struct.nfs4_lock_state.238142* %21, %struct.nfs4_lock_state.238142* %22 %29 = bitcast %struct.nfs4_lock_state.238142* %21 to %struct.nfs4_lock_state.238142** %30 = load %struct.nfs4_lock_state.238142*, %struct.nfs4_lock_state.238142** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %11 br i1 %32, label %33, label %20 %34 = phi %struct.nfs4_lock_state.238142* [ %28, %26 ], [ %21, %20 ] %35 = icmp eq %struct.nfs4_lock_state.238142* %34, null br i1 %35, label %47, label %36 %48 = icmp eq %struct.nfs4_lock_state.238142* %16, null br i1 %48, label %57, label %49 %50 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %16, i64 0, i32 0 %51 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %52 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %17, i64 0, i32 0, i32 1 store %struct.list_head* %50, %struct.list_head** %52, align 8 %53 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %16, i64 0, i32 0, i32 0 store %struct.list_head* %18, %struct.list_head** %53, align 8 %54 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %16, i64 0, i32 0, i32 1 store %struct.list_head* %11, %struct.list_head** %54, align 8 store volatile %struct.list_head* %50, %struct.list_head** %51, align 8 %55 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %56 = bitcast i64* %55 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i32 1, i8* %56) #6, !srcloc !8 br label %99 %100 = phi %struct.nfs4_lock_state.238142* [ %16, %49 ], [ %34, %46 ], [ %34, %42 ], [ %34, %41 ] %101 = phi %struct.nfs4_lock_state.238142* [ null, %49 ], [ %16, %46 ], [ %16, %42 ], [ %16, %41 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %102 = icmp eq %struct.nfs4_lock_state.238142* %101, null br i1 %102, label %112, label %103 %104 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %14, align 8 %105 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %104, i64 0, i32 0 %106 = load %struct.nfs_server.238083*, %struct.nfs_server.238083** %105, align 8 %107 = getelementptr inbounds %struct.nfs_server.238083, %struct.nfs_server.238083* %106, i64 0, i32 46 %108 = getelementptr inbounds %struct.nfs4_lock_state.238142, %struct.nfs4_lock_state.238142* %101, i64 0, i32 3, i32 1 %109 = load i32, i32* %108, align 8 tail call void @ida_free(%struct.ida* %107, i32 %109) #78 ------------- Good: 136 Bad: 9 Ignored: 81 Check Use of Function:call_blocking_lsm_notifier Check Use of Function:netdev_state_change Check Use of Function:ext4_ind_truncate_ensure_credits Check Use of Function:ipcns_install Check Use of Function:create_empty_buffers Check Use of Function:llist_add_batch Use: =BAD PATH= Call Stack: 0 __put_net 1 put_fs_context 2 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.158414*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #78 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 5 %3 = load %struct.dentry.158354*, %struct.dentry.158354** %2, align 8 %4 = icmp eq %struct.dentry.158354* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.157989*, %struct.fs_context_operations.157989** %15, align 8 %17 = icmp eq %struct.fs_context_operations.157989* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.157989, %struct.fs_context_operations.157989* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.158414*)*, void (%struct.fs_context.158414*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.158414*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #78 %25 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %26) #78 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.63399) #78 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %9) #78 tail call void @generic_fillattr(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %9, %struct.kstat* %2) #79 %11 = icmp eq %struct.net* %10, null br i1 %11, label %28, label %12 %13 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 16 %14 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %13, align 32 %15 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %14, i64 0, i32 13 %16 = load i32, i32* %15, align 8 %17 = getelementptr inbounds %struct.kstat, %struct.kstat* %2, i64 0, i32 2 store i32 %16, i32* %17, align 8 %18 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 -1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 1 br i1 %21, label %27, label %22 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* nonnull %10) #79 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.63399) #78 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.net** %8 = load %struct.net*, %struct.net** %7, align 8 %9 = getelementptr inbounds %struct.net, %struct.net* %8, i64 0, i32 14, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %8) #78 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.63399) #78 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.possible_net_t** %8 = load %struct.possible_net_t*, %struct.possible_net_t** %7, align 8 %9 = getelementptr inbounds %struct.possible_net_t, %struct.possible_net_t* %8, i64 0, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %10) #78 Function:__put_net %2 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 9 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.63399) #78 ------------- Use: =BAD PATH= Call Stack: 0 netns_put ------------- Path:  Function:netns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -3, i32 2 %13 = bitcast i32* %12 to %struct.llist_node* %14 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %13, %struct.llist_node* %13, %struct.llist_node* nonnull @cleanup_list.63399) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsr_safe_regs_on_cpu 3 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %63, label %16 %17 = inttoptr i64 %2 to i8* %18 = call i64 @_copy_from_user(i8* nonnull %5, i8* %17, i64 32) #78 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %63 %21 = getelementptr inbounds [8 x i32], [8 x i32]* %4, i64 0, i64 0 %22 = call i32 @rdmsr_safe_regs_on_cpu(i32 %10, i32* nonnull %21) #78 Function:rdmsr_safe_regs_on_cpu %3 = alloca %struct.debugfs_u32_array, align 8 %4 = bitcast %struct.debugfs_u32_array* %3 to i8* %5 = getelementptr inbounds %struct.debugfs_u32_array, %struct.debugfs_u32_array* %3, i64 0, i32 0 store i32* %1, i32** %5, align 8 %6 = getelementptr inbounds %struct.debugfs_u32_array, %struct.debugfs_u32_array* %3, i64 0, i32 1 store i32 -5, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_safe_regs_on_cpu, i8* nonnull %4, i32 1) #78 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !11, !misexpect !12 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #78 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !12 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsr_safe_regs_on_cpu 3 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %63, label %16 %17 = inttoptr i64 %2 to i8* %18 = call i64 @_copy_from_user(i8* nonnull %5, i8* %17, i64 32) #78 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %63 %21 = getelementptr inbounds [8 x i32], [8 x i32]* %4, i64 0, i64 0 %22 = call i32 @rdmsr_safe_regs_on_cpu(i32 %10, i32* nonnull %21) #78 Function:rdmsr_safe_regs_on_cpu %3 = alloca %struct.debugfs_u32_array, align 8 %4 = bitcast %struct.debugfs_u32_array* %3 to i8* %5 = getelementptr inbounds %struct.debugfs_u32_array, %struct.debugfs_u32_array* %3, i64 0, i32 0 store i32* %1, i32** %5, align 8 %6 = getelementptr inbounds %struct.debugfs_u32_array, %struct.debugfs_u32_array* %3, i64 0, i32 1 store i32 -5, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_safe_regs_on_cpu, i8* nonnull %4, i32 1) #78 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !11, !misexpect !12 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #78 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !12 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsrl_on_cpu 3 energy_perf_bias_store ------------- Path:  Function:energy_perf_bias_store %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 29 %8 = load i32, i32* %7, align 8 %9 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %10 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %11 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([5 x i8*], [5 x i8*]* @energy_perf_strings, i64 0, i64 0), i64 5, i8* %2) #78 %12 = icmp sgt i32 %11, -1 br i1 %12, label %13, label %18 %19 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %6) #78 %20 = icmp ne i32 %19, 0 %21 = load i64, i64* %6, align 8 %22 = icmp ugt i64 %21, 15 %23 = or i1 %20, %22 br i1 %23, label %38, label %24 %25 = call i32 @rdmsrl_on_cpu(i32 %8, i32 432, i64* nonnull %5) #78 Function:rdmsrl_on_cpu %4 = alloca %struct.msr_info, align 8 %5 = bitcast %struct.msr_info* %4 to i8* %6 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %4, i64 0, i32 0 %7 = bitcast %struct.msr_info* %4 to i8* store i32 %1, i32* %6, align 8 %8 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_on_cpu, i8* nonnull %5, i32 1) #78 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !11, !misexpect !12 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #78 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !12 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsrl_on_cpu 3 energy_perf_bias_show ------------- Path:  Function:energy_perf_bias_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 29 %6 = load i32, i32* %5, align 8 %7 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %8 = call i32 @rdmsrl_on_cpu(i32 %6, i32 432, i64* nonnull %4) #78 Function:rdmsrl_on_cpu %4 = alloca %struct.msr_info, align 8 %5 = bitcast %struct.msr_info* %4 to i8* %6 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %4, i64 0, i32 0 %7 = bitcast %struct.msr_info* %4 to i8* store i32 %1, i32* %6, align 8 %8 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_on_cpu, i8* nonnull %5, i32 1) #78 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !11, !misexpect !12 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #78 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !12 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_safe_on_cpu 3 msr_write ------------- Path:  Function:msr_write %5 = alloca i64, align 8 %6 = bitcast i64* %5 to [2 x i32]* %7 = bitcast i8* %1 to i32* %8 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 13 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 1048575 %16 = tail call i32 @security_locked_down(i32 8) #78 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = load i32, i32* @allow_writes, align 4 switch i32 %21, label %22 [ i32 0, label %33 i32 1, label %65 ] %23 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @filter_write.fw_rs, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.filter_write, i64 0, i64 0)) #78 %24 = icmp eq i32 %23, 0 br i1 %24, label %33, label %25 %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 87, i64 0 %29 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 53 %30 = load i32, i32* %29, align 8 %31 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([56 x i8], [56 x i8]* @.str.6.3480, i64 0, i64 0), i32 %10, i8* %28, i32 %30) #79 %32 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([91 x i8], [91 x i8]* @.str.7.3481, i64 0, i64 0)) #79 br label %33 %34 = and i64 %2, 7 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %65 %37 = icmp eq i64 %2, 0 br i1 %37, label %63, label %38 %39 = bitcast i64* %5 to i32* %40 = getelementptr inbounds [2 x i32], [2 x i32]* %6, i64 0, i64 1 br label %41 %42 = phi i64 [ 0, %38 ], [ %55, %53 ] %43 = phi i32* [ %7, %38 ], [ %54, %53 ] %44 = phi i64 [ %2, %38 ], [ %56, %53 ] %45 = bitcast i32* %43 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %8, i8* %45, i64 8) #78 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %58 call void @add_taint(i32 2, i32 0) #78 %49 = load i32, i32* %39, align 8 %50 = load i32, i32* %40, align 4 %51 = call i32 @wrmsr_safe_on_cpu(i32 %15, i32 %10, i32 %49, i32 %50) #78 Function:wrmsr_safe_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 %8 = bitcast %struct.msr_info* %5 to i8* store i32 %1, i32* %7, align 8 %9 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %10 = bitcast %struct.anon.1* %9 to %struct.util_est* %11 = bitcast %struct.anon.1* %9 to i32* store i32 %2, i32* %11, align 8 %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 store i32 %3, i32* %12, align 4 %13 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_safe_on_cpu, i8* nonnull %6, i32 1) #78 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !11, !misexpect !12 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #78 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !12 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 arch_freq_prepare_all 3 cpuinfo_open ------------- Path:  Function:cpuinfo_open tail call void @arch_freq_prepare_all() #78 Function:arch_freq_prepare_all %1 = tail call i64 @ktime_get() #78 %2 = load i32, i32* @cpu_khz, align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %55, label %4 %5 = load volatile i64, i64* bitcast (i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 1, i64 0) to i64*), align 8 %6 = and i64 %5, 1152921504606846976 %7 = icmp eq i64 %6, 0 br i1 %7, label %55, label %8 %9 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_online_mask) #79 %10 = load i32, i32* @nr_cpu_ids, align 4 %11 = icmp ult i32 %9, %10 br i1 %11, label %12, label %55 %13 = phi i32 [ %47, %45 ], [ %9, %8 ] %14 = phi i8 [ %46, %45 ], [ 0, %8 ] br label %15 %16 = phi i32 [ %13, %12 ], [ %22, %21 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @housekeeping_overridden to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@arch_freq_prepare_all, %17)) #6 to label %19 [label %17], !srcloc !4 %20 = tail call zeroext i1 @rcu_is_idle_cpu(i32 %16) #78 br i1 %20, label %21, label %25 %26 = sext i32 %16 to i64 %27 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %26 %28 = load i64, i64* %27, align 8 %29 = add i64 %28, ptrtoint (i64* getelementptr inbounds (%struct.aperfmperf_sample, %struct.aperfmperf_sample* @samples, i64 0, i32 2) to i64) %30 = inttoptr i64 %29 to i64* %31 = load i64, i64* %30, align 8 %32 = sub i64 %1, %31 %33 = icmp slt i64 %32, 10000000 br i1 %33, label %44, label %34 %35 = add i64 %28, ptrtoint (%struct.aperfmperf_sample* @samples to i64) %36 = inttoptr i64 %35 to %struct.aperfmperf_sample* %37 = getelementptr inbounds %struct.aperfmperf_sample, %struct.aperfmperf_sample* %36, i64 0, i32 1, i32 0 %38 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %37, i32 1, i32* %37) #6, !srcloc !5 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %42 %41 = tail call i32 @smp_call_function_single(i32 %16, void (i8*)* nonnull @aperfmperf_snapshot_khz, i8* null, i32 0) #78 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %8 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %9 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %11 = zext i32 %10 to i64 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %11) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %24, label %15 %25 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %26 = and i32 %25, 16711936 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28, !prof !11, !misexpect !12 %30 = icmp eq i32 %3, 0 br i1 %30, label %31, label %48 store void (i8*)* %1, void (i8*)** %8, align 16 store i8* %2, i8** %7, align 8 %49 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6) #78 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !12 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single_async 2 rdmsr_safe_on_cpu 3 msr_read ------------- Path:  Function:msr_read %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 13 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1048575 %14 = and i64 %2, 7 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %45 %17 = bitcast i64* %5 to [2 x i32]* %18 = bitcast i64* %5 to i32* %19 = getelementptr inbounds [2 x i32], [2 x i32]* %17, i64 0, i64 1 %20 = icmp eq i64 %2, 0 br i1 %20, label %43, label %21 %22 = bitcast i8* %1 to i32* br label %23 %24 = phi i64 [ %35, %33 ], [ 0, %21 ] %25 = phi i32* [ %34, %33 ], [ %22, %21 ] %26 = phi i64 [ %36, %33 ], [ %2, %21 ] %27 = call i32 @rdmsr_safe_on_cpu(i32 %13, i32 %8, i32* nonnull %18, i32* %19) #78 Function:rdmsr_safe_on_cpu %5 = alloca %struct.msr_info_completion, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.msr_info_completion* %5 to i8* %8 = bitcast %struct.__call_single_data* %6 to i8* %9 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %10 = bitcast %struct.__call_single_data* %6 to i8* store void (i8*)* @__rdmsr_safe_on_cpu, void (i8*)** %9, align 16 %11 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %12 = bitcast i8** %11 to %struct.msr_info_completion** store %struct.msr_info_completion* %5, %struct.msr_info_completion** %12, align 8 %13 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 1, i32 1 %14 = bitcast %struct.msr_info_completion* %5 to i8* call void @__init_swait_queue_head(%struct.swait_queue_head* %13, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.1.28507, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key.28508) #78 %15 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 0, i32 0 store i32 %1, i32* %15, align 8 %16 = call i32 @smp_call_function_single_async(i32 %0, %struct.__call_single_data* nonnull %6) #78 Function:smp_call_function_single_async tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 1, i32 0 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 store i32 1, i32* %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = tail call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* %1) #78 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !12 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single_async 2 cpuid_read ------------- Path:  Function:cpuid_read %5 = alloca %struct.cpuid_regs_done, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.cpuid_regs_done* %5 to i8* %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %9, i64 0, i32 13 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1048575 %13 = and i64 %2, 15 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %57 %16 = load i64, i64* %3, align 8 %17 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1 %18 = getelementptr inbounds %struct.completion, %struct.completion* %17, i64 0, i32 0 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1, i32 1 call void @__init_swait_queue_head(%struct.swait_queue_head* %19, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.4.3489, i64 0, i64 0), %struct.lock_class_key* nonnull @init_completion.__key) #78 %20 = icmp eq i64 %2, 0 br i1 %20, label %55, label %21 %22 = bitcast %struct.__call_single_data* %6 to i8* %23 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %24 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %25 = bitcast i8** %24 to %struct.cpuid_regs_done** %26 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 0, i32 0 %27 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 0, i32 2 %28 = bitcast %struct.__call_single_data* %6 to i8* br label %29 %30 = phi i64 [ %2, %21 ], [ %48, %44 ] %31 = phi i64 [ 0, %21 ], [ %46, %44 ] %32 = phi i64 [ %16, %21 ], [ %47, %44 ] %33 = phi i8* [ %1, %21 ], [ %45, %44 ] store void (i8*)* @cpuid_smp_cpuid, void (i8*)** %23, align 16 store %struct.cpuid_regs_done* %5, %struct.cpuid_regs_done** %25, align 8 %34 = trunc i64 %32 to i32 store i32 %34, i32* %26, align 8 %35 = lshr i64 %32, 32 %36 = trunc i64 %35 to i32 store i32 %36, i32* %27, align 8 %37 = call i32 @smp_call_function_single_async(i32 %12, %struct.__call_single_data* nonnull %6) #78 Function:smp_call_function_single_async tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 1, i32 0 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %9 store i32 1, i32* %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = tail call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* %1) #78 Function:generic_exec_single %3 = alloca i64, align 8 %4 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %5 = icmp eq i32 %4, %0 br i1 %5, label %6, label %22 %23 = load i32, i32* @nr_cpu_ids, align 4 %24 = icmp ugt i32 %23, %0 br i1 %24, label %25, label %30 %26 = zext i32 %0 to i64 %27 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %26) #6, !srcloc !12 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %37 %38 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0, i32 0 %39 = sext i32 %0 to i64 %40 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %39 %41 = load i64, i64* %40, align 8 %42 = add i64 %41, ptrtoint (%struct.llist_node* @call_single_queue to i64) %43 = inttoptr i64 %42 to %struct.llist_node* %44 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %38, %struct.llist_node* %38, %struct.llist_node* %43) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 do_notify_parent 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 Function:do_notify_parent %3 = alloca %struct.kernel_siginfo, align 8 %4 = bitcast %struct.kernel_siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5502, i64 0, i64 0), i32 2030, i32 2307, i64 12) #6, !srcloc !6 br label %7 %8 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 1 %9 = load volatile i32, i32* %8, align 8 %10 = and i32 %9, 12 %11 = icmp eq i32 %10, 0 br i1 %11, label %13, label %12, !prof !7, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 42 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 63 %34 = load %struct.pid.51755*, %struct.pid.51755** %33, align 32 %35 = getelementptr inbounds %struct.pid.51755, %struct.pid.51755* %34, i64 0, i32 5 tail call void @__wake_up(%struct.wait_queue_head* %35, i32 3, i32 0, i8* null) #78 %36 = icmp eq i32 %1, 17 br i1 %36, label %46, label %37 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 110 %39 = load i64, i64* %38, align 64 %40 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %41 = load %struct.task_struct.51970*, %struct.task_struct.51970** %40, align 16 %42 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %41, i64 0, i32 111 %43 = load volatile i64, i64* %42, align 8 %44 = icmp eq i64 %39, %43 %45 = select i1 %44, i32 %1, i32 17 br label %46 %47 = phi i32 [ 17, %32 ], [ %45, %37 ] %48 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %49 = bitcast i32* %48 to i8* %50 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %47, i32* %50, align 8 %51 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %51, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %52 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %53 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %54 = tail call %struct.pid_namespace.51753* bitcast (%struct.pid_namespace* (%struct.task_struct*)* @task_active_pid_ns to %struct.pid_namespace.51753* (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %53) #78 %55 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %0, i32 0, %struct.pid_namespace.51753* %54) #78 %56 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %55, i32* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %57 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %58 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %57, i64 0, i32 84 %59 = load volatile %struct.cred*, %struct.cred** %58, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %60 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 84 %61 = load volatile %struct.cred*, %struct.cred** %60, align 8 %62 = getelementptr inbounds %struct.cred, %struct.cred* %61, i64 0, i32 1, i32 0 %63 = load i32, i32* %62, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %64 = icmp eq i32 %63, -1 %65 = load i32, i32* @overflowuid, align 4 %66 = select i1 %64, i32 %65, i32 %63 %67 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %66, i32* %67, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %68 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 71 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 72 %71 = load i64, i64* %70, align 16 %72 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %73 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %74 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %73, i64 0, i32 26 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %69 %77 = tail call i64 @nsec_to_clock_t(i64 %76) #78 %78 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 3 store i64 %77, i64* %78, align 8 %79 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %80 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %79, i64 0, i32 27 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, %71 %83 = tail call i64 @nsec_to_clock_t(i64 %82) #78 %84 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 4 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 43 %86 = load i32, i32* %85, align 16 %87 = and i32 %86, 127 %88 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 2 store i32 %87, i32* %88, align 8 %89 = trunc i32 %86 to i8 %90 = icmp sgt i8 %89, -1 br i1 %90, label %93, label %91 %94 = icmp eq i32 %87, 0 %95 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 br i1 %94, label %97, label %96 store i32 2, i32* %95, align 8 br label %99 %100 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %101 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %100, i64 0, i32 96 %102 = load %struct.sighand_struct*, %struct.sighand_struct** %101, align 8 %103 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 0, i32 0, i32 0 %104 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %103) #78 %105 = load i32, i32* %14, align 16 %106 = icmp eq i32 %105, 0 %107 = icmp eq i32 %47, 17 %108 = and i1 %107, %106 br i1 %108, label %109, label %118 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 0 %111 = load void (i32)*, void (i32)** %110, align 8 %112 = icmp eq void (i32)* %111, inttoptr (i64 1 to void (i32)*) br i1 %112, label %126, label %113 %114 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 1 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 2 %117 = icmp ne i64 %116, 0 br label %121 %122 = phi i32 [ %47, %118 ], [ 17, %113 ] %123 = phi i1 [ false, %118 ], [ %117, %113 ] %124 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %125 = call fastcc i32 @__send_signal(i32 %122, %struct.kernel_siginfo* nonnull %3, %struct.task_struct.51970* %124, i32 1, i1 zeroext false) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 do_notify_parent 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 Function:do_notify_parent %3 = alloca %struct.kernel_siginfo, align 8 %4 = bitcast %struct.kernel_siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5502, i64 0, i64 0), i32 2030, i32 2307, i64 12) #6, !srcloc !6 br label %7 %8 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 1 %9 = load volatile i32, i32* %8, align 8 %10 = and i32 %9, 12 %11 = icmp eq i32 %10, 0 br i1 %11, label %13, label %12, !prof !7, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 42 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 63 %34 = load %struct.pid.51755*, %struct.pid.51755** %33, align 32 %35 = getelementptr inbounds %struct.pid.51755, %struct.pid.51755* %34, i64 0, i32 5 tail call void @__wake_up(%struct.wait_queue_head* %35, i32 3, i32 0, i8* null) #78 %36 = icmp eq i32 %1, 17 br i1 %36, label %46, label %37 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 110 %39 = load i64, i64* %38, align 64 %40 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %41 = load %struct.task_struct.51970*, %struct.task_struct.51970** %40, align 16 %42 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %41, i64 0, i32 111 %43 = load volatile i64, i64* %42, align 8 %44 = icmp eq i64 %39, %43 %45 = select i1 %44, i32 %1, i32 17 br label %46 %47 = phi i32 [ 17, %32 ], [ %45, %37 ] %48 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %49 = bitcast i32* %48 to i8* %50 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %47, i32* %50, align 8 %51 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %51, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %52 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %53 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %54 = tail call %struct.pid_namespace.51753* bitcast (%struct.pid_namespace* (%struct.task_struct*)* @task_active_pid_ns to %struct.pid_namespace.51753* (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %53) #78 %55 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %0, i32 0, %struct.pid_namespace.51753* %54) #78 %56 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %55, i32* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %57 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %58 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %57, i64 0, i32 84 %59 = load volatile %struct.cred*, %struct.cred** %58, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %60 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 84 %61 = load volatile %struct.cred*, %struct.cred** %60, align 8 %62 = getelementptr inbounds %struct.cred, %struct.cred* %61, i64 0, i32 1, i32 0 %63 = load i32, i32* %62, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %64 = icmp eq i32 %63, -1 %65 = load i32, i32* @overflowuid, align 4 %66 = select i1 %64, i32 %65, i32 %63 %67 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %66, i32* %67, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %68 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 71 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 72 %71 = load i64, i64* %70, align 16 %72 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %73 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %74 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %73, i64 0, i32 26 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %69 %77 = tail call i64 @nsec_to_clock_t(i64 %76) #78 %78 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 3 store i64 %77, i64* %78, align 8 %79 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %80 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %79, i64 0, i32 27 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, %71 %83 = tail call i64 @nsec_to_clock_t(i64 %82) #78 %84 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 4 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 43 %86 = load i32, i32* %85, align 16 %87 = and i32 %86, 127 %88 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 2 store i32 %87, i32* %88, align 8 %89 = trunc i32 %86 to i8 %90 = icmp sgt i8 %89, -1 br i1 %90, label %93, label %91 %94 = icmp eq i32 %87, 0 %95 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 br i1 %94, label %97, label %96 store i32 2, i32* %95, align 8 br label %99 %100 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %101 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %100, i64 0, i32 96 %102 = load %struct.sighand_struct*, %struct.sighand_struct** %101, align 8 %103 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 0, i32 0, i32 0 %104 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %103) #78 %105 = load i32, i32* %14, align 16 %106 = icmp eq i32 %105, 0 %107 = icmp eq i32 %47, 17 %108 = and i1 %107, %106 br i1 %108, label %109, label %118 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 0 %111 = load void (i32)*, void (i32)** %110, align 8 %112 = icmp eq void (i32)* %111, inttoptr (i64 1 to void (i32)*) br i1 %112, label %126, label %113 %114 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 1 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 2 %117 = icmp ne i64 %116, 0 br label %121 %122 = phi i32 [ %47, %118 ], [ 17, %113 ] %123 = phi i1 [ false, %118 ], [ %117, %113 ] %124 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %125 = call fastcc i32 @__send_signal(i32 %122, %struct.kernel_siginfo* nonnull %3, %struct.task_struct.51970* %124, i32 1, i1 zeroext false) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 do_notify_parent 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 Function:do_notify_parent %3 = alloca %struct.kernel_siginfo, align 8 %4 = bitcast %struct.kernel_siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5502, i64 0, i64 0), i32 2030, i32 2307, i64 12) #6, !srcloc !6 br label %7 %8 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 1 %9 = load volatile i32, i32* %8, align 8 %10 = and i32 %9, 12 %11 = icmp eq i32 %10, 0 br i1 %11, label %13, label %12, !prof !7, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 42 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 63 %34 = load %struct.pid.51755*, %struct.pid.51755** %33, align 32 %35 = getelementptr inbounds %struct.pid.51755, %struct.pid.51755* %34, i64 0, i32 5 tail call void @__wake_up(%struct.wait_queue_head* %35, i32 3, i32 0, i8* null) #78 %36 = icmp eq i32 %1, 17 br i1 %36, label %46, label %37 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 110 %39 = load i64, i64* %38, align 64 %40 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %41 = load %struct.task_struct.51970*, %struct.task_struct.51970** %40, align 16 %42 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %41, i64 0, i32 111 %43 = load volatile i64, i64* %42, align 8 %44 = icmp eq i64 %39, %43 %45 = select i1 %44, i32 %1, i32 17 br label %46 %47 = phi i32 [ 17, %32 ], [ %45, %37 ] %48 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %49 = bitcast i32* %48 to i8* %50 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %47, i32* %50, align 8 %51 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %51, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %52 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %53 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %54 = tail call %struct.pid_namespace.51753* bitcast (%struct.pid_namespace* (%struct.task_struct*)* @task_active_pid_ns to %struct.pid_namespace.51753* (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %53) #78 %55 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %0, i32 0, %struct.pid_namespace.51753* %54) #78 %56 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %55, i32* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %57 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %58 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %57, i64 0, i32 84 %59 = load volatile %struct.cred*, %struct.cred** %58, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %60 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 84 %61 = load volatile %struct.cred*, %struct.cred** %60, align 8 %62 = getelementptr inbounds %struct.cred, %struct.cred* %61, i64 0, i32 1, i32 0 %63 = load i32, i32* %62, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %64 = icmp eq i32 %63, -1 %65 = load i32, i32* @overflowuid, align 4 %66 = select i1 %64, i32 %65, i32 %63 %67 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %66, i32* %67, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %68 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 71 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 72 %71 = load i64, i64* %70, align 16 %72 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %73 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %74 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %73, i64 0, i32 26 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %69 %77 = tail call i64 @nsec_to_clock_t(i64 %76) #78 %78 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 3 store i64 %77, i64* %78, align 8 %79 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %80 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %79, i64 0, i32 27 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, %71 %83 = tail call i64 @nsec_to_clock_t(i64 %82) #78 %84 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 4 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 43 %86 = load i32, i32* %85, align 16 %87 = and i32 %86, 127 %88 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 2 store i32 %87, i32* %88, align 8 %89 = trunc i32 %86 to i8 %90 = icmp sgt i8 %89, -1 br i1 %90, label %93, label %91 %94 = icmp eq i32 %87, 0 %95 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 br i1 %94, label %97, label %96 store i32 2, i32* %95, align 8 br label %99 %100 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %101 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %100, i64 0, i32 96 %102 = load %struct.sighand_struct*, %struct.sighand_struct** %101, align 8 %103 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 0, i32 0, i32 0 %104 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %103) #78 %105 = load i32, i32* %14, align 16 %106 = icmp eq i32 %105, 0 %107 = icmp eq i32 %47, 17 %108 = and i1 %107, %106 br i1 %108, label %109, label %118 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 0 %111 = load void (i32)*, void (i32)** %110, align 8 %112 = icmp eq void (i32)* %111, inttoptr (i64 1 to void (i32)*) br i1 %112, label %126, label %113 %114 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 1 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 2 %117 = icmp ne i64 %116, 0 br label %121 %122 = phi i32 [ %47, %118 ], [ 17, %113 ] %123 = phi i1 [ false, %118 ], [ %117, %113 ] %124 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %125 = call fastcc i32 @__send_signal(i32 %122, %struct.kernel_siginfo* nonnull %3, %struct.task_struct.51970* %124, i32 1, i1 zeroext false) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 do_notify_parent 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 Function:do_notify_parent %3 = alloca %struct.kernel_siginfo, align 8 %4 = bitcast %struct.kernel_siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5502, i64 0, i64 0), i32 2030, i32 2307, i64 12) #6, !srcloc !6 br label %7 %8 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 1 %9 = load volatile i32, i32* %8, align 8 %10 = and i32 %9, 12 %11 = icmp eq i32 %10, 0 br i1 %11, label %13, label %12, !prof !7, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 42 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 63 %34 = load %struct.pid.51755*, %struct.pid.51755** %33, align 32 %35 = getelementptr inbounds %struct.pid.51755, %struct.pid.51755* %34, i64 0, i32 5 tail call void @__wake_up(%struct.wait_queue_head* %35, i32 3, i32 0, i8* null) #78 %36 = icmp eq i32 %1, 17 br i1 %36, label %46, label %37 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 110 %39 = load i64, i64* %38, align 64 %40 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %41 = load %struct.task_struct.51970*, %struct.task_struct.51970** %40, align 16 %42 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %41, i64 0, i32 111 %43 = load volatile i64, i64* %42, align 8 %44 = icmp eq i64 %39, %43 %45 = select i1 %44, i32 %1, i32 17 br label %46 %47 = phi i32 [ 17, %32 ], [ %45, %37 ] %48 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %49 = bitcast i32* %48 to i8* %50 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %47, i32* %50, align 8 %51 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %51, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %52 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %53 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %54 = tail call %struct.pid_namespace.51753* bitcast (%struct.pid_namespace* (%struct.task_struct*)* @task_active_pid_ns to %struct.pid_namespace.51753* (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %53) #78 %55 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %0, i32 0, %struct.pid_namespace.51753* %54) #78 %56 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %55, i32* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %57 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %58 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %57, i64 0, i32 84 %59 = load volatile %struct.cred*, %struct.cred** %58, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %60 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 84 %61 = load volatile %struct.cred*, %struct.cred** %60, align 8 %62 = getelementptr inbounds %struct.cred, %struct.cred* %61, i64 0, i32 1, i32 0 %63 = load i32, i32* %62, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %64 = icmp eq i32 %63, -1 %65 = load i32, i32* @overflowuid, align 4 %66 = select i1 %64, i32 %65, i32 %63 %67 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %66, i32* %67, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %68 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 71 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 72 %71 = load i64, i64* %70, align 16 %72 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %73 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %74 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %73, i64 0, i32 26 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %69 %77 = tail call i64 @nsec_to_clock_t(i64 %76) #78 %78 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 3 store i64 %77, i64* %78, align 8 %79 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %80 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %79, i64 0, i32 27 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, %71 %83 = tail call i64 @nsec_to_clock_t(i64 %82) #78 %84 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 4 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 43 %86 = load i32, i32* %85, align 16 %87 = and i32 %86, 127 %88 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 2 store i32 %87, i32* %88, align 8 %89 = trunc i32 %86 to i8 %90 = icmp sgt i8 %89, -1 br i1 %90, label %93, label %91 %94 = icmp eq i32 %87, 0 %95 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 br i1 %94, label %97, label %96 store i32 2, i32* %95, align 8 br label %99 %100 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %101 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %100, i64 0, i32 96 %102 = load %struct.sighand_struct*, %struct.sighand_struct** %101, align 8 %103 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 0, i32 0, i32 0 %104 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %103) #78 %105 = load i32, i32* %14, align 16 %106 = icmp eq i32 %105, 0 %107 = icmp eq i32 %47, 17 %108 = and i1 %107, %106 br i1 %108, label %109, label %118 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 0 %111 = load void (i32)*, void (i32)** %110, align 8 %112 = icmp eq void (i32)* %111, inttoptr (i64 1 to void (i32)*) br i1 %112, label %126, label %113 %114 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 1 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 2 %117 = icmp ne i64 %116, 0 br label %121 %122 = phi i32 [ %47, %118 ], [ 17, %113 ] %123 = phi i1 [ false, %118 ], [ %117, %113 ] %124 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %125 = call fastcc i32 @__send_signal(i32 %122, %struct.kernel_siginfo* nonnull %3, %struct.task_struct.51970* %124, i32 1, i1 zeroext false) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 do_notify_parent 7 wait_consider_task 8 do_wait 9 kernel_wait4 10 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 Function:do_notify_parent %3 = alloca %struct.kernel_siginfo, align 8 %4 = bitcast %struct.kernel_siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5502, i64 0, i64 0), i32 2030, i32 2307, i64 12) #6, !srcloc !6 br label %7 %8 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 1 %9 = load volatile i32, i32* %8, align 8 %10 = and i32 %9, 12 %11 = icmp eq i32 %10, 0 br i1 %11, label %13, label %12, !prof !7, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 42 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 63 %34 = load %struct.pid.51755*, %struct.pid.51755** %33, align 32 %35 = getelementptr inbounds %struct.pid.51755, %struct.pid.51755* %34, i64 0, i32 5 tail call void @__wake_up(%struct.wait_queue_head* %35, i32 3, i32 0, i8* null) #78 %36 = icmp eq i32 %1, 17 br i1 %36, label %46, label %37 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 110 %39 = load i64, i64* %38, align 64 %40 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %41 = load %struct.task_struct.51970*, %struct.task_struct.51970** %40, align 16 %42 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %41, i64 0, i32 111 %43 = load volatile i64, i64* %42, align 8 %44 = icmp eq i64 %39, %43 %45 = select i1 %44, i32 %1, i32 17 br label %46 %47 = phi i32 [ 17, %32 ], [ %45, %37 ] %48 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %49 = bitcast i32* %48 to i8* %50 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %47, i32* %50, align 8 %51 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %51, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %52 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %53 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %54 = tail call %struct.pid_namespace.51753* bitcast (%struct.pid_namespace* (%struct.task_struct*)* @task_active_pid_ns to %struct.pid_namespace.51753* (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %53) #78 %55 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %0, i32 0, %struct.pid_namespace.51753* %54) #78 %56 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %55, i32* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %57 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %58 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %57, i64 0, i32 84 %59 = load volatile %struct.cred*, %struct.cred** %58, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %60 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 84 %61 = load volatile %struct.cred*, %struct.cred** %60, align 8 %62 = getelementptr inbounds %struct.cred, %struct.cred* %61, i64 0, i32 1, i32 0 %63 = load i32, i32* %62, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %64 = icmp eq i32 %63, -1 %65 = load i32, i32* @overflowuid, align 4 %66 = select i1 %64, i32 %65, i32 %63 %67 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %66, i32* %67, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %68 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 71 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 72 %71 = load i64, i64* %70, align 16 %72 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %73 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %74 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %73, i64 0, i32 26 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %69 %77 = tail call i64 @nsec_to_clock_t(i64 %76) #78 %78 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 3 store i64 %77, i64* %78, align 8 %79 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %80 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %79, i64 0, i32 27 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, %71 %83 = tail call i64 @nsec_to_clock_t(i64 %82) #78 %84 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 4 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 43 %86 = load i32, i32* %85, align 16 %87 = and i32 %86, 127 %88 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 2 store i32 %87, i32* %88, align 8 %89 = trunc i32 %86 to i8 %90 = icmp sgt i8 %89, -1 br i1 %90, label %93, label %91 %94 = icmp eq i32 %87, 0 %95 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 br i1 %94, label %97, label %96 store i32 2, i32* %95, align 8 br label %99 %100 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %101 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %100, i64 0, i32 96 %102 = load %struct.sighand_struct*, %struct.sighand_struct** %101, align 8 %103 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 0, i32 0, i32 0 %104 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %103) #78 %105 = load i32, i32* %14, align 16 %106 = icmp eq i32 %105, 0 %107 = icmp eq i32 %47, 17 %108 = and i1 %107, %106 br i1 %108, label %109, label %118 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 0 %111 = load void (i32)*, void (i32)** %110, align 8 %112 = icmp eq void (i32)* %111, inttoptr (i64 1 to void (i32)*) br i1 %112, label %126, label %113 %114 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 1 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 2 %117 = icmp ne i64 %116, 0 br label %121 %122 = phi i32 [ %47, %118 ], [ 17, %113 ] %123 = phi i1 [ false, %118 ], [ %117, %113 ] %124 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %125 = call fastcc i32 @__send_signal(i32 %122, %struct.kernel_siginfo* nonnull %3, %struct.task_struct.51970* %124, i32 1, i1 zeroext false) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 do_notify_parent 7 wait_consider_task 8 do_wait 9 kernel_waitid 10 __se_compat_sys_waitid 11 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 Function:do_notify_parent %3 = alloca %struct.kernel_siginfo, align 8 %4 = bitcast %struct.kernel_siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5502, i64 0, i64 0), i32 2030, i32 2307, i64 12) #6, !srcloc !6 br label %7 %8 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 1 %9 = load volatile i32, i32* %8, align 8 %10 = and i32 %9, 12 %11 = icmp eq i32 %10, 0 br i1 %11, label %13, label %12, !prof !7, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 42 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 63 %34 = load %struct.pid.51755*, %struct.pid.51755** %33, align 32 %35 = getelementptr inbounds %struct.pid.51755, %struct.pid.51755* %34, i64 0, i32 5 tail call void @__wake_up(%struct.wait_queue_head* %35, i32 3, i32 0, i8* null) #78 %36 = icmp eq i32 %1, 17 br i1 %36, label %46, label %37 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 110 %39 = load i64, i64* %38, align 64 %40 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %41 = load %struct.task_struct.51970*, %struct.task_struct.51970** %40, align 16 %42 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %41, i64 0, i32 111 %43 = load volatile i64, i64* %42, align 8 %44 = icmp eq i64 %39, %43 %45 = select i1 %44, i32 %1, i32 17 br label %46 %47 = phi i32 [ 17, %32 ], [ %45, %37 ] %48 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %49 = bitcast i32* %48 to i8* %50 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %47, i32* %50, align 8 %51 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %51, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %52 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %53 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %54 = tail call %struct.pid_namespace.51753* bitcast (%struct.pid_namespace* (%struct.task_struct*)* @task_active_pid_ns to %struct.pid_namespace.51753* (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %53) #78 %55 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %0, i32 0, %struct.pid_namespace.51753* %54) #78 %56 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %55, i32* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %57 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %58 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %57, i64 0, i32 84 %59 = load volatile %struct.cred*, %struct.cred** %58, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %60 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 84 %61 = load volatile %struct.cred*, %struct.cred** %60, align 8 %62 = getelementptr inbounds %struct.cred, %struct.cred* %61, i64 0, i32 1, i32 0 %63 = load i32, i32* %62, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %64 = icmp eq i32 %63, -1 %65 = load i32, i32* @overflowuid, align 4 %66 = select i1 %64, i32 %65, i32 %63 %67 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %66, i32* %67, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %68 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 71 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 72 %71 = load i64, i64* %70, align 16 %72 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %73 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %74 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %73, i64 0, i32 26 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %69 %77 = tail call i64 @nsec_to_clock_t(i64 %76) #78 %78 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 3 store i64 %77, i64* %78, align 8 %79 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %80 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %79, i64 0, i32 27 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, %71 %83 = tail call i64 @nsec_to_clock_t(i64 %82) #78 %84 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 4 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 43 %86 = load i32, i32* %85, align 16 %87 = and i32 %86, 127 %88 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 2 store i32 %87, i32* %88, align 8 %89 = trunc i32 %86 to i8 %90 = icmp sgt i8 %89, -1 br i1 %90, label %93, label %91 %94 = icmp eq i32 %87, 0 %95 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 br i1 %94, label %97, label %96 store i32 2, i32* %95, align 8 br label %99 %100 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %101 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %100, i64 0, i32 96 %102 = load %struct.sighand_struct*, %struct.sighand_struct** %101, align 8 %103 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 0, i32 0, i32 0 %104 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %103) #78 %105 = load i32, i32* %14, align 16 %106 = icmp eq i32 %105, 0 %107 = icmp eq i32 %47, 17 %108 = and i1 %107, %106 br i1 %108, label %109, label %118 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 0 %111 = load void (i32)*, void (i32)** %110, align 8 %112 = icmp eq void (i32)* %111, inttoptr (i64 1 to void (i32)*) br i1 %112, label %126, label %113 %114 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 1 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 2 %117 = icmp ne i64 %116, 0 br label %121 %122 = phi i32 [ %47, %118 ], [ 17, %113 ] %123 = phi i1 [ false, %118 ], [ %117, %113 ] %124 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %125 = call fastcc i32 @__send_signal(i32 %122, %struct.kernel_siginfo* nonnull %3, %struct.task_struct.51970* %124, i32 1, i1 zeroext false) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 do_notify_parent 7 wait_consider_task 8 do_wait 9 kernel_waitid 10 __se_sys_waitid 11 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 Function:do_notify_parent %3 = alloca %struct.kernel_siginfo, align 8 %4 = bitcast %struct.kernel_siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5502, i64 0, i64 0), i32 2030, i32 2307, i64 12) #6, !srcloc !6 br label %7 %8 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 1 %9 = load volatile i32, i32* %8, align 8 %10 = and i32 %9, 12 %11 = icmp eq i32 %10, 0 br i1 %11, label %13, label %12, !prof !7, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 42 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 63 %34 = load %struct.pid.51755*, %struct.pid.51755** %33, align 32 %35 = getelementptr inbounds %struct.pid.51755, %struct.pid.51755* %34, i64 0, i32 5 tail call void @__wake_up(%struct.wait_queue_head* %35, i32 3, i32 0, i8* null) #78 %36 = icmp eq i32 %1, 17 br i1 %36, label %46, label %37 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 110 %39 = load i64, i64* %38, align 64 %40 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %41 = load %struct.task_struct.51970*, %struct.task_struct.51970** %40, align 16 %42 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %41, i64 0, i32 111 %43 = load volatile i64, i64* %42, align 8 %44 = icmp eq i64 %39, %43 %45 = select i1 %44, i32 %1, i32 17 br label %46 %47 = phi i32 [ 17, %32 ], [ %45, %37 ] %48 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %49 = bitcast i32* %48 to i8* %50 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %47, i32* %50, align 8 %51 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %51, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %52 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %53 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %54 = tail call %struct.pid_namespace.51753* bitcast (%struct.pid_namespace* (%struct.task_struct*)* @task_active_pid_ns to %struct.pid_namespace.51753* (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %53) #78 %55 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %0, i32 0, %struct.pid_namespace.51753* %54) #78 %56 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %55, i32* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %57 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %58 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %57, i64 0, i32 84 %59 = load volatile %struct.cred*, %struct.cred** %58, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %60 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 84 %61 = load volatile %struct.cred*, %struct.cred** %60, align 8 %62 = getelementptr inbounds %struct.cred, %struct.cred* %61, i64 0, i32 1, i32 0 %63 = load i32, i32* %62, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %64 = icmp eq i32 %63, -1 %65 = load i32, i32* @overflowuid, align 4 %66 = select i1 %64, i32 %65, i32 %63 %67 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %66, i32* %67, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %68 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 71 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 72 %71 = load i64, i64* %70, align 16 %72 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %73 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %74 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %73, i64 0, i32 26 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %69 %77 = tail call i64 @nsec_to_clock_t(i64 %76) #78 %78 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 3 store i64 %77, i64* %78, align 8 %79 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %80 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %79, i64 0, i32 27 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, %71 %83 = tail call i64 @nsec_to_clock_t(i64 %82) #78 %84 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 4 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 43 %86 = load i32, i32* %85, align 16 %87 = and i32 %86, 127 %88 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 2 store i32 %87, i32* %88, align 8 %89 = trunc i32 %86 to i8 %90 = icmp sgt i8 %89, -1 br i1 %90, label %93, label %91 %94 = icmp eq i32 %87, 0 %95 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 br i1 %94, label %97, label %96 store i32 2, i32* %95, align 8 br label %99 %100 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %101 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %100, i64 0, i32 96 %102 = load %struct.sighand_struct*, %struct.sighand_struct** %101, align 8 %103 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 0, i32 0, i32 0 %104 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %103) #78 %105 = load i32, i32* %14, align 16 %106 = icmp eq i32 %105, 0 %107 = icmp eq i32 %47, 17 %108 = and i1 %107, %106 br i1 %108, label %109, label %118 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 0 %111 = load void (i32)*, void (i32)** %110, align 8 %112 = icmp eq void (i32)* %111, inttoptr (i64 1 to void (i32)*) br i1 %112, label %126, label %113 %114 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 1 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 2 %117 = icmp ne i64 %116, 0 br label %121 %122 = phi i32 [ %47, %118 ], [ 17, %113 ] %123 = phi i1 [ false, %118 ], [ %117, %113 ] %124 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %125 = call fastcc i32 @__send_signal(i32 %122, %struct.kernel_siginfo* nonnull %3, %struct.task_struct.51970* %124, i32 1, i1 zeroext false) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 do_notify_parent 7 wait_consider_task 8 do_wait 9 kernel_waitid 10 __se_sys_waitid 11 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 br label %356 %357 = load i32, i32* %72, align 4 %358 = call zeroext i1 bitcast (i1 (%struct.task_struct.51970*, i32)* @do_notify_parent to i1 (%struct.task_struct.49224*, i32)*)(%struct.task_struct.49224* %2, i32 %357) #78 Function:do_notify_parent %3 = alloca %struct.kernel_siginfo, align 8 %4 = bitcast %struct.kernel_siginfo* %3 to i8* %5 = icmp eq i32 %1, -1 br i1 %5, label %6, label %7, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5502, i64 0, i64 0), i32 2030, i32 2307, i64 12) #6, !srcloc !6 br label %7 %8 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 1 %9 = load volatile i32, i32* %8, align 8 %10 = and i32 %9, 12 %11 = icmp eq i32 %10, 0 br i1 %11, label %13, label %12, !prof !7, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 5 %15 = load i32, i32* %14, align 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 42 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %32, !prof !4, !misexpect !5 %33 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 63 %34 = load %struct.pid.51755*, %struct.pid.51755** %33, align 32 %35 = getelementptr inbounds %struct.pid.51755, %struct.pid.51755* %34, i64 0, i32 5 tail call void @__wake_up(%struct.wait_queue_head* %35, i32 3, i32 0, i8* null) #78 %36 = icmp eq i32 %1, 17 br i1 %36, label %46, label %37 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 110 %39 = load i64, i64* %38, align 64 %40 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %41 = load %struct.task_struct.51970*, %struct.task_struct.51970** %40, align 16 %42 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %41, i64 0, i32 111 %43 = load volatile i64, i64* %42, align 8 %44 = icmp eq i64 %39, %43 %45 = select i1 %44, i32 %1, i32 17 br label %46 %47 = phi i32 [ 17, %32 ], [ %45, %37 ] %48 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %49 = bitcast i32* %48 to i8* %50 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 0 store i32 %47, i32* %50, align 8 %51 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 1 store i32 0, i32* %51, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %52 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 57 %53 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %54 = tail call %struct.pid_namespace.51753* bitcast (%struct.pid_namespace* (%struct.task_struct*)* @task_active_pid_ns to %struct.pid_namespace.51753* (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %53) #78 %55 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %0, i32 0, %struct.pid_namespace.51753* %54) #78 %56 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %55, i32* %56, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %57 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %58 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %57, i64 0, i32 84 %59 = load volatile %struct.cred*, %struct.cred** %58, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %60 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 84 %61 = load volatile %struct.cred*, %struct.cred** %60, align 8 %62 = getelementptr inbounds %struct.cred, %struct.cred* %61, i64 0, i32 1, i32 0 %63 = load i32, i32* %62, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %64 = icmp eq i32 %63, -1 %65 = load i32, i32* @overflowuid, align 4 %66 = select i1 %64, i32 %65, i32 %63 %67 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %66, i32* %67, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 %68 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 71 %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 72 %71 = load i64, i64* %70, align 16 %72 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %73 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %74 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %73, i64 0, i32 26 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %69 %77 = tail call i64 @nsec_to_clock_t(i64 %76) #78 %78 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 3 store i64 %77, i64* %78, align 8 %79 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %72, align 32 %80 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %79, i64 0, i32 27 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, %71 %83 = tail call i64 @nsec_to_clock_t(i64 %82) #78 %84 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 4 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 43 %86 = load i32, i32* %85, align 16 %87 = and i32 %86, 127 %88 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 3, i32 0, i32 2 store i32 %87, i32* %88, align 8 %89 = trunc i32 %86 to i8 %90 = icmp sgt i8 %89, -1 br i1 %90, label %93, label %91 %94 = icmp eq i32 %87, 0 %95 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 br i1 %94, label %97, label %96 store i32 2, i32* %95, align 8 br label %99 %100 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %101 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %100, i64 0, i32 96 %102 = load %struct.sighand_struct*, %struct.sighand_struct** %101, align 8 %103 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 0, i32 0, i32 0 %104 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %103) #78 %105 = load i32, i32* %14, align 16 %106 = icmp eq i32 %105, 0 %107 = icmp eq i32 %47, 17 %108 = and i1 %107, %106 br i1 %108, label %109, label %118 %110 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 0 %111 = load void (i32)*, void (i32)** %110, align 8 %112 = icmp eq void (i32)* %111, inttoptr (i64 1 to void (i32)*) br i1 %112, label %126, label %113 %114 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %102, i64 0, i32 3, i64 16, i32 0, i32 1 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 2 %117 = icmp ne i64 %116, 0 br label %121 %122 = phi i32 [ %47, %118 ], [ 17, %113 ] %123 = phi i1 [ false, %118 ], [ %117, %113 ] %124 = load %struct.task_struct.51970*, %struct.task_struct.51970** %52, align 16 %125 = call fastcc i32 @__send_signal(i32 %122, %struct.kernel_siginfo* nonnull %3, %struct.task_struct.51970* %124, i32 1, i1 zeroext false) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 force_sig_info_to_task 8 force_sig 9 signal_fault 10 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = bitcast %struct.cpumask* %2 to i8* %12 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -4 %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -268 %18 = icmp ult i64 %17, %15 br i1 %18, label %42, label %19, !prof !6, !misexpect !7 %20 = inttoptr i64 %15 to %struct.rt_sigframe_ia32* %22 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %20, i64 0, i32 5, i32 4 %23 = bitcast %struct.kernel_cap_struct* %22 to i64* %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %21) #6, !srcloc !8 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 store i64 %26, i64* %12, align 8 %29 = and i64 %28, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %42, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #78 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %20, i64 0, i32 5, i32 3 %33 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %32) #79 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %42 %36 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %20, i64 0, i32 5, i32 2 %37 = call i32 @compat_restore_altstack(%struct.uid_gid_extent* %36) #78 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %42 %43 = inttoptr i64 %15 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %43, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.3.4769, i64 0, i64 0)) #78 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #78 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 %5 = bitcast %struct.kernel_siginfo* %2 to i8* store i32 %0, i32* %4, align 8 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %6, align 4 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %9, align 4 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.51970* %12 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.51970* %11, i32 0) #78 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %50 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct.51970* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %1, i32 1) #78 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %65 tail call void bitcast (void (%struct.task_struct*)* @kick_process to void (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %1) #78 br label %65 %66 = load void (i32)*, void (i32)** %13, align 8 %67 = icmp eq void (i32)* %66, null br i1 %67, label %68, label %80 %69 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 5 %70 = load i32, i32* %69, align 16 %71 = icmp eq i32 %70, 0 %72 = icmp eq i32 %2, 2 %73 = or i1 %72, %71 br i1 %73, label %74, label %80 %81 = tail call fastcc i32 @send_signal(i32 %5, %struct.kernel_siginfo* %0, %struct.task_struct.51970* %1, i32 0) #79 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 force_sig_info_to_task 8 force_sig 9 signal_fault 10 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = inttoptr i64 %13 to %struct.sigframe_ia32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %18 = add i64 %17, -736 %19 = icmp ult i64 %18, %13 br i1 %19, label %50, label %20, !prof !6, !misexpect !7 %22 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2 %23 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2, i32 26 %24 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %23, i64 4, i64 %21) #6, !srcloc !8 %25 = extractvalue { i32*, i32, i64 } %24, 0 %26 = extractvalue { i32*, i32, i64 } %24, 1 %27 = extractvalue { i32*, i32, i64 } %24, 2 %28 = ptrtoint i32* %25 to i64 %29 = zext i32 %26 to i64 store i64 %29, i64* %16, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %50, !prof !9, !misexpect !10 %34 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 4, i64 0 %35 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %34, i64 4, i64 %33) #6, !srcloc !11 %36 = extractvalue { i32*, i32, i64 } %35, 0 %37 = extractvalue { i32*, i32, i64 } %35, 1 %38 = extractvalue { i32*, i32, i64 } %35, 2 %39 = ptrtoint i32* %36 to i64 %40 = bitcast %struct.cpumask* %2 to i32* %41 = getelementptr inbounds i32, i32* %40, i64 1 store i32 %37, i32* %41, align 4 %42 = and i64 %39, 4294967295 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #78 %45 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %22) #79 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %50 %51 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %51, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4766, i64 0, i64 0)) #78 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #78 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 %5 = bitcast %struct.kernel_siginfo* %2 to i8* store i32 %0, i32* %4, align 8 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %6, align 4 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %8, align 8 %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %9, align 4 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.51970* %12 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.51970* %11, i32 0) #78 Function:force_sig_info_to_task %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %11 = add i32 %5, -1 %12 = sext i32 %11 to i64 %13 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 0 %14 = load void (i32)*, void (i32)** %13, align 8 %15 = icmp eq void (i32)* %14, inttoptr (i64 1 to void (i32)*) %16 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 97, i32 0, i64 0 %17 = load i64, i64* %16, align 8 %18 = zext i32 %11 to i64 %19 = lshr i64 %17, %18 %20 = trunc i64 %19 to i32 %21 = and i32 %20, 1 %22 = icmp eq i32 %21, 0 %23 = or i32 %21, %2 %24 = icmp ne i32 %23, 0 %25 = or i1 %15, %24 br i1 %25, label %26, label %65 store void (i32)* null, void (i32)** %13, align 8 %27 = icmp eq i32 %2, 2 br i1 %27, label %28, label %32 %29 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 3, i64 %12, i32 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = or i64 %30, 8388608 store i64 %31, i64* %29, align 8 br label %32 br i1 %22, label %65, label %33 %34 = shl nuw i64 1, %18 %35 = xor i64 %34, -1 %36 = load i64, i64* %16, align 8 %37 = and i64 %36, %35 store i64 %37, i64* %16, align 8 %38 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 46 %39 = load i64, i64* %38, align 32 %40 = and i64 %39, 10092544 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %60 %43 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 100, i32 1, i32 0, i64 0 %44 = load i64, i64* %43, align 8 %45 = xor i64 %37, -1 %46 = and i64 %44, %45 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %60 %49 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %50 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %49, align 32 %51 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %50, i64 0, i32 6, i32 1, i32 0, i64 0 %52 = load i64, i64* %51, align 8 %53 = and i64 %52, %45 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %60 %56 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 50 %57 = load i8, i8* %56, align 16 %58 = and i8 %57, 32 %59 = icmp eq i8 %58, 0 br i1 %59, label %65, label %60 %61 = bitcast %struct.task_struct.51970* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %61, i32 4, i8* %61) #6, !srcloc !4 %62 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %1, i32 1) #78 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %65 tail call void bitcast (void (%struct.task_struct*)* @kick_process to void (%struct.task_struct.51970*)*)(%struct.task_struct.51970* %1) #78 br label %65 %66 = load void (i32)*, void (i32)** %13, align 8 %67 = icmp eq void (i32)* %66, null br i1 %67, label %68, label %80 %69 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 5 %70 = load i32, i32* %69, align 16 %71 = icmp eq i32 %70, 0 %72 = icmp eq i32 %2, 2 %73 = or i1 %72, %71 br i1 %73, label %74, label %80 %81 = tail call fastcc i32 @send_signal(i32 %5, %struct.kernel_siginfo* %0, %struct.task_struct.51970* %1, i32 0) #79 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 inode_newsize_ok 10 nfs_setattr ------------- Path:  Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %1, i64 0, i32 5 %5 = load %struct.inode.216899*, %struct.inode.216899** %4, align 8 %6 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 8 %7 = load %struct.super_block.216885*, %struct.super_block.216885** %6, align 8 %8 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217027** %10 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150840*, i64)* @inode_newsize_ok to i32 (%struct.inode.216899*, i64)*)(%struct.inode.216899* %5, i64 %32) #78 Function:inode_newsize_ok %3 = icmp slt i64 %1, 0 br i1 %3, label %30, label %4 %5 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %0, i64 0, i32 14 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, %1 br i1 %7, label %8, label %22 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.150950* %11 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %10, i64 0, i32 95 %12 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %11, align 32 %13 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %12, i64 0, i32 49, i64 1, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp ult i64 %14, %1 br i1 %15, label %28, label %16 %29 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %10, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 inode_newsize_ok 10 nfs_setattr 11 nfs_namespace_setattr ------------- Path:  Function:nfs_namespace_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 2 %8 = bitcast %struct.seqcount_spinlock* %7 to i16* %9 = load i16, i16* %8, align 2 %10 = icmp eq i16 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.216888*, %struct.iattr.216890*)* @nfs_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %1, i64 0, i32 5 %5 = load %struct.inode.216899*, %struct.inode.216899** %4, align 8 %6 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 8 %7 = load %struct.super_block.216885*, %struct.super_block.216885** %6, align 8 %8 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217027** %10 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150840*, i64)* @inode_newsize_ok to i32 (%struct.inode.216899*, i64)*)(%struct.inode.216899* %5, i64 %32) #78 Function:inode_newsize_ok %3 = icmp slt i64 %1, 0 br i1 %3, label %30, label %4 %5 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %0, i64 0, i32 14 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, %1 br i1 %7, label %8, label %22 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.150950* %11 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %10, i64 0, i32 95 %12 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %11, align 32 %13 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %12, i64 0, i32 49, i64 1, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp ult i64 %14, %1 br i1 %15, label %28, label %16 %29 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %10, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 simple_setattr 11 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.273737*, %struct.iattr.273739*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry.273737* %1, %struct.iattr.273739* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 simple_setattr 11 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 simple_setattr 11 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 simple_setattr 11 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 simple_setattr 11 notify_change 12 file_remove_privs 13 __generic_file_write_iter 14 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147847*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %6, i32 2) #78 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.150840*)*)(%struct.inode.150840* %6) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %64, i64 %66, %struct.inode.150840* %6) #78 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %77, i64 %79, %struct.inode.150840* %6) #78 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %171 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150835*, %struct.inode_operations.150835** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150835, %struct.inode_operations.150835* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*, i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.user_namespace* %0, %struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 setattr_prepare 10 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 prepare_signal 5 __send_signal 6 send_signal 7 send_sig_info 8 send_sig 9 generic_write_checks 10 nfs_file_direct_write 11 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.214823, %struct.kiocb.214823* %0, i64 0, i32 0 %4 = load %struct.file.215264*, %struct.file.215264** %3, align 8 %5 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %4, i64 0, i32 2 %6 = load %struct.inode.215256*, %struct.inode.215256** %5, align 8 %7 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %6, i64 0, i32 8 %8 = load %struct.super_block.215246*, %struct.super_block.215246** %7, align 8 %9 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.215399** %11 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.215264*, %struct.inode.215256*)*)(%struct.file.215264* %4, %struct.inode.215256* %6) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = getelementptr inbounds %struct.kiocb.214823, %struct.kiocb.214823* %0, i64 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 131072 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %24 = tail call i64 bitcast (i64 (%struct.kiocb.218633*, %struct.iov_iter*, i1)* @nfs_file_direct_write to i64 (%struct.kiocb.214823*, %struct.iov_iter*, i1)*)(%struct.kiocb.214823* %0, %struct.iov_iter* %1, i1 zeroext false) #78 Function:nfs_file_direct_write %4 = getelementptr inbounds %struct.kiocb.218633, %struct.kiocb.218633* %0, i64 0, i32 0 %5 = load %struct.file.219240*, %struct.file.219240** %4, align 8 %6 = getelementptr inbounds %struct.file.219240, %struct.file.219240* %5, i64 0, i32 18 %7 = load %struct.address_space.218627*, %struct.address_space.218627** %6, align 8 %8 = getelementptr inbounds %struct.address_space.218627, %struct.address_space.218627* %7, i64 0, i32 0 %9 = load %struct.inode.219234*, %struct.inode.219234** %8, align 8 br i1 %2, label %10, label %13 %14 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_write_checks to i64 (%struct.kiocb.218633*, %struct.iov_iter*)*)(%struct.kiocb.218633* %0, %struct.iov_iter* %1) #78 Function:generic_write_checks %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 4 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 256 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %69 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %69, label %17 %18 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 16 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %27 = and i32 %19, 131080 %28 = icmp eq i32 %27, 8 br i1 %28, label %69, label %29 %30 = load i64, i64* %14, align 8 %31 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = load %struct.address_space*, %struct.address_space** %5, align 8 %34 = getelementptr inbounds %struct.address_space, %struct.address_space* %33, i64 0, i32 0 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 8 %37 = load %struct.super_block*, %struct.super_block** %36, align 8 %38 = getelementptr inbounds %struct.super_block, %struct.super_block* %37, i64 0, i32 4 %39 = load i64, i64* %38, align 32 %40 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %41 = inttoptr i64 %40 to %struct.task_struct* %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %41, i64 0, i32 95 %43 = load %struct.signal_struct*, %struct.signal_struct** %42, align 32 %44 = getelementptr %struct.signal_struct, %struct.signal_struct* %43, i64 0, i32 49, i64 1, i32 0 %45 = load volatile i64, i64* %44, align 8 %46 = icmp eq i64 %45, -1 br i1 %46, label %55, label %47 %48 = icmp sgt i64 %45, %32 br i1 %48, label %51, label %49 %50 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct*, i32)*)(i32 25, %struct.task_struct* %41, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 Function:send_sig_info %4 = icmp ugt i32 %0, 64 br i1 %4, label %26, label %5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = icmp eq %struct.sighand_struct* %7, null br i1 %8, label %18, label %9, !prof !5, !misexpect !6 %10 = phi %struct.sighand_struct* [ %16, %15 ], [ %7, %5 ] %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #78 %13 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %14 = icmp eq %struct.sighand_struct* %10, %13 br i1 %14, label %18, label %15, !prof !7, !misexpect !8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %12) #78 %16 = load volatile %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %17 = icmp eq %struct.sighand_struct* %16, null br i1 %17, label %18, label %9, !prof !5, !misexpect !6 %19 = phi i64 [ 0, %5 ], [ %12, %9 ], [ %12, %15 ] %20 = phi %struct.sighand_struct* [ null, %5 ], [ null, %15 ], [ %10, %9 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %21 = icmp eq %struct.sighand_struct* %20, null br i1 %21, label %26, label %22 %23 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 0) #78 Function:send_signal %5 = ptrtoint %struct.kernel_siginfo* %1 to i64 switch i64 %5, label %12 [ i64 0, label %6 i64 1, label %69 ] %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %1, i64 0, i32 0, i32 2 %16 = load i32, i32* %15, align 8 %17 = add i32 %16, -1 %18 = icmp ult i32 %17, 127 br i1 %18, label %19, label %45 %20 = icmp ult i32 %14, 32 br i1 %20, label %21, label %43 %22 = zext i32 %14 to i64 %23 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 0 %24 = load i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = icmp sgt i32 %16, %25 br i1 %26, label %43, label %27 %28 = getelementptr [32 x %struct.nd_opt_hdr], [32 x %struct.nd_opt_hdr]* @sig_sicodes, i64 0, i64 %22, i32 1 %29 = load i8, i8* %28, align 1 %30 = icmp eq i32 %14, 7 %31 = and i32 %16, -2 %32 = icmp eq i32 %31, 4 %33 = and i1 %30, %32 br i1 %33, label %69, label %34 %35 = icmp eq i32 %14, 11 %36 = add nsw i32 %16, -3 %37 = icmp ult i32 %36, 2 %38 = and i1 %35, %37 br i1 %38, label %69, label %39 %40 = icmp eq i32 %14, 5 %41 = icmp eq i32 %16, 6 %42 = and i1 %40, %41 br i1 %42, label %69, label %46 %70 = phi i1 [ %11, %6 ], [ true, %4 ], [ %61, %59 ], [ true, %67 ], [ false, %46 ], [ false, %27 ], [ false, %34 ], [ false, %45 ], [ false, %45 ], [ false, %43 ], [ false, %39 ] %71 = tail call fastcc i32 @__send_signal(i32 %0, %struct.kernel_siginfo* %1, %struct.task_struct.51970* %2, i32 %3, i1 zeroext %70) #79 Function:__send_signal %6 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %2, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 %13 = tail call fastcc zeroext i1 @prepare_signal(i32 %0, %struct.task_struct.51970* %2, i1 zeroext %4) #78 Function:prepare_signal %4 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %1, i64 0, i32 95 %5 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 12 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 12 %9 = icmp eq i32 %8, 0 br i1 %9, label %17, label %10 %18 = add i32 %0, -1 %19 = icmp ult i32 %18, 31 br i1 %19, label %20, label %320 %21 = zext i32 %18 to i64 %22 = shl nuw nsw i64 1, %21 %23 = and i64 %22, 3932160 %24 = icmp eq i64 %23, 0 br i1 %24, label %131, label %25 %132 = icmp eq i32 %0, 18 br i1 %132, label %133, label %320 %134 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6 %135 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %5, i64 0, i32 6, i32 1, i32 0, i64 0 %136 = load i64, i64* %135, align 8 %137 = and i64 %136, 3932160 %138 = icmp eq i64 %137, 0 br i1 %138, label %180, label %139 %140 = and i64 %136, -3932161 store i64 %140, i64* %135, align 8 %141 = getelementptr inbounds %struct.sigpending, %struct.sigpending* %134, i64 0, i32 0 %142 = bitcast %struct.sigpending* %134 to %struct.sigqueue** %143 = load %struct.sigqueue*, %struct.sigqueue** %142, align 8 %144 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %143, i64 0, i32 0 %145 = icmp eq %struct.list_head* %144, %141 br i1 %145, label %180, label %146 %147 = phi %struct.list_head* [ %178, %177 ], [ %144, %139 ] %148 = phi %struct.sigqueue* [ %150, %177 ], [ %143, %139 ] %149 = bitcast %struct.sigqueue* %148 to %struct.sigqueue** %150 = load %struct.sigqueue*, %struct.sigqueue** %149, align 8 %151 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 2, i32 0, i32 0 %152 = load i32, i32* %151, align 8 %153 = add i32 %152, -1 %154 = zext i32 %153 to i64 %155 = shl nuw i64 1, %154 %156 = and i64 %155, 3932160 %157 = icmp eq i64 %156, 0 br i1 %157, label %177, label %158 %159 = getelementptr %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %160 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 1 %161 = load %struct.list_head*, %struct.list_head** %160, align 8 %162 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 0, i32 0 %163 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0, i32 1 store %struct.list_head* %161, %struct.list_head** %163, align 8 %164 = getelementptr inbounds %struct.list_head, %struct.list_head* %161, i64 0, i32 0 store volatile %struct.list_head* %159, %struct.list_head** %164, align 8 store volatile %struct.list_head* %147, %struct.list_head** %162, align 8 store volatile %struct.list_head* %147, %struct.list_head** %160, align 8 %165 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 1 %166 = load i32, i32* %165, align 8 %167 = and i32 %166, 1 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %177 %170 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %148, i64 0, i32 3 %171 = load %struct.ucounts*, %struct.ucounts** %170, align 8 %172 = icmp eq %struct.ucounts* %171, null br i1 %172, label %174, label %173 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %171, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %170, align 8 br label %174 %175 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %176 = bitcast %struct.sigqueue* %148 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %175, i8* %176) #78 br label %177 %178 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %150, i64 0, i32 0 %179 = icmp eq %struct.list_head* %178, %141 br i1 %179, label %180, label %146 %181 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %4, align 32 %182 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3, i32 0 %183 = load volatile %struct.list_head*, %struct.list_head** %182, align 8 %184 = getelementptr %struct.list_head, %struct.list_head* %183, i64 -92, i32 1 %185 = getelementptr inbounds %struct.list_head*, %struct.list_head** %184, i64 183 %186 = bitcast %struct.list_head** %185 to %struct.list_head* %187 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %181, i64 0, i32 3 %188 = icmp eq %struct.list_head* %187, %186 br i1 %188, label %300, label %189 %190 = phi %struct.list_head** [ %295, %292 ], [ %185, %180 ] %191 = phi %struct.list_head** [ %294, %292 ], [ %184, %180 ] %192 = bitcast %struct.list_head** %191 to %struct.task_struct.51970* %193 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 233 %194 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 235 %195 = bitcast %struct.list_head** %194 to i64* %196 = load i64, i64* %195, align 8 %197 = and i64 %196, 3932160 %198 = icmp eq i64 %197, 0 br i1 %198, label %240, label %199 %200 = and i64 %196, -3932161 store i64 %200, i64* %195, align 8 %201 = bitcast %struct.list_head** %193 to %struct.list_head* %202 = bitcast %struct.list_head** %193 to %struct.sigqueue** %203 = load %struct.sigqueue*, %struct.sigqueue** %202, align 8 %204 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %203, i64 0, i32 0 %205 = icmp eq %struct.list_head* %204, %201 br i1 %205, label %240, label %206 %207 = phi %struct.list_head* [ %238, %237 ], [ %204, %199 ] %208 = phi %struct.sigqueue* [ %210, %237 ], [ %203, %199 ] %209 = bitcast %struct.sigqueue* %208 to %struct.sigqueue** %210 = load %struct.sigqueue*, %struct.sigqueue** %209, align 8 %211 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 2, i32 0, i32 0 %212 = load i32, i32* %211, align 8 %213 = add i32 %212, -1 %214 = zext i32 %213 to i64 %215 = shl nuw i64 1, %214 %216 = and i64 %215, 3932160 %217 = icmp eq i64 %216, 0 br i1 %217, label %237, label %218 %219 = getelementptr %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %220 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 1 %221 = load %struct.list_head*, %struct.list_head** %220, align 8 %222 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 0, i32 0 %223 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0, i32 1 store %struct.list_head* %221, %struct.list_head** %223, align 8 %224 = getelementptr inbounds %struct.list_head, %struct.list_head* %221, i64 0, i32 0 store volatile %struct.list_head* %219, %struct.list_head** %224, align 8 store volatile %struct.list_head* %207, %struct.list_head** %222, align 8 store volatile %struct.list_head* %207, %struct.list_head** %220, align 8 %225 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 1 %226 = load i32, i32* %225, align 8 %227 = and i32 %226, 1 %228 = icmp eq i32 %227, 0 br i1 %228, label %229, label %237 %230 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %208, i64 0, i32 3 %231 = load %struct.ucounts*, %struct.ucounts** %230, align 8 %232 = icmp eq %struct.ucounts* %231, null br i1 %232, label %234, label %233 tail call void @dec_rlimit_put_ucounts(%struct.ucounts* nonnull %231, i32 12) #78 store %struct.ucounts* null, %struct.ucounts** %230, align 8 br label %234 %235 = load %struct.kmem_cache*, %struct.kmem_cache** @sigqueue_cachep, align 8 %236 = bitcast %struct.sigqueue* %208 to i8* tail call void @kmem_cache_free(%struct.kmem_cache* %235, i8* %236) #78 br label %237 %238 = getelementptr inbounds %struct.sigqueue, %struct.sigqueue* %210, i64 0, i32 0 %239 = icmp eq %struct.list_head* %238, %201 br i1 %239, label %240, label %206 %241 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 148 %242 = bitcast %struct.list_head** %241 to i64* %243 = load i64, i64* %242, align 32 %244 = and i64 %243, -458753 store i64 %244, i64* %242, align 32 %245 = and i64 %243, 3670016 %246 = icmp eq i64 %245, 2097152 br i1 %246, label %247, label %250, !prof !4 %251 = getelementptr inbounds %struct.list_head*, %struct.list_head** %191, i64 6 %252 = bitcast %struct.list_head** %251 to i32* %253 = load i32, i32* %252, align 16 %254 = and i32 %253, 65536 %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %258, !prof !6, !misexpect !7 %257 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %192, i32 4) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 zap_other_threads 5 do_group_exit 6 __do_sys_exit_group 7 __se_sys_exit_group 8 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #78 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #78 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #78 Function:do_group_exit %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.49224* %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %5 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %4, align 32 %6 = trunc i32 %0 to i8 %7 = icmp sgt i8 %6, -1 br i1 %7, label %9, label %8, !prof !5, !misexpect !6 %10 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %5, i64 0, i32 12 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %18 %15 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %5, i64 0, i32 10 %16 = load %struct.task_struct.49224*, %struct.task_struct.49224** %15, align 8 %17 = icmp eq %struct.task_struct.49224* %16, null br i1 %17, label %21, label %18 %22 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %24 = load volatile %struct.list_head*, %struct.list_head** %23, align 8 %25 = icmp eq %struct.list_head* %24, %22 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #78 %30 = load i32, i32* %10, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.49224*, %struct.task_struct.49224** %15, align 8 %37 = icmp eq %struct.task_struct.49224* %36, null %38 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %5, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %10, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.51970*)* @zap_other_threads to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %3 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %2, align 32 %4 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 65, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = getelementptr %struct.list_head, %struct.list_head* %6, i64 -91, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.task_struct.51970* %9 = icmp eq %struct.task_struct.51970* %8, %0 br i1 %9, label %43, label %10 %11 = phi %struct.task_struct.51970* [ %41, %37 ], [ %8, %1 ] %12 = phi %struct.list_head** [ %40, %37 ], [ %7, %1 ] %13 = phi i32 [ %24, %37 ], [ 0, %1 ] %14 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 148 %15 = bitcast %struct.list_head** %14 to i64* %16 = load i64, i64* %15, align 32 %17 = and i64 %16, -2031617 store i64 %17, i64* %15, align 32 %18 = and i64 %16, 2097152 %19 = icmp eq i64 %18, 0 br i1 %19, label %23, label %20, !prof !4 %24 = add i32 %13, 1 %25 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %11, i64 0, i32 42 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %37 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 235 %30 = bitcast %struct.list_head** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = or i64 %31, 256 store i64 %32, i64* %30, align 8 %33 = bitcast %struct.list_head** %12 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %33, i32 4, i8* %33) #6, !srcloc !6 %34 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %11, i32 257) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_state 4 zap_other_threads 5 do_group_exit 6 __do_sys_exit_group 7 __se_sys_exit_group 8 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #78 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #78 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #78 Function:do_group_exit %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.49224* %4 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 95 %5 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %4, align 32 %6 = trunc i32 %0 to i8 %7 = icmp sgt i8 %6, -1 br i1 %7, label %9, label %8, !prof !5, !misexpect !6 %10 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %5, i64 0, i32 12 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %18 %15 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %5, i64 0, i32 10 %16 = load %struct.task_struct.49224*, %struct.task_struct.49224** %15, align 8 %17 = icmp eq %struct.task_struct.49224* %16, null br i1 %17, label %21, label %18 %22 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 65 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %24 = load volatile %struct.list_head*, %struct.list_head** %23, align 8 %25 = icmp eq %struct.list_head* %24, %22 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %3, i64 0, i32 96 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 8 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #78 %30 = load i32, i32* %10, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.49224*, %struct.task_struct.49224** %15, align 8 %37 = icmp eq %struct.task_struct.49224* %36, null %38 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %5, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %10, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.51970*)* @zap_other_threads to i32 (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %3) #78 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 95 %3 = load %struct.signal_struct.51870*, %struct.signal_struct.51870** %2, align 32 %4 = getelementptr inbounds %struct.signal_struct.51870, %struct.signal_struct.51870* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %0, i64 0, i32 65, i32 0 %6 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %7 = getelementptr %struct.list_head, %struct.list_head* %6, i64 -91, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.task_struct.51970* %9 = icmp eq %struct.task_struct.51970* %8, %0 br i1 %9, label %43, label %10 %11 = phi %struct.task_struct.51970* [ %41, %37 ], [ %8, %1 ] %12 = phi %struct.list_head** [ %40, %37 ], [ %7, %1 ] %13 = phi i32 [ %24, %37 ], [ 0, %1 ] %14 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 148 %15 = bitcast %struct.list_head** %14 to i64* %16 = load i64, i64* %15, align 32 %17 = and i64 %16, -2031617 store i64 %17, i64* %15, align 32 %18 = and i64 %16, 2097152 %19 = icmp eq i64 %18, 0 br i1 %19, label %23, label %20, !prof !4 %24 = add i32 %13, 1 %25 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %11, i64 0, i32 42 %26 = load i32, i32* %25, align 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %37 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 235 %30 = bitcast %struct.list_head** %29 to i64* %31 = load i64, i64* %30, align 8 %32 = or i64 %31, 256 store i64 %32, i64* %30, align 8 %33 = bitcast %struct.list_head** %12 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %33, i32 4, i8* %33) #6, !srcloc !6 %34 = tail call i32 bitcast (i32 (%struct.task_struct*, i32)* @wake_up_state to i32 (%struct.task_struct.51970*, i32)*)(%struct.task_struct.51970* %11, i32 257) #78 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %0, i32 %1, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 sk_filter_trim_cap 10 sock_queue_rcv_skb 11 ping_queue_rcv_skb ------------- Path:  Function:ping_queue_rcv_skb %3 = tail call i32 bitcast (i32 (%struct.sock.273622*, %struct.sk_buff.273360*)* @sock_queue_rcv_skb to i32 (%struct.sock*, %struct.sk_buff*)*)(%struct.sock* %0, %struct.sk_buff* %1) #78 Function:sock_queue_rcv_skb %3 = tail call i32 bitcast (i32 (%struct.sock.767877*, %struct.sk_buff.767837*, i32)* @sk_filter_trim_cap to i32 (%struct.sock.273622*, %struct.sk_buff.273360*, i32)*)(%struct.sock.273622* %0, %struct.sk_buff.273360* %1, i32 1) #78 Function:sk_filter_trim_cap %4 = alloca [20 x i8], align 16 %5 = getelementptr inbounds %struct.sk_buff.767837, %struct.sk_buff.767837* %1, i64 0, i32 12 %6 = load i8, i8* %5, align 2 %7 = and i8 %6, 64 %8 = icmp eq i8 %7, 0 br i1 %8, label %20, label %9 %10 = getelementptr inbounds %struct.sock.767877, %struct.sock.767877* %0, i64 0, i32 0, i32 13, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 16384 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %20 %21 = tail call i32 bitcast (i32 (%struct.sock*, %struct.sk_buff*)* @security_sock_rcv_skb to i32 (%struct.sock.767877*, %struct.sk_buff.767837*)*)(%struct.sock.767877* %0, %struct.sk_buff.767837* %1) #78 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %94 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %24 = getelementptr inbounds %struct.sock.767877, %struct.sock.767877* %0, i64 0, i32 12 %25 = load volatile %struct.sk_filter.767857*, %struct.sk_filter.767857** %24, align 8 %26 = icmp eq %struct.sk_filter.767857* %25, null br i1 %26, label %92, label %27 %28 = getelementptr inbounds %struct.sk_buff.767837, %struct.sk_buff.767837* %1, i64 0, i32 1, i32 0 %29 = bitcast %struct.sock.767877** %28 to i64* %30 = load i64, i64* %29, align 8 store %struct.sock.767877* %0, %struct.sock.767877** %28, align 8 %31 = getelementptr inbounds %struct.sk_filter.767857, %struct.sk_filter.767857* %25, i64 0, i32 2 %32 = load %struct.bpf_prog.767663*, %struct.bpf_prog.767663** %31, align 8 tail call void @migrate_disable() #78 %33 = bitcast %struct.sk_buff.767837* %1 to i8* %34 = getelementptr inbounds %struct.sk_buff.767837, %struct.sk_buff.767837* %1, i64 0, i32 3, i64 8 %35 = getelementptr inbounds [20 x i8], [20 x i8]* %4, i64 0, i64 0 %36 = getelementptr inbounds %struct.bpf_prog.767663, %struct.bpf_prog.767663* %32, i64 0, i32 1 %37 = load i16, i16* %36, align 2 %38 = and i16 %37, 8 %39 = icmp eq i16 %38, 0 br i1 %39, label %41, label %40, !prof !6, !misexpect !7 br label %41 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@sk_filter_trim_cap, %42)) #6 to label %56 [label %42], !srcloc !8 %57 = getelementptr inbounds %struct.bpf_prog.767663, %struct.bpf_prog.767663* %32, i64 0, i32 13, i64 0 %58 = getelementptr inbounds %struct.bpf_prog.767663, %struct.bpf_prog.767663* %32, i64 0, i32 9 %59 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %58, align 8 %60 = tail call i32 %59(i8* %33, %struct.bpf_insn* %57) #78 br label %61 %62 = phi i32 [ %47, %42 ], [ %60, %56 ] %63 = load i16, i16* %36, align 2 %64 = and i16 %63, 8 %65 = icmp eq i16 %64, 0 br i1 %65, label %67, label %66, !prof !6, !misexpect !7 tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 bpf_flow_dissect 10 __skb_flow_dissect 11 ___skb_get_hash 12 __skb_get_hash 13 get_rps_cpu 14 netif_receive_skb_list_internal 15 busy_poll_stop 16 napi_busy_loop 17 tcp_recvmsg 18 inet6_recvmsg 19 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 bpf_flow_dissect 10 __skb_flow_dissect 11 ___skb_get_hash 12 __skb_get_hash 13 get_rps_cpu 14 netif_receive_skb_list_internal 15 busy_poll_stop 16 napi_busy_loop 17 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 bpf_flow_dissect 10 __skb_flow_dissect 11 fib_multipath_hash 12 fib_select_path 13 ip_route_output_key_hash_rcu 14 ip_route_output_flow 15 ipip6_tunnel_bind_dev 16 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 bpf_flow_dissect 10 __skb_flow_dissect 11 fib_multipath_hash 12 fib_select_path 13 ip_route_output_key_hash_rcu 14 ip_route_output_flow 15 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 bpf_flow_dissect 10 __skb_flow_dissect 11 fib_multipath_hash 12 fib_select_path 13 ip_route_output_key_hash_rcu 14 ip_route_output_flow 15 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 bpf_flow_dissect 10 __skb_flow_dissect 11 fib_multipath_hash 12 fib_select_path 13 __ip_rt_update_pmtu 14 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 bpf_flow_dissect 10 __skb_flow_dissect 11 fib_multipath_hash 12 fib_select_path 13 __ip_do_redirect 14 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 bpf_flow_dissect 10 __skb_flow_dissect 11 rt6_multipath_hash 12 fib6_select_path 13 ip6_pol_route 14 ip6_pol_route_input 15 fib6_rule_lookup 16 ip6_route_output_flags_noref 17 ip6_route_output_flags 18 icmp6_send 19 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __smp_call_single_queue 1 ttwu_queue_wakelist 2 try_to_wake_up 3 wake_up_q 4 cpu_stop_queue_work 5 stop_one_cpu_nowait 6 __set_cpus_allowed_ptr_locked 7 __set_cpus_allowed_ptr 8 migrate_enable 9 bpf_flow_dissect 10 __skb_flow_dissect 11 packet_parse_headers 12 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %105 = phi %struct.bpf_prog_array.761583* [ %102, %100 ], [ %98, %97 ] %106 = bitcast %struct.bpf_flow_keys* %23 to i8* %107 = bitcast %struct.bpf_flow_dissector* %24 to i8* %108 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 0 store %struct.bpf_flow_keys* %23, %struct.bpf_flow_keys** %108, align 8 %109 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 1 store %struct.sk_buff.761490* null, %struct.sk_buff.761490** %109, align 8 %110 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 2 store i8* %66, i8** %110, align 8 %111 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %24, i64 0, i32 3 %112 = sext i32 %63 to i64 %113 = getelementptr i8, i8* %66, i64 %112 store i8* %113, i8** %111, align 8 br i1 %75, label %117, label %114 %118 = phi i16 [ %116, %114 ], [ %64, %104 ] %119 = getelementptr inbounds %struct.bpf_prog_array.761583, %struct.bpf_prog_array.761583* %105, i64 0, i32 1, i64 0, i32 0 %120 = load volatile %struct.bpf_prog.761332*, %struct.bpf_prog.761332** %119, align 8 %121 = call zeroext i1 @bpf_flow_dissect(%struct.bpf_prog.761332* %120, %struct.bpf_flow_dissector* nonnull %24, i16 zeroext %118, i32 %65, i32 %63, i32 %8) #78 Function:bpf_flow_dissect %7 = getelementptr inbounds %struct.bpf_flow_dissector, %struct.bpf_flow_dissector* %1, i64 0, i32 0 %8 = load %struct.bpf_flow_keys*, %struct.bpf_flow_keys** %7, align 8 %9 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 2 %10 = bitcast i16* %9 to i8* %11 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 7 store i16 %2, i16* %11, align 2 %12 = trunc i32 %3 to i16 %13 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 0 store i16 %12, i16* %13, align 4 %14 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 1 store i16 %12, i16* %14, align 2 %15 = getelementptr inbounds %struct.bpf_flow_keys, %struct.bpf_flow_keys* %8, i64 0, i32 11 store i32 %5, i32* %15, align 4 %16 = bitcast %struct.bpf_flow_dissector* %1 to i8* tail call void @migrate_disable() #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_flow_dissect, %17)) #6 to label %31 [label %17], !srcloc !4 %18 = tail call i64 @sched_clock() #78 %19 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 13, i64 0 %20 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 9 %21 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %20, align 8 %22 = tail call i32 %21(i8* %16, %struct.bpf_insn* %19) #78 %23 = getelementptr inbounds %struct.bpf_prog.761332, %struct.bpf_prog.761332* %0, i64 0, i32 7 %24 = load %struct.bpf_prog_stats*, %struct.bpf_prog_stats** %23, align 8 %25 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.bpf_prog_stats* %24) #6, !srcloc !5 %26 = inttoptr i64 %25 to %struct.bpf_prog_stats* %27 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %27, i64* %27) #6, !srcloc !6 %28 = tail call i64 @sched_clock() #78 %29 = sub i64 %28, %18 %30 = getelementptr inbounds %struct.bpf_prog_stats, %struct.bpf_prog_stats* %26, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %29, i64* %30) #6, !srcloc !7 br label %36 %37 = phi i32 [ %22, %17 ], [ %35, %31 ] tail call void @migrate_enable() #78 Function:migrate_enable %1 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %2 = inttoptr i64 %1 to %struct.task_struct* %3 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 32 %4 = load i16, i16* %3, align 8 %5 = icmp ugt i16 %4, 1 br i1 %5, label %6, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %2, i64 0, i32 30 %12 = icmp eq %struct.cpumask* %10, %11 br i1 %12, label %15, label %13 %14 = tail call fastcc i32 @__set_cpus_allowed_ptr(%struct.task_struct* %2, %struct.cpumask* %11, i32 4) #78 Function:__set_cpus_allowed_ptr %4 = alloca %struct.rq_flags, align 8 %5 = bitcast %struct.rq_flags* %4 to i8* %6 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %10 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #78 store i64 %11, i64* %6, align 8 %12 = load volatile i32, i32* %9, align 8 %13 = zext i32 %12 to i64 %14 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %13 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %18) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile i32, i32* %9, align 8 %20 = zext i32 %19 to i64 %21 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %20 %22 = load i64, i64* %21, align 8 %23 = add i64 %22, ptrtoint (%struct.rq* @runqueues to i64) %24 = inttoptr i64 %23 to %struct.rq* %25 = icmp eq %struct.rq* %17, %24 br i1 %25, label %26, label %29, !prof !6 %27 = load volatile i32, i32* %7, align 8 %28 = icmp eq i32 %27, 2 br i1 %28, label %29, label %38, !prof !7, !misexpect !8 %39 = inttoptr i64 %16 to %struct.rq* %40 = call fastcc i32 @__set_cpus_allowed_ptr_locked(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2, %struct.rq* %39, %struct.rq_flags* nonnull %4) #79 Function:__set_cpus_allowed_ptr_locked %6 = alloca %struct.set_affinity_pending, align 8 %7 = alloca %struct.wait_bit_queue_entry, align 8 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2097152 %11 = icmp eq i32 %10, 0 %12 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 22 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %50 br i1 %11, label %51, label %62 %52 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %53 = load i16, i16* %52, align 8 %54 = icmp eq i16 %53, 0 %55 = select i1 %54, %struct.cpumask* @__cpu_active_mask, %struct.cpumask* @__cpu_online_mask %56 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %57 = load i64, i64* %56, align 8 %58 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %59 = xor i64 %58, -1 %60 = and i64 %57, %59 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %351 %63 = phi %struct.cpumask* [ %55, %51 ], [ @__cpu_online_mask, %50 ] %64 = and i32 %2, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 %67 = load i32, i32* %8, align 4 %68 = and i32 %67, 67108864 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %351 %71 = and i32 %2, 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %95 %74 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %75 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %1, i64 0, i32 0, i64 0 %76 = load i64, i64* %74, align 8 %77 = load i64, i64* %75, align 8 %78 = icmp eq i64 %76, %77 br i1 %78, label %351, label %79 %80 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %81 = inttoptr i64 %80 to %struct.task_struct* %82 = icmp eq %struct.task_struct* %81, %0 br i1 %82, label %83, label %95 %84 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %85 = load i16, i16* %84, align 8 %86 = icmp eq i16 %85, 0 br i1 %86, label %95, label %87 %88 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %89 = load volatile i32, i32* %88, align 8 %90 = zext i32 %89 to i64 %91 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %75, i64 %90) #6, !srcloc !7 %92 = and i8 %91, 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %95, !prof !8, !misexpect !5 %96 = tail call i32 @cpumask_any_and_distribute(%struct.cpumask* %63, %struct.cpumask* %1) #78 %97 = load i32, i32* @nr_cpu_ids, align 4 %98 = icmp ult i32 %96, %97 br i1 %98, label %99, label %351 %100 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %101 = load volatile i32, i32* %100, align 8 %102 = zext i32 %101 to i64 %103 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %102 %104 = load i64, i64* %103, align 8 %105 = add i64 %104, ptrtoint (%struct.rq* @runqueues to i64) %106 = inttoptr i64 %105 to %struct.rq* %107 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 1 %110 = getelementptr inbounds %struct.rq, %struct.rq* %106, i64 0, i32 17 %111 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %112 = icmp eq %struct.task_struct* %111, %0 br i1 %109, label %113, label %118 %114 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %115 = load %struct.sched_class*, %struct.sched_class** %114, align 64 %116 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %115, i64 0, i32 1 %117 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %116, align 8 tail call void %117(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %118 br i1 %112, label %119, label %128 %120 = load %struct.task_struct*, %struct.task_struct** %110, align 32 %121 = icmp eq %struct.task_struct* %120, %0 br i1 %121, label %123, label %122, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([21 x i8], [21 x i8]* @.str.101.6955, i64 0, i64 0), i32 2188, i32 2307, i64 12) #6, !srcloc !10 br label %123 %124 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %125 = load %struct.sched_class*, %struct.sched_class** %124, align 64 %126 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %125, i64 0, i32 6 %127 = load void (%struct.rq*, %struct.task_struct*)*, void (%struct.rq*, %struct.task_struct*)** %126, align 8 tail call void %127(%struct.rq* %106, %struct.task_struct* %0) #78 br label %128 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 19 %130 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %131 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %130, i64 0, i32 13 %132 = load void (%struct.task_struct*, %struct.cpumask*, i32)*, void (%struct.task_struct*, %struct.cpumask*, i32)** %131, align 8 tail call void %132(%struct.task_struct* %0, %struct.cpumask* %1, i32 %2) #78 br i1 %109, label %133, label %137 %134 = load %struct.sched_class*, %struct.sched_class** %129, align 64 %135 = getelementptr inbounds %struct.sched_class, %struct.sched_class* %134, i64 0, i32 0 %136 = load void (%struct.rq*, %struct.task_struct*, i32)*, void (%struct.rq*, %struct.task_struct*, i32)** %135, align 8 tail call void %136(%struct.rq* %106, %struct.task_struct* %0, i32 10) #78 br label %137 br i1 %112, label %138, label %142 %143 = and i32 %2, 8 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %150 = phi i8* [ %148, %145 ], [ null, %142 ] %151 = bitcast %struct.set_affinity_pending* %6 to i8* %152 = load volatile i32, i32* %100, align 8 %153 = zext i32 %152 to i64 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 30, i32 0, i64 0 %155 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %154, i64 %153) #6, !srcloc !7 %156 = and i8 %155, 1 %157 = icmp eq i8 %156, 0 br i1 %157, label %206, label %158 br i1 %72, label %179, label %159 %160 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 33 %161 = load i16, i16* %160, align 2 %162 = and i16 %161, 1 %163 = icmp eq i16 %162, 0 br i1 %163, label %179, label %164 %165 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 67 %166 = load i32, i32* %165, align 4 %167 = icmp eq i32 %166, 0 br i1 %167, label %168, label %179 store i32 1, i32* %165, align 4 %169 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 3 %170 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %169, i64 0, i32 0, i32 0 %171 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %170, i32 1, i32* %170) #6, !srcloc !11 %172 = icmp eq i32 %171, 0 br i1 %172, label %173, label %174, !prof !8, !misexpect !5 %175 = add i32 %171, 1 %176 = or i32 %175, %171 %177 = icmp sgt i32 %176, -1 br i1 %177, label %179, label %178, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %169, i32 1) #78 br label %179 %180 = phi %struct.task_struct* [ null, %164 ], [ null, %159 ], [ null, %158 ], [ %0, %173 ], [ %0, %174 ], [ %0, %178 ] %181 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 31 %182 = bitcast i8** %181 to %struct.set_affinity_pending** %183 = load %struct.set_affinity_pending*, %struct.set_affinity_pending** %182, align 64 %184 = icmp eq %struct.set_affinity_pending* %183, null br i1 %184, label %190, label %185 %186 = getelementptr inbounds %struct.set_affinity_pending, %struct.set_affinity_pending* %183, i64 0, i32 1 %187 = load i32, i32* %186, align 4 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %190 store i8* null, i8** %181, align 64 br label %190 %191 = phi i1 [ false, %185 ], [ true, %189 ], [ false, %179 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %192 = bitcast %struct.rq* %3 to i8* store volatile i8 0, i8* %192, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %193 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %194 = getelementptr inbounds %struct.rq_flags, %struct.rq_flags* %4, i64 0, i32 0 %195 = load i64, i64* %194, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %193, i64 %195) #78 %196 = icmp eq %struct.task_struct* %180, null br i1 %196, label %203, label %197 %198 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 41 %199 = load i32, i32* %198, align 16 %200 = bitcast %struct.task_struct* %0 to i8* %201 = getelementptr inbounds %struct.rq, %struct.rq* %3, i64 0, i32 68 %202 = tail call zeroext i1 @stop_one_cpu_nowait(i32 %199, i32 (i8*)* nonnull @push_cpu_stop, i8* %200, %struct.cpu_stop_work* %201) #78 Function:stop_one_cpu_nowait %6 = ptrtoint i8* %5 to i64 %7 = bitcast %struct.cpu_stop_work* %3 to i8* %8 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 1 store i32 (i8*)* %1, i32 (i8*)** %8, align 8 %9 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 2 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 3 store i8* %2, i8** %10, align 8 %11 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %3, i64 0, i32 4 store %struct.cpu_stop_done* null, %struct.cpu_stop_done** %11, align 8 %12 = tail call fastcc zeroext i1 @cpu_stop_queue_work(i32 %0, %struct.cpu_stop_work* %3) #78 Function:cpu_stop_queue_work %3 = alloca %struct.wake_q_head, align 8 %4 = zext i32 %0 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = add i64 %6, ptrtoint (%struct.cpu_stopper* @cpu_stopper to i64) %8 = inttoptr i64 %7 to %struct.cpu_stopper* %9 = bitcast %struct.wake_q_head* %3 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %3, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 1 %13 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = getelementptr inbounds %struct.cpu_stopper, %struct.cpu_stopper* %8, i64 0, i32 2 %15 = load i8, i8* %14, align 4, !range !5 %16 = icmp ne i8 %15, 0 br i1 %16, label %17, label %27 %28 = getelementptr inbounds %struct.cpu_stop_work, %struct.cpu_stop_work* %1, i64 0, i32 4 %29 = load %struct.cpu_stop_done*, %struct.cpu_stop_done** %28, align 8 %30 = icmp eq %struct.cpu_stop_done* %29, null br i1 %30, label %38, label %31 %32 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 0, i32 0 %33 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32* %32) #6, !srcloc !6 %34 = and i8 %33, 1 %35 = icmp eq i8 %34, 0 br i1 %35, label %38, label %36 %37 = getelementptr inbounds %struct.cpu_stop_done, %struct.cpu_stop_done* %29, i64 0, i32 2 call void @complete(%struct.completion* %37) #78 br label %38 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %12, i64 %13) #78 call void @wake_up_q(%struct.wake_q_head* nonnull %3) #78 Function:wake_up_q %2 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %0, i64 0, i32 0 %3 = load %struct.wake_q_node*, %struct.wake_q_node** %2, align 8 %4 = icmp eq %struct.wake_q_node* %3, inttoptr (i64 1 to %struct.wake_q_node*) br i1 %4, label %25, label %5 %6 = phi %struct.wake_q_node* [ %10, %23 ], [ %3, %1 ] %7 = getelementptr %struct.wake_q_node, %struct.wake_q_node* %6, i64 -251 %8 = bitcast %struct.wake_q_node* %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.wake_q_node, %struct.wake_q_node* %6, i64 0, i32 0 %10 = load %struct.wake_q_node*, %struct.wake_q_node** %9, align 8 store %struct.wake_q_node* null, %struct.wake_q_node** %9, align 8 %11 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct* %8, i32 3, i32 0) #78 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = icmp eq %struct.task_struct* %5, %0 br i1 %6, label %7, label %42 %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 113 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 1 %46 = load volatile i32, i32* %45, align 8 %47 = and i32 %46, %1 %48 = icmp eq i32 %47, 0 br i1 %48, label %268, label %49 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@try_to_wake_up, %50)) #6 to label %64 [label %50], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 14 %66 = load volatile i32, i32* %65, align 8 %67 = icmp eq i32 %66, 0 br i1 %67, label %139, label %68 %69 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 br label %70 %71 = load volatile i32, i32* %69, align 8 %72 = zext i32 %71 to i64 %73 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %72 %74 = load i64, i64* %73, align 8 %75 = add i64 %74, ptrtoint (%struct.rq* @runqueues to i64) %76 = inttoptr i64 %75 to %struct.rq* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %77 = getelementptr inbounds %struct.rq, %struct.rq* %76, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %77) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %78 = load volatile i32, i32* %69, align 8 %79 = zext i32 %78 to i64 %80 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %79 %81 = load i64, i64* %80, align 8 %82 = add i64 %81, ptrtoint (%struct.rq* @runqueues to i64) %83 = inttoptr i64 %82 to %struct.rq* %84 = icmp eq %struct.rq* %76, %83 br i1 %84, label %85, label %87, !prof !17 %86 = load volatile i32, i32* %65, align 8 switch i32 %86, label %137 [ i32 2, label %87 i32 1, label %95 ], !prof !18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %138 = inttoptr i64 %75 to i8* store volatile i8 0, i8* %138, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 br label %139 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 store volatile i32 512, i32* %45, align 8 %140 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 6 %141 = load volatile i32, i32* %140, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %142 = icmp eq i32 %141, 0 br i1 %142, label %147, label %143 %148 = load volatile i32, i32* %140, align 4 %149 = icmp eq i32 %148, 0 br i1 %149, label %153, label %150 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %151 = load volatile i32, i32* %140, align 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %153, label %150 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 %154 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 13 %155 = load i32, i32* %154, align 4 %156 = or i32 %2, 8 %157 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 27 %158 = load i32, i32* %157, align 32 %159 = icmp sgt i32 %158, 1 br i1 %159, label %160, label %170 %161 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 32 %162 = load i16, i16* %161, align 8 %163 = icmp eq i16 %162, 0 br i1 %163, label %164, label %170 %171 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %172 = load %struct.cpumask*, %struct.cpumask** %171, align 8 %173 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %172, i64 0, i32 0, i64 0 %174 = load i64, i64* %173, align 8 %175 = icmp eq i64 %174, 0 br i1 %175, label %179, label %176 %177 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %174) #4, !srcloc !27 %178 = trunc i64 %177 to i32 br label %179 %180 = phi i32 [ %169, %164 ], [ %178, %176 ], [ 64, %170 ] %181 = tail call fastcc zeroext i1 @is_cpu_allowed(%struct.task_struct* %0, i32 %180) #78 br i1 %181, label %186, label %182, !prof !17, !misexpect !22 %187 = phi i32 [ %185, %182 ], [ %180, %179 ] %188 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 8 %189 = load volatile i32, i32* %188, align 8 %190 = icmp eq i32 %189, %187 br i1 %190, label %218, label %191 %219 = phi i32 [ %217, %216 ], [ %2, %186 ] %220 = sext i32 %187 to i64 %221 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %220 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, ptrtoint (%struct.rq* @runqueues to i64) %224 = inttoptr i64 %223 to %struct.rq* %225 = tail call fastcc zeroext i1 @ttwu_queue_wakelist(%struct.task_struct* %0, i32 %187, i32 %219) #78 Function:ttwu_queue_wakelist %4 = zext i32 %1 to i64 %5 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %52, label %8 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 28 %10 = load %struct.cpumask*, %struct.cpumask** %9, align 8 %11 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %10, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %4) #6, !srcloc !4 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %52, label %15 %16 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %17 = icmp eq i32 %16, %1 br i1 %17, label %52, label %18 %19 = sext i32 %16 to i64 %20 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %19 %21 = load i64, i64* %20, align 8 %22 = add i64 %21, ptrtoint (i32* @sd_llc_id to i64) %23 = inttoptr i64 %22 to i32* %24 = load i32, i32* %23, align 4 %25 = sext i32 %1 to i64 %26 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %25 %27 = load i64, i64* %26, align 8 %28 = add i64 %27, ptrtoint (i32* @sd_llc_id to i64) %29 = inttoptr i64 %28 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %24, %30 br i1 %31, label %32, label %38 %39 = tail call i64 @sched_clock_cpu(i32 %1) #78 %40 = load i64, i64* %26, align 8 %41 = add i64 %40, ptrtoint (%struct.rq* @runqueues to i64) %42 = inttoptr i64 %41 to %struct.rq* %43 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 50 %44 = lshr i32 %2, 5 %45 = trunc i32 %44 to i8 %46 = and i8 %45, 1 %47 = load i8, i8* %43, align 16 %48 = and i8 %47, -2 %49 = or i8 %48, %46 store i8 %49, i8* %43, align 16 %50 = getelementptr inbounds %struct.rq, %struct.rq* %42, i64 0, i32 8 store volatile i32 1, i32* %50, align 8 %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 7, i32 0 tail call void @__smp_call_single_queue(i32 %1, %struct.llist_node* %51) #78 Function:__smp_call_single_queue %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (%struct.llist_node* @call_single_queue to i64) %7 = inttoptr i64 %6 to %struct.llist_node* %8 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %1, %struct.llist_node* %1, %struct.llist_node* %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __se_sys_dup 3 __ia32_sys_dup ------------- Path:  Function:__ia32_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_dup(i64 %4) #78 Function:__se_sys_dup %2 = trunc i64 %0 to i32 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 92 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 %7 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %6, i32 %2, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __se_sys_dup 3 __x64_sys_dup ------------- Path:  Function:__x64_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_dup(i64 %3) #78 Function:__se_sys_dup %2 = trunc i64 %0 to i32 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 92 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 %7 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %6, i32 %2, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __x64_sys_lseek ------------- Path:  Function:__x64_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = tail call i64 @__fdget_pos(i32 %8) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_sys_lseek ------------- Path:  Function:__ia32_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @__fdget_pos(i32 %9) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_compat_sys_lseek ------------- Path:  Function:__ia32_compat_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = shl i64 %5, 32 %11 = ashr exact i64 %10, 32 %12 = tail call i64 @__fdget_pos(i32 %8) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_llseek 4 __ia32_sys_llseek ------------- Path:  Function:__ia32_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_llseek(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_llseek 4 __x64_sys_llseek ------------- Path:  Function:__x64_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_llseek(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_read 4 __ia32_sys_read ------------- Path:  Function:__ia32_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_read(i32 %10, i8* %11, i64 %9) #78 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_read 4 __x64_sys_read ------------- Path:  Function:__x64_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_read(i32 %9, i8* %6, i64 %8) #78 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_write 4 __ia32_sys_write ------------- Path:  Function:__ia32_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_write(i32 %10, i8* %11, i64 %9) #78 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 ksys_write 4 __x64_sys_write ------------- Path:  Function:__x64_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_write(i32 %9, i8* %6, i64 %8) #78 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __ia32_compat_sys_preadv2 ------------- Path:  Function:__ia32_compat_sys_preadv2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %7 to %struct.iovec* %19 = trunc i64 %17 to i32 %20 = shl i64 %15, 32 %21 = or i64 %20, %13 %22 = icmp eq i64 %21, -1 br i1 %22, label %23, label %25 %24 = tail call fastcc i64 @do_readv(i64 %4, %struct.iovec* %18, i64 %10, i32 %19) #78 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __x64_sys_preadv2 ------------- Path:  Function:__x64_sys_preadv2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #78 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __ia32_sys_readv ------------- Path:  Function:__ia32_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_readv(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #78 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_readv 4 __x64_sys_readv ------------- Path:  Function:__x64_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #78 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __ia32_compat_sys_pwritev2 ------------- Path:  Function:__ia32_compat_sys_pwritev2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %7 to %struct.iovec* %19 = trunc i64 %17 to i32 %20 = shl i64 %15, 32 %21 = or i64 %20, %13 %22 = icmp eq i64 %21, -1 br i1 %22, label %23, label %25 %24 = tail call fastcc i64 @do_writev(i64 %4, %struct.iovec* %18, i64 %10, i32 %19) #78 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __x64_sys_pwritev2 ------------- Path:  Function:__x64_sys_pwritev2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #78 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __ia32_sys_writev ------------- Path:  Function:__ia32_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_writev(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #78 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 do_writev 4 __x64_sys_writev ------------- Path:  Function:__x64_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #78 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __x64_sys_old_readdir ------------- Path:  Function:__x64_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = tail call i64 @__fdget_pos(i32 %7) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_sys_old_readdir ------------- Path:  Function:__ia32_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents 4 __ia32_sys_getdents ------------- Path:  Function:__ia32_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_getdents(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.old_linux_dirent* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %6, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents 4 __x64_sys_getdents ------------- Path:  Function:__x64_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_getdents(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.old_linux_dirent* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %6, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents64 4 __ia32_sys_getdents64 ------------- Path:  Function:__ia32_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_getdents64(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.linux_dirent64* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback64* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %6, %struct.linux_dirent64** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __se_sys_getdents64 4 __x64_sys_getdents64 ------------- Path:  Function:__x64_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_getdents64(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = trunc i64 %0 to i32 %6 = inttoptr i64 %1 to %struct.linux_dirent64* %7 = trunc i64 %2 to i32 %8 = bitcast %struct.getdents_callback64* %4 to i8* %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %6, %struct.linux_dirent64** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %7, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = tail call i64 @__fdget_pos(i32 %5) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_compat_sys_old_readdir ------------- Path:  Function:__ia32_compat_sys_old_readdir %2 = alloca %struct.compat_readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_pos 3 __ia32_compat_sys_getdents ------------- Path:  Function:__ia32_compat_sys_getdents %2 = alloca %struct.compat_getdents_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %12 = trunc i64 %9 to i32 %13 = bitcast %struct.compat_getdents_callback* %2 to i8* %14 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @compat_filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %14, align 8 %15 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 1 store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 1 store %struct.compat_old_linux_dirent* %11, %struct.compat_old_linux_dirent** %16, align 8 %17 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 2 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 3 store i32 %12, i32* %18, align 4 %19 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 4 store i32 0, i32* %19, align 8 %20 = tail call i64 @__fdget_pos(i32 %10) #78 Function:__fdget_pos %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %34 %35 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %36 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %35, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_quotactl_fd 4 __ia32_sys_quotactl_fd ------------- Path:  Function:__ia32_sys_quotactl_fd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_quotactl_fd(i64 %4, i64 %7, i64 %10, i64 %13) #78 Function:__se_sys_quotactl_fd %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = inttoptr i64 %3 to i8* %9 = lshr i32 %6, 8 %10 = and i32 %6, 255 %11 = tail call i64 @__fdget_raw(i32 %5) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_quotactl_fd 4 __x64_sys_quotactl_fd ------------- Path:  Function:__x64_sys_quotactl_fd %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_quotactl_fd(i64 %3, i64 %5, i64 %7, i64 %9) #78 Function:__se_sys_quotactl_fd %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = inttoptr i64 %3 to i8* %9 = lshr i32 %6, 8 %10 = and i32 %6, 255 %11 = tail call i64 @__fdget_raw(i32 %5) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 kcompat_sys_fstatfs64 4 __ia32_compat_sys_fstatfs64 ------------- Path:  Function:__ia32_compat_sys_fstatfs64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to %struct.compat_statfs64* %12 = tail call i32 @kcompat_sys_fstatfs64(i32 %9, i32 %10, %struct.compat_statfs64* %11) #78 Function:kcompat_sys_fstatfs64 %4 = alloca %struct.compat_statfs64, align 4 %5 = alloca %struct.kstatfs, align 8 %6 = bitcast %struct.kstatfs* %5 to i8* %7 = icmp eq i32 %1, 84 br i1 %7, label %8, label %75 %9 = tail call i64 @__fdget_raw(i32 %0) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __ia32_compat_sys_fstatfs ------------- Path:  Function:__ia32_compat_sys_fstatfs %2 = alloca %struct.compat_statfs, align 4 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __ia32_sys_fstatfs64 ------------- Path:  Function:__ia32_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = bitcast %struct.kstatfs* %3 to i8* %13 = icmp eq i64 %8, 120 br i1 %13, label %14, label %37 %15 = trunc i64 %5 to i32 %16 = tail call i64 @__fdget_raw(i32 %15) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __x64_sys_fstatfs64 ------------- Path:  Function:__x64_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast %struct.kstatfs* %3 to i8* %12 = icmp eq i64 %7, 120 br i1 %12, label %13, label %35 %14 = trunc i64 %5 to i32 %15 = tail call i64 @__fdget_raw(i32 %14) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __ia32_sys_fstatfs ------------- Path:  Function:__ia32_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __x64_sys_fstatfs ------------- Path:  Function:__x64_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fchdir 4 __ia32_sys_fchdir ------------- Path:  Function:__ia32_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_fchdir(i64 %4) #78 Function:__se_sys_fchdir %2 = trunc i64 %0 to i32 %3 = tail call i64 @__fdget_raw(i32 %2) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fchdir 4 __x64_sys_fchdir ------------- Path:  Function:__x64_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_fchdir(i64 %3) #78 Function:__se_sys_fchdir %2 = trunc i64 %0 to i32 %3 = tail call i64 @__fdget_raw(i32 %2) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __ia32_compat_sys_newfstat ------------- Path:  Function:__ia32_compat_sys_newfstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_fstat(i32 %7, %struct.kstat* nonnull %2) #78 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __se_sys_newfstat 5 __ia32_sys_newfstat ------------- Path:  Function:__ia32_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_newfstat(i64 %4, i64 %7) #78 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = call i32 @vfs_fstat(i32 %5, %struct.kstat* nonnull %4) #78 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __se_sys_newfstat 5 __x64_sys_newfstat ------------- Path:  Function:__x64_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_newfstat(i64 %3, i64 %5) #78 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = call i32 @vfs_fstat(i32 %5, %struct.kstat* nonnull %4) #78 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __ia32_sys_fstat ------------- Path:  Function:__ia32_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_fstat(i32 %7, %struct.kstat* nonnull %2) #78 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __x64_sys_fstat ------------- Path:  Function:__x64_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.__old_kernel_stat** %7 = load %struct.__old_kernel_stat*, %struct.__old_kernel_stat** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.kstat* %2 to i8* %10 = call i32 @vfs_fstat(i32 %8, %struct.kstat* nonnull %2) #78 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 vfs_fstat 4 __ia32_compat_sys_ia32_fstat64 ------------- Path:  Function:__ia32_compat_sys_ia32_fstat64 %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_fstat(i32 %7, %struct.kstat* nonnull %2) #78 Function:vfs_fstat %3 = tail call i64 @__fdget_raw(i32 %0) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fcntl 4 __ia32_sys_fcntl ------------- Path:  Function:__ia32_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_fcntl(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 __se_sys_fcntl 4 __x64_sys_fcntl ------------- Path:  Function:__x64_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_fcntl(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 do_compat_fcntl64 4 __ia32_compat_sys_fcntl ------------- Path:  Function:__ia32_compat_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 switch i32 %4, label %5 [ i32 12, label %13 i32 13, label %13 i32 14, label %13 i32 36, label %13 i32 37, label %13 i32 38, label %13 ] %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %7 to i32 %11 = trunc i64 %9 to i32 %12 = tail call fastcc i64 @do_compat_fcntl64(i32 %11, i32 %4, i32 %10) #78 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 __fdget_raw 3 do_compat_fcntl64 4 __ia32_compat_sys_fcntl64 ------------- Path:  Function:__ia32_compat_sys_fcntl64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i64 @do_compat_fcntl64(i32 %8, i32 %9, i32 %10) #78 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #78 Function:__fdget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %27 %28 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %29 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %28, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 loop_configure 4 lo_ioctl 5 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %8 = load %struct.gendisk*, %struct.gendisk** %7, align 8 %9 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device* %0, i32 %1, i32 %2, i64 %35) #79 Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %14 = load %struct.gendisk*, %struct.gendisk** %13, align 8 %15 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %367 [ i32 19456, label %18 i32 19466, label %24 i32 19462, label %33 i32 19457, label %207 i32 19458, label %226 i32 19459, label %280 i32 19460, label %335 i32 19461, label %349 i32 19463, label %362 i32 19464, label %362 i32 19465, label %362 ] %25 = inttoptr i64 %3 to i8* %26 = bitcast %struct.loop_config* %12 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %26, i8* %25, i64 304) #79 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %30 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device* %0, %struct.loop_config* nonnull %12) #78 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file* @fget(i32 %6) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 loop_configure 4 lo_ioctl ------------- Path:  Function:lo_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = alloca %struct.loop_info, align 8 %8 = alloca %struct.loop_info64, align 8 %9 = alloca %struct.loop_info, align 8 %10 = alloca %struct.loop_info64, align 8 %11 = alloca %struct.loop_config, align 8 %12 = alloca %struct.loop_config, align 8 %13 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %14 = load %struct.gendisk*, %struct.gendisk** %13, align 8 %15 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %14, i64 0, i32 10 %16 = bitcast i8** %15 to %struct.loop_device** %17 = load %struct.loop_device*, %struct.loop_device** %16, align 8 switch i32 %2, label %367 [ i32 19456, label %18 i32 19466, label %24 i32 19462, label %33 i32 19457, label %207 i32 19458, label %226 i32 19459, label %280 i32 19460, label %335 i32 19461, label %349 i32 19463, label %362 i32 19464, label %362 i32 19465, label %362 ] %25 = inttoptr i64 %3 to i8* %26 = bitcast %struct.loop_config* %12 to i8* %27 = call i64 @_copy_from_user(i8* nonnull %26, i8* %25, i64 304) #79 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %31 %30 = call i32 @loop_configure(%struct.loop_device* %17, i32 %1, %struct.block_device* %0, %struct.loop_config* nonnull %12) #78 Function:loop_configure %5 = getelementptr inbounds %struct.loop_config, %struct.loop_config* %3, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = tail call %struct.file* @fget(i32 %6) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 __se_sys_setns 4 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #78 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 __se_sys_setns 4 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #78 Function:__se_sys_setns %3 = alloca %struct.nsset, align 8 %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = bitcast %struct.nsset* %3 to i8* %7 = tail call %struct.file* @fget(i32 %4) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 105 %16 = load %struct.audit_context*, %struct.audit_context** %15, align 64 %17 = icmp eq %struct.audit_context* %16, null br i1 %17, label %23, label %18 %24 = tail call %struct.file* @fget(i32 %11) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102742, %struct.file.102742* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #78 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #78 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.102742* bitcast (%struct.file* (i32)* @fget to %struct.file.102742* (i32)*)(i32 %269) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget 3 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102742, %struct.file.102742* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #78 %240 = icmp sgt i32 %239, 0 %241 = icmp eq i32 %239, 0 %242 = select i1 %241, i32 -7, i32 %239 br i1 %240, label %243, label %246 %244 = call i64 @_copy_from_user(i8* nonnull %228, i8* %12, i64 24) #78 %245 = icmp eq i64 %244, 0 br i1 %245, label %249, label %246 %250 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 4 %251 = load i32, i32* %250, align 4 %252 = and i32 %251, -524289 %253 = icmp eq i32 %252, 0 br i1 %253, label %254, label %365 %255 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 1 %256 = load i32, i32* %255, align 8 %257 = zext i32 %256 to i64 %258 = and i64 %257, 4294967292 %259 = icmp eq i64 %258, 0 br i1 %259, label %260, label %365 %261 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 3 %262 = load i32, i32* %261, align 8 %263 = icmp ne i32 %262, 0 %264 = and i64 %257, 1 %265 = icmp eq i64 %264, 0 %266 = and i1 %265, %263 br i1 %266, label %365, label %267 %268 = getelementptr inbounds %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %4, i64 0, i32 2 %269 = load i32, i32* %268, align 4 %270 = call %struct.file.102742* bitcast (%struct.file* (i32)* @fget to %struct.file.102742* (i32)*)(i32 %269) #78 Function:fget %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 16384, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget_files 2 fget_raw 3 __scm_send 4 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.sock* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie* %4 to i8* %11 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %194 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 95 %27 = load %struct.signal_struct*, %struct.signal_struct** %26, align 32 %28 = getelementptr %struct.signal_struct, %struct.signal_struct* %27, i64 0, i32 21, i64 1 %29 = load %struct.pid*, %struct.pid** %28, align 8 %30 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 85 %31 = load %struct.cred*, %struct.cred** %30, align 64 %32 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 1, i32 0 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.cred, %struct.cred* %31, i64 0, i32 2, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq %struct.pid* %29, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0 %39 = getelementptr inbounds %struct.pid, %struct.pid* %29, i64 0, i32 0, i32 0, i32 0 %40 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 1, i32* %39) #6, !srcloc !7 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %43, !prof !8, !misexpect !5 %44 = add i32 %40, 1 %45 = or i32 %44, %40 %46 = icmp sgt i32 %45, -1 br i1 %46, label %48, label %47, !prof !4, !misexpect !5 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %38, i32 1) #79 br label %48 %49 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 0 store %struct.pid* %29, %struct.pid** %49, align 8 %50 = tail call i32 @pid_vnr(%struct.pid* %29) #79 %51 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 2, i32 0 store i32 %50, i32* %51, align 8 store i32 %33, i32* %22, align 4 store i32 %35, i32* %23, align 8 %52 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %4, i64 0, i32 3 %53 = call i32 @security_socket_getpeersec_dgram(%struct.socket* %0, %struct.sk_buff* null, i32* %52) #79 %54 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %55 = load i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %60, label %57 %58 = call i32 @__scm_send(%struct.socket* %0, %struct.msghdr* %1, %struct.scm_cookie* nonnull %4) #79 Function:__scm_send %4 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 15 br i1 %6, label %7, label %209 %8 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %9 = bitcast i8** %8 to %struct.arch_uprobe_task** %10 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %9, align 8 %11 = icmp eq %struct.arch_uprobe_task* %10, null br i1 %11, label %209, label %12 %13 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 3, i32 0 %14 = bitcast i8** %13 to i64* %15 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 0 %16 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 0 %17 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 1, i32 0 %18 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 2, i32 0 %19 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 5 %20 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 1 %21 = bitcast %struct.scm_fp_list** %20 to i8** br label %22 %23 = phi i64 [ %5, %12 ], [ %196, %194 ] %24 = phi %struct.arch_uprobe_task* [ %10, %12 ], [ %207, %194 ] %25 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %26, 15 br i1 %27, label %28, label %221 %29 = load i64, i64* %14, align 8 %30 = ptrtoint %struct.arch_uprobe_task* %24 to i64 %31 = sub i64 %23, %30 %32 = add i64 %31, %29 %33 = icmp ugt i64 %26, %32 br i1 %33, label %221, label %34 %35 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 1 br i1 %37, label %38, label %194 %39 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 2 %40 = load i32, i32* %39, align 4 switch i32 %40, label %221 [ i32 1, label %41 i32 2, label %124 ] %42 = load %struct.proto_ops*, %struct.proto_ops** %19, align 32 %43 = icmp eq %struct.proto_ops* %42, null br i1 %43, label %221, label %44 %45 = getelementptr inbounds %struct.proto_ops, %struct.proto_ops* %42, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 1 br i1 %47, label %48, label %221 %49 = getelementptr %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1 %50 = bitcast %struct.arch_uprobe_task* %49 to i32* %51 = load %struct.scm_fp_list*, %struct.scm_fp_list** %20, align 8 %52 = add i64 %26, 17179869168 %53 = lshr i64 %52, 2 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %54, 1 br i1 %55, label %194, label %56 %57 = icmp sgt i32 %54, 253 br i1 %57, label %221, label %58 %59 = icmp eq %struct.scm_fp_list* %51, null br i1 %59, label %60, label %71 %61 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %62 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %61, i32 4197568, i64 2040) #78 %63 = icmp eq i8* %62, null br i1 %63, label %221, label %64 %65 = bitcast i8* %62 to %struct.scm_fp_list* store i8* %62, i8** %21, align 8 %66 = bitcast i8* %62 to i16* store i16 0, i16* %66, align 8 %67 = getelementptr inbounds i8, i8* %62, i64 2 %68 = bitcast i8* %67 to i16* store i16 253, i16* %68, align 2 %69 = getelementptr inbounds i8, i8* %62, i64 8 %70 = bitcast i8* %69 to %struct.user_struct** store %struct.user_struct* null, %struct.user_struct** %70, align 8 br label %71 %72 = phi %struct.scm_fp_list* [ %51, %58 ], [ %65, %64 ] %73 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 0 %74 = load i16, i16* %73, align 8 %75 = sext i16 %74 to i32 %76 = add nsw i32 %75, %54 %77 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 1 %78 = load i16, i16* %77, align 2 %79 = sext i16 %78 to i32 %80 = icmp sgt i32 %76, %79 br i1 %80, label %221, label %81 %82 = sext i16 %74 to i64 %83 = getelementptr %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 3, i64 %82 %84 = and i64 %53, 4294967295 br label %85 %86 = phi i64 [ 0, %81 ], [ %98, %94 ] %87 = phi %struct.file** [ %83, %81 ], [ %95, %94 ] %88 = getelementptr i32, i32* %50, i64 %86 %89 = load i32, i32* %88, align 4 %90 = icmp slt i32 %89, 0 br i1 %90, label %221, label %91 %92 = tail call %struct.file* @fget_raw(i32 %89) #78 Function:fget_raw %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 92 %5 = load %struct.files_struct*, %struct.files_struct** %4, align 8 %6 = tail call fastcc %struct.file* @__fget_files(%struct.files_struct* %5, i32 %0, i32 0, i32 1) #78 Function:__fget_files tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %0, i64 0, i32 3 %6 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %7 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp ugt i32 %8, %1 br i1 %9, label %10, label %57, !prof !5, !misexpect !6 %11 = zext i32 %1 to i64 %12 = zext i32 %3 to i64 br label %13 %14 = phi i32 [ %8, %10 ], [ %55, %52 ] %15 = phi %struct.fdtable* [ %6, %10 ], [ %53, %52 ] %16 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %15, i64 0, i32 1 %17 = load %struct.file**, %struct.file*** %16, align 8 %18 = zext i32 %14 to i64 %19 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %18, i64 %11) #6, !srcloc !7 %20 = trunc i64 %19 to i32 %21 = and i32 %20, %1 %22 = zext i32 %21 to i64 %23 = getelementptr %struct.file*, %struct.file** %17, i64 %22 %24 = load volatile %struct.file*, %struct.file** %23, align 8 %25 = icmp eq %struct.file* %24, null br i1 %25, label %57, label %26, !prof !8, !misexpect !6 %27 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, %2 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57, !prof !5, !misexpect !6 %32 = getelementptr inbounds %struct.file, %struct.file* %24, i64 0, i32 6, i32 0 %33 = load volatile i64, i64* %32, align 8 %34 = icmp eq i64 %33, 0 br i1 %34, label %52, label %35, !prof !8, !misexpect !6 %36 = phi i64 [ %43, %42 ], [ %33, %31 ] %37 = add i64 %36, %12 %38 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %32, i64 %37, i64* %32, i64 %36) #6, !srcloc !9 %39 = extractvalue { i8, i64 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !8, !misexpect !6 %46 = load volatile %struct.fdtable*, %struct.fdtable** %5, align 32 %47 = icmp eq %struct.fdtable* %46, %15 br i1 %47, label %48, label %51, !prof !5, !misexpect !6 %49 = load volatile %struct.file*, %struct.file** %23, align 8 %50 = icmp eq %struct.file* %49, %24 br i1 %50, label %57, label %51, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.145046*, i32)* @fput_many to void (%struct.file*, i32)*)(%struct.file* nonnull %24, i32 %3) #78 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.145046, %struct.file.145046* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %30, label %8 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.144964** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.144964**)) #11, !srcloc !5 %10 = inttoptr i64 %9 to %struct.task_struct.144964* %11 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %12 = and i32 %11, 16776960 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %24, !prof !7 %15 = getelementptr inbounds %struct.task_struct.144964, %struct.task_struct.144964* %10, i64 0, i32 4 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 2097152 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %24, !prof !7, !misexpect !8 %25 = bitcast %struct.file.145046* %0 to %struct.llist_node* %26 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %25, %struct.llist_node* %25, %struct.llist_node* nonnull @delayed_fput_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_put ------------- Path:  Function:ipcns_put %2 = getelementptr %struct.ns_common, %struct.ns_common* %0, i64 -34, i32 2 %3 = getelementptr inbounds i32, i32* %2, i64 205 %4 = bitcast i32* %3 to %struct.seqcount_spinlock* %5 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %4, %struct.spinlock* nonnull @mq_lock) #78 br i1 %5, label %6, label %14 %7 = bitcast i32* %2 to %struct.ipc_namespace* tail call void @mq_clear_sbinfo(%struct.ipc_namespace* %7) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %8 = getelementptr inbounds i32, i32* %2, i64 198 %9 = bitcast i32* %8 to %struct.llist_node* %10 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %9, %struct.llist_node* %9, %struct.llist_node* nonnull @free_ipc_list) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_ipc_ns 1 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace*, %struct.ipc_namespace** %6, align 8 tail call void @put_ipc_ns(%struct.ipc_namespace* %7) #78 Function:put_ipc_ns %2 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 24, i32 3 %3 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %2, %struct.spinlock* nonnull @mq_lock) #78 br i1 %3, label %4, label %10 tail call void @mq_clear_sbinfo(%struct.ipc_namespace* %0) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = getelementptr inbounds %struct.ipc_namespace, %struct.ipc_namespace* %0, i64 0, i32 23 %6 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %5, %struct.llist_node* %5, %struct.llist_node* nonnull @free_ipc_list) #78 ------------- Good: 1806 Bad: 119 Ignored: 6482 Check Use of Function:ext4_map_blocks Check Use of Function:i915_gem_flush_free_objects Use: =BAD PATH= Call Stack: 0 __i915_gem_object_create_user 1 i915_gem_create_ext_ioctl ------------- Path:  Function:i915_gem_create_ext_ioctl %4 = alloca %struct.create_ext.485167, align 8 %5 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.485149* %6 = bitcast %struct.create_ext.485167* %4 to i8* %7 = bitcast %struct.create_ext.485167* %4 to %struct.drm_device.382396** %8 = getelementptr inbounds %struct.create_ext.485167, %struct.create_ext.485167* %4, i64 0, i32 1 %9 = bitcast [4 x %struct.intel_memory_region.485152*]* %8 to i8* store %struct.drm_device.382396* %0, %struct.drm_device.382396** %7, align 8 %10 = getelementptr inbounds i8, i8* %1, i64 12 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %58 %15 = getelementptr inbounds i8, i8* %1, i64 16 %16 = bitcast i8* %15 to %struct.i915_user_extension** %17 = load %struct.i915_user_extension*, %struct.i915_user_extension** %16, align 8 %18 = call i32 @i915_user_extensions(%struct.i915_user_extension* %17, i32 (%struct.i915_user_extension*, i8*)** getelementptr inbounds ([1 x i32 (%struct.i915_user_extension*, i8*)*], [1 x i32 (%struct.i915_user_extension*, i8*)*]* @create_extensions.41036, i64 0, i64 0), i32 1, i8* nonnull %6) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %58 %21 = getelementptr inbounds %struct.create_ext.485167, %struct.create_ext.485167* %4, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %27 %28 = phi i32 [ %22, %20 ], [ 1, %24 ] %29 = bitcast i8* %1 to i64* %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.create_ext.485167, %struct.create_ext.485167* %4, i64 0, i32 1, i64 0 %32 = call %struct.drm_i915_gem_object.485166* @__i915_gem_object_create_user(%struct.drm_i915_private.485149* %5, i64 %30, %struct.intel_memory_region.485152** %31, i32 %28) #79 Function:__i915_gem_object_create_user %5 = bitcast %struct.intel_memory_region.485152** %2 to i8* %6 = load %struct.intel_memory_region.485152*, %struct.intel_memory_region.485152** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.449467*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.485149*)*)(%struct.drm_i915_private.485149* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __i915_gem_object_create_user 1 i915_gem_create_ioctl ------------- Path:  Function:i915_gem_create_ioctl %4 = alloca %struct.intel_memory_region.485152*, align 8 %5 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.485149* %6 = bitcast %struct.intel_memory_region.485152** %4 to i8* %7 = tail call %struct.intel_memory_region.485152* bitcast (%struct.intel_memory_region.427548* (%struct.drm_i915_private.427546*, i32)* @intel_memory_region_by_type to %struct.intel_memory_region.485152* (%struct.drm_i915_private.485149*, i32)*)(%struct.drm_i915_private.485149* %5, i32 0) #78 store %struct.intel_memory_region.485152* %7, %struct.intel_memory_region.485152** %4, align 8 %8 = bitcast i8* %1 to i64* %9 = load i64, i64* %8, align 8 %10 = call %struct.drm_i915_gem_object.485166* @__i915_gem_object_create_user(%struct.drm_i915_private.485149* %5, i64 %9, %struct.intel_memory_region.485152** nonnull %4, i32 1) #79 Function:__i915_gem_object_create_user %5 = bitcast %struct.intel_memory_region.485152** %2 to i8* %6 = load %struct.intel_memory_region.485152*, %struct.intel_memory_region.485152** %2, align 8 tail call void bitcast (void (%struct.drm_i915_private.449467*)* @i915_gem_flush_free_objects to void (%struct.drm_i915_private.485149*)*)(%struct.drm_i915_private.485149* %0) #78 ------------- Good: 2 Bad: 2 Ignored: 4 Check Use of Function:ext4_find_extent Check Use of Function:ext4_mb_mark_bb Check Use of Function:security_member_sid Check Use of Function:vfs_open Check Use of Function:drm_gem_open Check Use of Function:tty_compat_ioctl Check Use of Function:dquot_add_space Check Use of Function:static_key_slow_dec Check Use of Function:free_pid Use: =BAD PATH= Call Stack: 0 change_pid 1 __se_sys_setpgid 2 __ia32_sys_setpgid ------------- Path:  Function:__ia32_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setpgid(i64 %4, i64 %7) #78 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #78 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #78 %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %80, label %20 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 44 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, -1 br i1 %23, label %24, label %80 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 56 %26 = load %struct.task_struct*, %struct.task_struct** %25, align 8 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 95 %28 = load %struct.signal_struct*, %struct.signal_struct** %27, align 32 %29 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 95 %30 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %31 = icmp eq %struct.signal_struct* %28, %30 br i1 %31, label %32, label %45 %46 = icmp eq %struct.task_struct* %18, %8 br i1 %46, label %47, label %80 %48 = phi %struct.signal_struct* [ %34, %40 ], [ %30, %45 ] %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 95 %50 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %48, i64 0, i32 23 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %80 %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 63 %55 = load %struct.pid*, %struct.pid** %54, align 32 %56 = icmp eq i32 %15, %13 br i1 %56, label %70, label %57 %58 = tail call %struct.pid* @find_vpid(i32 %15) #78 %59 = tail call %struct.task_struct* @pid_task(%struct.pid* %58, i32 2) #78 %60 = icmp eq %struct.task_struct* %59, null br i1 %60, label %80, label %61 %62 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %59, i64 0, i32 95 %63 = load %struct.signal_struct*, %struct.signal_struct** %62, align 32 %64 = getelementptr %struct.signal_struct, %struct.signal_struct* %63, i64 0, i32 21, i64 3 %65 = load %struct.pid*, %struct.pid** %64, align 8 %66 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %67 = getelementptr %struct.signal_struct, %struct.signal_struct* %66, i64 0, i32 21, i64 3 %68 = load %struct.pid*, %struct.pid** %67, align 8 %69 = icmp eq %struct.pid* %65, %68 br i1 %69, label %70, label %80 %71 = phi %struct.pid* [ %55, %53 ], [ %58, %61 ] %72 = tail call i32 @security_task_setpgid(%struct.task_struct* nonnull %18, i32 %15) #78 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %80 %75 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %76 = getelementptr %struct.signal_struct, %struct.signal_struct* %75, i64 0, i32 21, i64 2 %77 = load %struct.pid*, %struct.pid** %76, align 8 %78 = icmp eq %struct.pid* %77, %71 br i1 %78, label %80, label %79 tail call void @change_pid(%struct.task_struct* nonnull %18, i32 2, %struct.pid* %71) #78 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 change_pid 1 __se_sys_setpgid 2 __x64_sys_setpgid ------------- Path:  Function:__x64_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setpgid(i64 %3, i64 %5) #78 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #78 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #78 %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %80, label %20 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 44 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, -1 br i1 %23, label %24, label %80 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 56 %26 = load %struct.task_struct*, %struct.task_struct** %25, align 8 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 95 %28 = load %struct.signal_struct*, %struct.signal_struct** %27, align 32 %29 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 95 %30 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %31 = icmp eq %struct.signal_struct* %28, %30 br i1 %31, label %32, label %45 %46 = icmp eq %struct.task_struct* %18, %8 br i1 %46, label %47, label %80 %48 = phi %struct.signal_struct* [ %34, %40 ], [ %30, %45 ] %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 95 %50 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %48, i64 0, i32 23 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %80 %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 63 %55 = load %struct.pid*, %struct.pid** %54, align 32 %56 = icmp eq i32 %15, %13 br i1 %56, label %70, label %57 %58 = tail call %struct.pid* @find_vpid(i32 %15) #78 %59 = tail call %struct.task_struct* @pid_task(%struct.pid* %58, i32 2) #78 %60 = icmp eq %struct.task_struct* %59, null br i1 %60, label %80, label %61 %62 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %59, i64 0, i32 95 %63 = load %struct.signal_struct*, %struct.signal_struct** %62, align 32 %64 = getelementptr %struct.signal_struct, %struct.signal_struct* %63, i64 0, i32 21, i64 3 %65 = load %struct.pid*, %struct.pid** %64, align 8 %66 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %67 = getelementptr %struct.signal_struct, %struct.signal_struct* %66, i64 0, i32 21, i64 3 %68 = load %struct.pid*, %struct.pid** %67, align 8 %69 = icmp eq %struct.pid* %65, %68 br i1 %69, label %70, label %80 %71 = phi %struct.pid* [ %55, %53 ], [ %58, %61 ] %72 = tail call i32 @security_task_setpgid(%struct.task_struct* nonnull %18, i32 %15) #78 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %80 %75 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %76 = getelementptr %struct.signal_struct, %struct.signal_struct* %75, i64 0, i32 21, i64 2 %77 = load %struct.pid*, %struct.pid** %76, align 8 %78 = icmp eq %struct.pid* %77, %71 br i1 %78, label %80, label %79 tail call void @change_pid(%struct.task_struct* nonnull %18, i32 2, %struct.pid* %71) #78 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #78 ------------- Good: 5 Bad: 2 Ignored: 7 Check Use of Function:sd_pr_reserve Check Use of Function:ext4_ext_try_to_merge Check Use of Function:is_swbp_insn Check Use of Function:inode_owner_or_capable Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.148621, %struct.dentry.148621* %1, i64 0, i32 9 %5 = load %struct.super_block.148616*, %struct.super_block.148616** %4, align 8 %6 = getelementptr inbounds %struct.super_block.148616, %struct.super_block.148616* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.209360** %8 = load %struct.msdos_sb_info.209360*, %struct.msdos_sb_info.209360** %7, align 16 %9 = getelementptr inbounds %struct.dentry.148621, %struct.dentry.148621* %1, i64 0, i32 5 %10 = load %struct.inode.148633*, %struct.inode.148633** %9, align 8 %11 = getelementptr inbounds %struct.iattr.148623, %struct.iattr.148623* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.209360, %struct.msdos_sb_info.209360* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148747**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.148747* %20 = getelementptr inbounds %struct.task_struct.148747, %struct.task_struct.148747* %19, i64 0, i32 85 %21 = load %struct.cred*, %struct.cred** %20, align 64 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #78 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.148621*, %struct.iattr.148623*)*)(%struct.user_namespace* %0, %struct.dentry.148621* %1, %struct.iattr.148623* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.148621, %struct.dentry.148621* %1, i64 0, i32 9 %5 = load %struct.super_block.148616*, %struct.super_block.148616** %4, align 8 %6 = getelementptr inbounds %struct.super_block.148616, %struct.super_block.148616* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.209360** %8 = load %struct.msdos_sb_info.209360*, %struct.msdos_sb_info.209360** %7, align 16 %9 = getelementptr inbounds %struct.dentry.148621, %struct.dentry.148621* %1, i64 0, i32 5 %10 = load %struct.inode.148633*, %struct.inode.148633** %9, align 8 %11 = getelementptr inbounds %struct.iattr.148623, %struct.iattr.148623* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.209360, %struct.msdos_sb_info.209360* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148747**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.148747* %20 = getelementptr inbounds %struct.task_struct.148747, %struct.task_struct.148747* %19, i64 0, i32 85 %21 = load %struct.cred*, %struct.cred** %20, align 64 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #78 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.148621*, %struct.iattr.148623*)*)(%struct.user_namespace* %0, %struct.dentry.148621* %1, %struct.iattr.148623* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.273737*, %struct.iattr.273739*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry.273737* %1, %struct.iattr.273739* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147847*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %6, i32 2) #78 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.150840*)*)(%struct.inode.150840* %6) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %64, i64 %66, %struct.inode.150840* %6) #78 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %77, i64 %79, %struct.inode.150840* %6) #78 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %171 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150835*, %struct.inode_operations.150835** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150835, %struct.inode_operations.150835* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*, i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.user_namespace* %0, %struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.148621, %struct.dentry.148621* %1, i64 0, i32 9 %5 = load %struct.super_block.148616*, %struct.super_block.148616** %4, align 8 %6 = getelementptr inbounds %struct.super_block.148616, %struct.super_block.148616* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.209360** %8 = load %struct.msdos_sb_info.209360*, %struct.msdos_sb_info.209360** %7, align 16 %9 = getelementptr inbounds %struct.dentry.148621, %struct.dentry.148621* %1, i64 0, i32 5 %10 = load %struct.inode.148633*, %struct.inode.148633** %9, align 8 %11 = getelementptr inbounds %struct.iattr.148623, %struct.iattr.148623* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.209360, %struct.msdos_sb_info.209360* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148747**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.148747* %20 = getelementptr inbounds %struct.task_struct.148747, %struct.task_struct.148747* %19, i64 0, i32 85 %21 = load %struct.cred*, %struct.cred** %20, align 64 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #78 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.148621*, %struct.iattr.148623*)*)(%struct.user_namespace* %0, %struct.dentry.148621* %1, %struct.iattr.148623* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %4 = getelementptr inbounds %struct.dentry.148621, %struct.dentry.148621* %1, i64 0, i32 9 %5 = load %struct.super_block.148616*, %struct.super_block.148616** %4, align 8 %6 = getelementptr inbounds %struct.super_block.148616, %struct.super_block.148616* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.msdos_sb_info.209360** %8 = load %struct.msdos_sb_info.209360*, %struct.msdos_sb_info.209360** %7, align 16 %9 = getelementptr inbounds %struct.dentry.148621, %struct.dentry.148621* %1, i64 0, i32 5 %10 = load %struct.inode.148633*, %struct.inode.148633** %9, align 8 %11 = getelementptr inbounds %struct.iattr.148623, %struct.iattr.148623* %2, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 65920 %14 = icmp eq i32 %13, 0 br i1 %14, label %39, label %15 %16 = getelementptr inbounds %struct.msdos_sb_info.209360, %struct.msdos_sb_info.209360* %8, i64 0, i32 19, i32 11 %17 = load i16, i16* %16, align 2 %18 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.148747** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.148747**)) #11, !srcloc !4 %19 = inttoptr i64 %18 to %struct.task_struct.148747* %20 = getelementptr inbounds %struct.task_struct.148747, %struct.task_struct.148747* %19, i64 0, i32 85 %21 = load %struct.cred*, %struct.cred** %20, align 64 %22 = getelementptr inbounds %struct.cred, %struct.cred* %21, i64 0, i32 7, i32 0 %23 = load i32, i32* %22, align 4 %24 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %10, i64 0, i32 2, i32 0 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %23, %25 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.inode.148633, %struct.inode.148633* %10, i64 0, i32 3, i32 0 %29 = load i32, i32* %28, align 8 %30 = tail call i32 @in_group_p(i32 %29) #78 %31 = icmp eq i32 %30, 0 %32 = lshr i16 %17, 3 %33 = select i1 %31, i16 %17, i16 %32 %34 = and i16 %33, 2 %35 = icmp eq i16 %34, 0 br i1 %35, label %39, label %36 %40 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.148621*, %struct.iattr.148623*)*)(%struct.user_namespace* %0, %struct.dentry.148621* %1, %struct.iattr.148623* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.273737*, %struct.iattr.273739*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry.273737* %1, %struct.iattr.273739* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147847*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %6, i32 2) #78 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.150840*)*)(%struct.inode.150840* %6) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %64, i64 %66, %struct.inode.150840* %6) #78 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %77, i64 %79, %struct.inode.150840* %6) #78 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %171 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150835*, %struct.inode_operations.150835** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150835, %struct.inode_operations.150835* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*, i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.user_namespace* %0, %struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %33 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 256 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %131 %40 = and i32 %7, 512 %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %124 %43 = and i32 %7, 2 %44 = icmp eq i32 %43, 0 br i1 %44, label %69, label %45 %46 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %49 = load i32, i32* %48, align 4 %50 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %51 = inttoptr i64 %50 to %struct.task_struct.150950* %52 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %51, i64 0, i32 85 %53 = load %struct.cred*, %struct.cred** %52, align 64 %54 = getelementptr inbounds %struct.cred, %struct.cred* %53, i64 0, i32 7, i32 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, %49 %57 = icmp eq i32 %49, %47 %58 = and i1 %57, %56 br i1 %58, label %69, label %59 %70 = and i32 %7, 4 %71 = icmp eq i32 %70, 0 br i1 %71, label %101, label %72 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %74 = load i32, i32* %73, align 4 %75 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %76 = load i32, i32* %75, align 8 %77 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %78 = inttoptr i64 %77 to %struct.task_struct.150950* %79 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %78, i64 0, i32 85 %80 = load %struct.cred*, %struct.cred** %79, align 64 %81 = getelementptr inbounds %struct.cred, %struct.cred* %80, i64 0, i32 7, i32 0 %82 = load i32, i32* %81, align 4 %83 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 2, i32 0 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %82, %84 br i1 %85, label %86, label %91 %87 = icmp eq i32 %76, %74 br i1 %87, label %101, label %88 %102 = and i32 %7, 1 %103 = icmp eq i32 %102, 0 br i1 %103, label %119, label %104 %105 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 br i1 %105, label %106, label %131 %107 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %108 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 3, i32 0 %109 = select i1 %71, i32* %108, i32* %107 %110 = load i32, i32* %109, align 4 %111 = tail call i32 @in_group_p(i32 %110) #78 %112 = icmp eq i32 %111, 0 br i1 %112, label %113, label %119 %114 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %5, i32 4) #78 br i1 %114, label %119, label %115 %120 = and i32 %7, 65920 %121 = icmp eq i32 %120, 0 br i1 %121, label %124, label %122 %123 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %103 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 6 %104 = load %struct.mm_struct*, %struct.mm_struct** %103, align 8 store %struct.vm_area_struct* %73, %struct.vm_area_struct** %11, align 8 %105 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 8 %106 = load i64, i64* %105, align 8 %107 = and i64 %106, 4203520 %108 = icmp eq i64 %107, 0 br i1 %108, label %109, label %134 %110 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 12 %111 = load %struct.vm_operations_struct*, %struct.vm_operations_struct** %110, align 8 %112 = icmp eq %struct.vm_operations_struct* %111, null br i1 %112, label %131, label %113 %114 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 14 %115 = load %struct.file*, %struct.file** %114, align 8 %116 = icmp eq %struct.file* %115, null br i1 %116, label %134, label %117 %118 = getelementptr inbounds %struct.file, %struct.file* %115, i64 0, i32 2 %119 = load %struct.inode*, %struct.inode** %118, align 8 %120 = call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %119) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %103 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 6 %104 = load %struct.mm_struct*, %struct.mm_struct** %103, align 8 store %struct.vm_area_struct* %73, %struct.vm_area_struct** %11, align 8 %105 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 8 %106 = load i64, i64* %105, align 8 %107 = and i64 %106, 4203520 %108 = icmp eq i64 %107, 0 br i1 %108, label %109, label %134 %110 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 12 %111 = load %struct.vm_operations_struct*, %struct.vm_operations_struct** %110, align 8 %112 = icmp eq %struct.vm_operations_struct* %111, null br i1 %112, label %131, label %113 %114 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 14 %115 = load %struct.file*, %struct.file** %114, align 8 %116 = icmp eq %struct.file* %115, null br i1 %116, label %134, label %117 %118 = getelementptr inbounds %struct.file, %struct.file* %115, i64 0, i32 2 %119 = load %struct.inode*, %struct.inode** %118, align 8 %120 = call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %119) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %9 = icmp eq i8* %5, null br i1 %9, label %16, label %10 %17 = phi %struct.posix_acl* [ %11, %10 ], [ null, %8 ] %18 = getelementptr inbounds %struct.xattr_handler, %struct.xattr_handler* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = tail call i32 @set_posix_acl(%struct.user_namespace* %1, %struct.inode* %3, i32 %19, %struct.posix_acl* %17) #78 Function:set_posix_acl %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 10 %8 = load i64, i64* %7, align 16 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %86, label %11 %12 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 7 %13 = load %struct.inode_operations*, %struct.inode_operations** %12, align 8 %14 = getelementptr inbounds %struct.inode_operations, %struct.inode_operations* %13, i64 0, i32 20 %15 = load i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)*, i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)** %14, align 32 %16 = icmp eq i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)* %15, null br i1 %16, label %86, label %17 %18 = icmp eq i32 %2, 16384 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, 16384 br i1 %23, label %27, label %24 %28 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* %0, %struct.inode* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %9 = icmp eq i8* %5, null br i1 %9, label %16, label %10 %17 = phi %struct.posix_acl* [ %11, %10 ], [ null, %8 ] %18 = getelementptr inbounds %struct.xattr_handler, %struct.xattr_handler* %0, i64 0, i32 2 %19 = load i32, i32* %18, align 8 %20 = tail call i32 @set_posix_acl(%struct.user_namespace* %1, %struct.inode* %3, i32 %19, %struct.posix_acl* %17) #78 Function:set_posix_acl %5 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %6 = load %struct.super_block*, %struct.super_block** %5, align 8 %7 = getelementptr inbounds %struct.super_block, %struct.super_block* %6, i64 0, i32 10 %8 = load i64, i64* %7, align 16 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %86, label %11 %12 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 7 %13 = load %struct.inode_operations*, %struct.inode_operations** %12, align 8 %14 = getelementptr inbounds %struct.inode_operations, %struct.inode_operations* %13, i64 0, i32 20 %15 = load i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)*, i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)** %14, align 32 %16 = icmp eq i32 (%struct.user_namespace*, %struct.inode*, %struct.posix_acl*, i32)* %15, null br i1 %16, label %86, label %17 %18 = icmp eq i32 %2, 16384 br i1 %18, label %19, label %27 %20 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, 16384 br i1 %23, label %27, label %24 %28 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode*)*)(%struct.user_namespace* %0, %struct.inode* %1) #78 ------------- Good: 81 Bad: 49 Ignored: 175 Check Use of Function:send_sig_info Use: =BAD PATH= Call Stack: 0 send_sig 1 inode_newsize_ok 2 nfs_setattr ------------- Path:  Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %1, i64 0, i32 5 %5 = load %struct.inode.216899*, %struct.inode.216899** %4, align 8 %6 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 8 %7 = load %struct.super_block.216885*, %struct.super_block.216885** %6, align 8 %8 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217027** %10 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150840*, i64)* @inode_newsize_ok to i32 (%struct.inode.216899*, i64)*)(%struct.inode.216899* %5, i64 %32) #78 Function:inode_newsize_ok %3 = icmp slt i64 %1, 0 br i1 %3, label %30, label %4 %5 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %0, i64 0, i32 14 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, %1 br i1 %7, label %8, label %22 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.150950* %11 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %10, i64 0, i32 95 %12 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %11, align 32 %13 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %12, i64 0, i32 49, i64 1, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp ult i64 %14, %1 br i1 %15, label %28, label %16 %29 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %10, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 inode_newsize_ok 2 nfs_setattr 3 nfs_namespace_setattr ------------- Path:  Function:nfs_namespace_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 2 %8 = bitcast %struct.seqcount_spinlock* %7 to i16* %9 = load i16, i16* %8, align 2 %10 = icmp eq i16 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.216888*, %struct.iattr.216890*)* @nfs_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:nfs_setattr %4 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %1, i64 0, i32 5 %5 = load %struct.inode.216899*, %struct.inode.216899** %4, align 8 %6 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 8 %7 = load %struct.super_block.216885*, %struct.super_block.216885** %6, align 8 %8 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.217027** %10 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %9, align 16 %11 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %10, i64 0, i32 6 %12 = load %struct.nfs_iostats*, %struct.nfs_iostats** %11, align 8 %13 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %12, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64* %13) #6, !srcloc !4 %14 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 0 %15 = load i32, i32* %14, align 8 %16 = and i32 %15, 6144 %17 = icmp eq i32 %16, 0 br i1 %17, label %20, label %18 %21 = phi i32 [ %15, %3 ], [ %19, %18 ] %22 = and i32 %21, 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %43, label %24 %25 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %5, i64 0, i32 0 %26 = load i16, i16* %25, align 8 %27 = and i16 %26, -4096 %28 = icmp eq i16 %27, -32768 br i1 %28, label %30, label %29, !prof !5, !misexpect !6 %31 = getelementptr inbounds %struct.iattr.216890, %struct.iattr.216890* %2, i64 0, i32 4 %32 = load i64, i64* %31, align 8 %33 = tail call i32 bitcast (i32 (%struct.inode.150840*, i64)* @inode_newsize_ok to i32 (%struct.inode.216899*, i64)*)(%struct.inode.216899* %5, i64 %32) #78 Function:inode_newsize_ok %3 = icmp slt i64 %1, 0 br i1 %3, label %30, label %4 %5 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %0, i64 0, i32 14 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, %1 br i1 %7, label %8, label %22 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct.150950* %11 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %10, i64 0, i32 95 %12 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %11, align 32 %13 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %12, i64 0, i32 49, i64 1, i32 0 %14 = load volatile i64, i64* %13, align 8 %15 = icmp ult i64 %14, %1 br i1 %15, label %28, label %16 %29 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %10, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %7 = load %struct.super_block*, %struct.super_block** %6, align 8 %8 = getelementptr inbounds %struct.super_block, %struct.super_block* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.hugetlbfs_sb_info** %10 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %9, align 16 %11 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %10, i64 0, i32 3 %12 = load %struct.hstate*, %struct.hstate** %11, align 8 %13 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 46 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 ext4_setattr ------------- Path:  Function:ext4_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.ext4_sb_info** %12 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %11, align 16 %13 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %12, i64 0, i32 48 %14 = load volatile i64, i64* %13, align 8 %15 = and i64 %14, 2 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %383, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %383, !prof !4, !misexpect !5 %23 = and i32 %19, 4 %24 = icmp ne i32 %23, 0 %25 = and i32 %7, 65543 %26 = icmp ne i32 %25, 0 %27 = and i1 %26, %24 br i1 %27, label %383, label %28, !prof !6, !misexpect !5 %29 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* %0, %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_notify_change ------------- Path:  Function:proc_notify_change %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 13 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.proc_dir_entry** %9 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_setattr ------------- Path:  Function:proc_setattr %4 = getelementptr inbounds %struct.dentry.177444, %struct.dentry.177444* %1, i64 0, i32 5 %5 = load %struct.inode.177454*, %struct.inode.177454** %4, align 8 %6 = getelementptr inbounds %struct.iattr.177594, %struct.iattr.177594* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 1 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %14 %11 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace.177593*, %struct.dentry.177444*, %struct.iattr.177594*)*)(%struct.user_namespace.177593* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace.177593*), %struct.dentry.177444* %1, %struct.iattr.177594* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr ------------- Path:  Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 sockfs_setattr ------------- Path:  Function:sockfs_setattr %4 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.273737*, %struct.iattr.273739*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry.273737* %1, %struct.iattr.273739* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %13 %12 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 notify_change 4 file_remove_privs 5 __generic_file_write_iter 6 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147847*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %6, i32 2) #78 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.150840*)*)(%struct.inode.150840* %6) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %64, i64 %66, %struct.inode.150840* %6) #78 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %77, i64 %79, %struct.inode.150840* %6) #78 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %171 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150835*, %struct.inode_operations.150835** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150835, %struct.inode_operations.150835* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*, i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.user_namespace* %0, %struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 Function:simple_setattr %4 = getelementptr inbounds %struct.dentry.153949, %struct.dentry.153949* %1, i64 0, i32 5 %5 = load %struct.inode.153945*, %struct.inode.153945** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)*)(%struct.user_namespace* %0, %struct.dentry.153949* %1, %struct.iattr.153937* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 shmem_setattr ------------- Path:  Function:shmem_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr %struct.inode, %struct.inode* %5, i64 -1, i32 41, i32 6, i32 4, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.shmem_inode_info* %8 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* @setattr_prepare to i32 (%struct.user_namespace*, %struct.dentry*, %struct.iattr*)*)(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.dentry* %1, %struct.iattr* %2) #78 Function:setattr_prepare %4 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %5 = load %struct.inode.150840*, %struct.inode.150840** %4, align 8 %6 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %39, label %10 %11 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 4 %12 = load i64, i64* %11, align 8 %13 = icmp slt i64 %12, 0 br i1 %13, label %131, label %14 %15 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %5, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, %12 br i1 %17, label %18, label %32 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.150950** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.150950**)) #11, !srcloc !4 %20 = inttoptr i64 %19 to %struct.task_struct.150950* %21 = getelementptr inbounds %struct.task_struct.150950, %struct.task_struct.150950* %20, i64 0, i32 95 %22 = load %struct.signal_struct.150897*, %struct.signal_struct.150897** %21, align 32 %23 = getelementptr %struct.signal_struct.150897, %struct.signal_struct.150897* %22, i64 0, i32 49, i64 1, i32 0 %24 = load volatile i64, i64* %23, align 8 %25 = icmp ult i64 %24, %12 br i1 %25, label %37, label %26 %38 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct.150950*, i32)*)(i32 25, %struct.task_struct.150950* %20, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 generic_write_checks 2 nfs_file_direct_write 3 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.214823, %struct.kiocb.214823* %0, i64 0, i32 0 %4 = load %struct.file.215264*, %struct.file.215264** %3, align 8 %5 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %4, i64 0, i32 2 %6 = load %struct.inode.215256*, %struct.inode.215256** %5, align 8 %7 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %6, i64 0, i32 8 %8 = load %struct.super_block.215246*, %struct.super_block.215246** %7, align 8 %9 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.215399** %11 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.215264*, %struct.inode.215256*)*)(%struct.file.215264* %4, %struct.inode.215256* %6) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = getelementptr inbounds %struct.kiocb.214823, %struct.kiocb.214823* %0, i64 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 131072 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %24 = tail call i64 bitcast (i64 (%struct.kiocb.218633*, %struct.iov_iter*, i1)* @nfs_file_direct_write to i64 (%struct.kiocb.214823*, %struct.iov_iter*, i1)*)(%struct.kiocb.214823* %0, %struct.iov_iter* %1, i1 zeroext false) #78 Function:nfs_file_direct_write %4 = getelementptr inbounds %struct.kiocb.218633, %struct.kiocb.218633* %0, i64 0, i32 0 %5 = load %struct.file.219240*, %struct.file.219240** %4, align 8 %6 = getelementptr inbounds %struct.file.219240, %struct.file.219240* %5, i64 0, i32 18 %7 = load %struct.address_space.218627*, %struct.address_space.218627** %6, align 8 %8 = getelementptr inbounds %struct.address_space.218627, %struct.address_space.218627* %7, i64 0, i32 0 %9 = load %struct.inode.219234*, %struct.inode.219234** %8, align 8 br i1 %2, label %10, label %13 %14 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_write_checks to i64 (%struct.kiocb.218633*, %struct.iov_iter*)*)(%struct.kiocb.218633* %0, %struct.iov_iter* %1) #78 Function:generic_write_checks %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %8, i64 0, i32 4 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 256 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %69 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %69, label %17 %18 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 16 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %27 = and i32 %19, 131080 %28 = icmp eq i32 %27, 8 br i1 %28, label %69, label %29 %30 = load i64, i64* %14, align 8 %31 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = load %struct.address_space*, %struct.address_space** %5, align 8 %34 = getelementptr inbounds %struct.address_space, %struct.address_space* %33, i64 0, i32 0 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 8 %37 = load %struct.super_block*, %struct.super_block** %36, align 8 %38 = getelementptr inbounds %struct.super_block, %struct.super_block* %37, i64 0, i32 4 %39 = load i64, i64* %38, align 32 %40 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %41 = inttoptr i64 %40 to %struct.task_struct* %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %41, i64 0, i32 95 %43 = load %struct.signal_struct*, %struct.signal_struct** %42, align 32 %44 = getelementptr %struct.signal_struct, %struct.signal_struct* %43, i64 0, i32 49, i64 1, i32 0 %45 = load volatile i64, i64* %44, align 8 %46 = icmp eq i64 %45, -1 br i1 %46, label %55, label %47 %48 = icmp sgt i64 %45, %32 br i1 %48, label %51, label %49 %50 = tail call i32 bitcast (i32 (i32, %struct.task_struct.51970*, i32)* @send_sig to i32 (i32, %struct.task_struct*, i32)*)(i32 25, %struct.task_struct* %41, i32 0) #78 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = tail call i32 @send_sig_info(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.51970* %1) #78 ------------- Good: 60 Bad: 23 Ignored: 166 Check Use of Function:dm_issue_global_event Check Use of Function:ieee80211_destroy_frag_cache Check Use of Function:ext4_truncate Check Use of Function:__dquot_alloc_space Check Use of Function:audit_log_multicast Use: =BAD PATH= Call Stack: 0 audit_multicast_unbind ------------- Path:  Function:audit_multicast_unbind tail call fastcc void @audit_log_multicast(i32 %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.63.10724, i64 0, i64 0), i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 audit_multicast_unbind 1 netlink_bind ------------- Path:  Function:netlink_bind %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %8 = load %struct.sock*, %struct.sock** %7, align 8 %9 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %12 = icmp ult i32 %2, 12 br i1 %12, label %306, label %13 %14 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %15 = load i16, i16* %14, align 4 %16 = icmp eq i16 %15, 16 br i1 %16, label %17, label %306 %18 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 6 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 store i64 %21, i64* %6, align 8 %22 = icmp eq i32 %20, 0 br i1 %22, label %71, label %23 %24 = load %struct.netlink_table*, %struct.netlink_table** @nl_table, align 8 %25 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 0, i32 48 %26 = load i16, i16* %25, align 4 %27 = zext i16 %26 to i64 %28 = getelementptr %struct.netlink_table, %struct.netlink_table* %24, i64 %27, i32 3 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36 %33 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 11 %34 = load %struct.user_namespace*, %struct.user_namespace** %33, align 16 %35 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %34, i32 12) #78 br i1 %35, label %36, label %306 tail call void @netlink_table_grab() #78 %37 = load %struct.netlink_table*, %struct.netlink_table** @nl_table, align 8 %38 = load i16, i16* %25, align 4 %39 = zext i16 %38 to i64 %40 = getelementptr %struct.netlink_table, %struct.netlink_table* %37, i64 %39, i32 4 %41 = load i32, i32* %40, align 4 %42 = getelementptr %struct.netlink_table, %struct.netlink_table* %37, i64 %39, i32 10 %43 = load i32, i32* %42, align 8 %44 = icmp eq i32 %43, 0 br i1 %44, label %68, label %45 %69 = phi i1 [ false, %36 ], [ true, %45 ], [ false, %49 ], [ true, %59 ] %70 = phi i32 [ -2, %36 ], [ 0, %45 ], [ -12, %49 ], [ 0, %59 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @nl_table_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @__wake_up(%struct.wait_queue_head* nonnull @nl_table_wait, i32 3, i32 1, i8* null) #78 br i1 %69, label %71, label %306 %72 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1, i32 0, i32 6 %73 = load i32, i32* %72, align 4 %74 = icmp ult i32 %73, 64 br i1 %74, label %75, label %80 %81 = phi i64 [ %21, %71 ], [ %79, %75 ] %82 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1, i32 0, i32 11 %83 = bitcast %struct.in6_addr* %82 to i8* %84 = load volatile i8, i8* %83, align 8, !range !7 %85 = icmp eq i8 %84, 0 br i1 %85, label %94, label %86 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %87 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 2 %88 = bitcast i8* %87 to i32* %89 = load i32, i32* %88, align 4 %90 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1 %91 = bitcast %struct.sock* %90 to i32* %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %89, %92 br i1 %93, label %94, label %306 %95 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1, i32 8 %96 = bitcast i32* %95 to i32 (%struct.net*, i32)** %97 = load i32 (%struct.net*, i32)*, i32 (%struct.net*, i32)** %96, align 8 %98 = icmp ne i32 (%struct.net*, i32)* %97, null %99 = icmp ne i64 %81, 0 %100 = and i1 %98, %99 br i1 %100, label %101, label %141 %102 = phi i64 [ %138, %137 ], [ 0, %94 ] %103 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %6, i64 %102) #6, !srcloc !9 %104 = and i8 %103, 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %137, label %106 %138 = add nuw nsw i64 %102, 1 %139 = icmp eq i64 %138, 32 br i1 %139, label %141, label %101 %142 = call i64 @_raw_read_lock_irqsave(%struct.rwlock_t* nonnull @nl_table_lock) #78 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @nl_table_users, i64 0, i32 0), i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @nl_table_users, i64 0, i32 0)) #6, !srcloc !10 call void @_raw_read_unlock_irqrestore(%struct.rwlock_t* nonnull @nl_table_lock, i64 %142) #78 br i1 %85, label %143, label %176 %144 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 2 %145 = bitcast i8* %144 to i32* %146 = load i32, i32* %145, align 4 %147 = icmp eq i32 %146, 0 br i1 %147, label %150, label %148 %151 = call fastcc i32 @netlink_autobind(%struct.socket* %0) #79 br label %152 %153 = phi i32 [ %149, %148 ], [ %151, %150 ] %154 = icmp eq i32 %153, 0 br i1 %154, label %176, label %155 %156 = load i64, i64* %6, align 8 %157 = bitcast i64* %4 to i8* store i64 %156, i64* %4, align 8 %158 = getelementptr inbounds %struct.sock, %struct.sock* %8, i64 1, i32 10 %159 = bitcast i32* %158 to void (%struct.net*, i32)** %160 = load void (%struct.net*, i32)*, void (%struct.net*, i32)** %159, align 8 %161 = icmp eq void (%struct.net*, i32)* %160, null br i1 %161, label %175, label %162 %163 = phi i64 [ %173, %172 ], [ 0, %155 ] %164 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %4, i64 %163) #6, !srcloc !9 %165 = and i8 %164, 1 %166 = icmp eq i8 %165, 0 br i1 %166, label %172, label %167 %168 = load void (%struct.net*, i32)*, void (%struct.net*, i32)** %159, align 8 %169 = load %struct.net*, %struct.net** %9, align 8 %170 = trunc i64 %163 to i32 %171 = add i32 %170, 1 call void %168(%struct.net* %169, i32 %171) #78 Function:audit_multicast_unbind tail call fastcc void @audit_log_multicast(i32 %1, i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.63.10724, i64 0, i64 0), i32 0) #78 ------------- Good: 3 Bad: 2 Ignored: 0 Check Use of Function:nfs4_xattr_get_nfs4_acl Check Use of Function:__mnt_drop_write Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_readonly_mmap ------------- Path:  Function:generic_file_readonly_mmap %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 40 %6 = icmp eq i64 %5, 40 br i1 %6, label %24, label %7 %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 9 %11 = load %struct.address_space_operations*, %struct.address_space_operations** %10, align 8 %12 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %11, i64 0, i32 1 %13 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %12, align 8 %14 = icmp eq i32 (%struct.file*, %struct.page*)* %13, null br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 262144 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %21) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #78 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #79 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter 2 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %4 = load %struct.file.294911*, %struct.file.294911** %3, align 8 %5 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %4, i64 0, i32 18 %6 = load %struct.address_space.294992*, %struct.address_space.294992** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %6, i64 0, i32 0 %8 = load %struct.inode.294985*, %struct.inode.294985** %7, align 8 %9 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:generic_file_read_iter %3 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %64, label %6 %7 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 4 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 131072 %10 = icmp eq i32 %9, 0 br i1 %10, label %61, label %11 %12 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %17 = load %struct.inode*, %struct.inode** %16, align 8 %18 = getelementptr inbounds %struct.inode, %struct.inode* %17, i64 0, i32 14 %19 = load i64, i64* %18, align 8 %20 = and i32 %8, 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = add i64 %4, -1 %25 = add i64 %24, %23 br i1 %21, label %28, label %26 %29 = tail call i32 @filemap_write_and_wait_range(%struct.address_space* %15, i64 %23, i64 %25) #78 %30 = sext i32 %29 to i64 %31 = icmp slt i32 %29, 0 br i1 %31, label %64, label %32 %33 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 7 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 262144 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %39 %38 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %38) #79 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap ------------- Path:  Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap 2 nfs_file_mmap ------------- Path:  Function:nfs_file_mmap %3 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 2 %4 = load %struct.inode.215256*, %struct.inode.215256** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file*, %struct.vm_area_struct*)* @generic_file_mmap to i32 (%struct.file.215264*, %struct.vm_area_struct.215280*)*)(%struct.file.215264* %0, %struct.vm_area_struct.215280* %1) #78 Function:generic_file_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %4 = load %struct.address_space*, %struct.address_space** %3, align 8 %5 = getelementptr inbounds %struct.address_space, %struct.address_space* %4, i64 0, i32 9 %6 = load %struct.address_space_operations*, %struct.address_space_operations** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations, %struct.address_space_operations* %6, i64 0, i32 1 %8 = load i32 (%struct.file*, %struct.page*)*, i32 (%struct.file*, %struct.page*)** %7, align 8 %9 = icmp eq i32 (%struct.file*, %struct.page*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %16) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_mmap ------------- Path:  Function:shmem_mmap %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 41, i32 6, i32 4, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.shmem_inode_info* %7 = getelementptr inbounds %struct.shmem_inode_info, %struct.shmem_inode_info* %6, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 16 %10 = icmp eq i32 %9, 0 br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 8 %15 = icmp eq i64 %14, 0 %16 = and i64 %13, 10 %17 = icmp eq i64 %16, 10 %18 = or i1 %17, %15 br i1 %18, label %21, label %19 br i1 %17, label %31, label %22 %23 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 7 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 262144 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %28) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ 0, %23 ], [ %100, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ %16, %23 ], [ %103, %124 ] %32 = icmp ne i64 %31, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %31, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #78 switch i32 %40, label %129 [ i32 0, label %41 i32 -22, label %134 ] %135 = phi i64 [ %31, %70 ], [ %31, %56 ], [ %31, %55 ], [ %16, %2 ], [ %130, %129 ], [ %31, %36 ] %136 = phi i64 [ %30, %70 ], [ %30, %56 ], [ %30, %55 ], [ %17, %2 ], [ %131, %129 ], [ %30, %36 ] %137 = phi i32 [ 0, %70 ], [ 0, %56 ], [ 0, %55 ], [ 0, %2 ], [ %132, %129 ], [ 0, %36 ] %138 = phi i64 [ %29, %70 ], [ %29, %56 ], [ %29, %55 ], [ 0, %2 ], [ %133, %129 ], [ %29, %36 ] %139 = shl i64 %135, 12 %140 = add i64 %139, %136 store i64 %140, i64* %10, align 8 %141 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 7 %142 = load i32, i32* %141, align 8 %143 = and i32 %142, 262144 %144 = icmp eq i32 %143, 0 br i1 %144, label %145, label %147 %146 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 1 tail call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path*)*)(%struct.path* %146) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 1 call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path.154739*)*)(%struct.path.154739* %91) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 1 call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path.154739*)*)(%struct.path.154739* %91) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read 2 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*, i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.155109*, i64*, %struct.pipe_inode_info.155195*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273585*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*)(%struct.file.273585* %0, i64* %1, %struct.pipe_inode_info.273524* %2, i64 %3, i32 %4) #78 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 %83 = trunc i64 %82 to i32 %84 = icmp sgt i32 %83, 0 br i1 %84, label %85, label %92 %86 = load i64, i64* %70, align 8 store i64 %86, i64* %1, align 8 %87 = load i32, i32* %13, align 8 %88 = and i32 %87, 262144 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %98 %91 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 1 call void bitcast (void (%struct.path.150212*)* @touch_atime to void (%struct.path.154739*)*)(%struct.path.154739* %91) #78 Function:touch_atime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 0 %4 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %3, align 8 %5 = getelementptr inbounds %struct.path.150212, %struct.path.150212* %0, i64 0, i32 1 %6 = load %struct.dentry.150593*, %struct.dentry.150593** %5, align 8 %7 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %6, i64 0, i32 5 %8 = load %struct.inode.150604*, %struct.inode.150604** %7, align 8 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.150212* %0, %struct.inode.150604* %8) #78 br i1 %10, label %11, label %63 %12 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 8 %13 = load %struct.super_block.150588*, %struct.super_block.150588** %12, align 8 %14 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.percpu_rw_semaphore.150579, %struct.percpu_rw_semaphore.150579* %14, i64 0, i32 0, i32 0 %16 = load volatile i32, i32* %15, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21, !prof !5, !misexpect !6 %19 = getelementptr %struct.super_block.150588, %struct.super_block.150588* %13, i64 0, i32 27, i32 2, i64 0, i32 1 %20 = load i32*, i32** %19, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %23 %24 = tail call i32 bitcast (i32 (%struct.vfsmount*)* @__mnt_want_write to i32 (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %49 %27 = tail call { i64, i64 } @current_time(%struct.inode.150604* %8) #78 %28 = extractvalue { i64, i64 } %27, 0 %29 = extractvalue { i64, i64 } %27, 1 %30 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %28, i64* %30, align 8 %31 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %8, i64 0, i32 7 %33 = load %struct.inode_operations.150599*, %struct.inode_operations.150599** %32, align 8 %34 = getelementptr inbounds %struct.inode_operations.150599, %struct.inode_operations.150599* %33, i64 0, i32 17 %35 = load i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)*, i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)** %34, align 8 %36 = icmp eq i32 (%struct.inode.150604*, %struct.cpu_itimer*, i32)* %35, null br i1 %36, label %39, label %37 %38 = call i32 %35(%struct.inode.150604* %8, %struct.cpu_itimer* nonnull %2, i32 1) #79 br label %48 call void bitcast (void (%struct.vfsmount*)* @__mnt_drop_write to void (%struct.vfsmount.150589*)*)(%struct.vfsmount.150589* %4) #79 ------------- Good: 35 Bad: 10 Ignored: 64 Check Use of Function:ieee80211_xmit_fast_finish Check Use of Function:__sta_info_destroy Check Use of Function:cpus_read_unlock Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #78 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %5, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 38 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 64 switch i32 %0, label %20 [ i32 1, label %10 i32 2, label %15 i32 0, label %21 ], !prof !5 %11 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 11, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 16 %14 = icmp eq i32 %13, 0 br i1 %14, label %93, label %34 %35 = phi i1 [ false, %31 ], [ true, %10 ] %36 = phi void (i8*)* [ %27, %31 ], [ @ipi_sync_core, %10 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %37 = icmp slt i32 %1, 0 br i1 %37, label %59, label %38 tail call void @cpus_read_lock() #78 %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ugt i32 %39, %1 br i1 %40, label %41, label %92 %42 = zext i32 %1 to i64 %43 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %42) #6, !srcloc !8 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %92, label %46 call void @cpus_read_unlock() #78 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #78 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %5, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 38 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 64 switch i32 %0, label %20 [ i32 1, label %10 i32 2, label %15 i32 0, label %21 ], !prof !5 %11 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 11, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 16 %14 = icmp eq i32 %13, 0 br i1 %14, label %93, label %34 %35 = phi i1 [ false, %31 ], [ true, %10 ] %36 = phi void (i8*)* [ %27, %31 ], [ @ipi_sync_core, %10 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %37 = icmp slt i32 %1, 0 br i1 %37, label %59, label %38 tail call void @cpus_read_lock() #78 %39 = load i32, i32* @nr_cpu_ids, align 4 %40 = icmp ugt i32 %39, %1 br i1 %40, label %41, label %92 %42 = zext i32 %1 to i64 %43 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %42) #6, !srcloc !8 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %92, label %46 call void @cpus_read_unlock() #78 ------------- Good: 92 Bad: 2 Ignored: 0 Check Use of Function:cpus_read_lock Use: =BAD PATH= Call Stack: 0 cpufreq_boost_trigger_state 1 store_boost ------------- Path:  Function:store_boost %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.29.58999, i64 0, i64 0), i32* nonnull %5) #78 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = icmp ugt i32 %9, 1 %11 = or i1 %8, %10 br i1 %11, label %20, label %12 %13 = call i32 @cpufreq_boost_trigger_state(i32 %9) #78 Function:cpufreq_boost_trigger_state %2 = load %struct.cpufreq_driver*, %struct.cpufreq_driver** @cpufreq_driver, align 8 %3 = getelementptr inbounds %struct.cpufreq_driver, %struct.cpufreq_driver* %2, i64 0, i32 21 %4 = load i8, i8* %3, align 8, !range !4 %5 = zext i8 %4 to i32 %6 = icmp eq i32 %5, %0 br i1 %6, label %41, label %7 %8 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* nonnull @cpufreq_driver_lock) #78 %9 = icmp ne i32 %0, 0 %10 = load %struct.cpufreq_driver*, %struct.cpufreq_driver** @cpufreq_driver, align 8 %11 = getelementptr inbounds %struct.cpufreq_driver, %struct.cpufreq_driver* %10, i64 0, i32 21 %12 = zext i1 %9 to i8 store i8 %12, i8* %11, align 8 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* nonnull @cpufreq_driver_lock, i64 %8) #78 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 __kmem_cache_shrink 1 kmem_cache_shrink 2 shrink_store ------------- Path:  Function:shrink_store %4 = load i8, i8* %1, align 1 %5 = icmp eq i8 %4, 49 br i1 %5, label %6, label %8 %7 = tail call i32 @kmem_cache_shrink(%struct.kmem_cache* %0) #78 Function:kmem_cache_shrink %2 = tail call i32 @__kmem_cache_shrink(%struct.kmem_cache* %0) #78 Function:__kmem_cache_shrink %2 = alloca %struct.list_head, align 8 %3 = alloca [32 x %struct.list_head], align 16 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpu_partial_store ------------- Path:  Function:cpu_partial_store %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %6 = call i32 @kstrtouint(i8* %1, i32 10, i32* nonnull %4) #78 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i32, i32* %4, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %19, label %13 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @slub_debug_enabled to %struct.static_key*), i32 2, i8* blockaddress(@cpu_partial_store, %14)) #6 to label %19 [label %14], !srcloc !4 %20 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 7 store i32 %11, i32* %20, align 4 call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_partition_write ------------- Path:  Function:sched_partition_write %5 = tail call %struct.cgroup_subsys_state* @of_css(%struct.kernfs_open_file* %0) #78 %6 = bitcast %struct.cgroup_subsys_state* %5 to %struct.cpuset* %7 = tail call i8* @strim(i8* %1) #78 %8 = tail call i32 @strcmp(i8* %7, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.12.10593, i64 0, i64 0)) #79 %9 = icmp eq i32 %8, 0 br i1 %9, label %13, label %10 %11 = tail call i32 @strcmp(i8* %7, i8* dereferenceable(7) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.13.10594, i64 0, i64 0)) #79 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %77 %14 = phi i32 [ 1, %4 ], [ 0, %10 ] %15 = getelementptr inbounds %struct.cgroup_subsys_state, %struct.cgroup_subsys_state* %5, i64 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %31 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_u64 ------------- Path:  Function:cpuset_write_u64 %4 = bitcast %struct.cgroup_subsys_state* %0 to %struct.cpuset* %5 = getelementptr inbounds %struct.cftype, %struct.cftype* %1, i64 0, i32 1 %6 = load i64, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_u64 ------------- Path:  Function:cpuset_write_u64 %4 = bitcast %struct.cgroup_subsys_state* %0 to %struct.cpuset* %5 = getelementptr inbounds %struct.cftype, %struct.cftype* %1, i64 0, i32 1 %6 = load i64, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_u64 ------------- Path:  Function:cpuset_write_u64 %4 = bitcast %struct.cgroup_subsys_state* %0 to %struct.cpuset* %5 = getelementptr inbounds %struct.cftype, %struct.cftype* %1, i64 0, i32 1 %6 = load i64, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_u64 ------------- Path:  Function:cpuset_write_u64 %4 = bitcast %struct.cgroup_subsys_state* %0 to %struct.cpuset* %5 = getelementptr inbounds %struct.cftype, %struct.cftype* %1, i64 0, i32 1 %6 = load i64, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_u64 ------------- Path:  Function:cpuset_write_u64 %4 = bitcast %struct.cgroup_subsys_state* %0 to %struct.cpuset* %5 = getelementptr inbounds %struct.cftype, %struct.cftype* %1, i64 0, i32 1 %6 = load i64, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_u64 ------------- Path:  Function:cpuset_write_u64 %4 = bitcast %struct.cgroup_subsys_state* %0 to %struct.cpuset* %5 = getelementptr inbounds %struct.cftype, %struct.cftype* %1, i64 0, i32 1 %6 = load i64, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_u64 ------------- Path:  Function:cpuset_write_u64 %4 = bitcast %struct.cgroup_subsys_state* %0 to %struct.cpuset* %5 = getelementptr inbounds %struct.cftype, %struct.cftype* %1, i64 0, i32 1 %6 = load i64, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_u64 ------------- Path:  Function:cpuset_write_u64 %4 = bitcast %struct.cgroup_subsys_state* %0 to %struct.cpuset* %5 = getelementptr inbounds %struct.cftype, %struct.cftype* %1, i64 0, i32 1 %6 = load i64, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 cpuset_write_s64 ------------- Path:  Function:cpuset_write_s64 %4 = getelementptr inbounds %struct.cftype, %struct.cftype* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_adjtimex 2 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #78 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %97 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %96, label %85 br label %98 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #79 call void @add_device_randomness(i8* nonnull %7, i64 16) #78 %99 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %100 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %101 = add i32 %100, 1 store i32 %101, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %102 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %102, i32* %4, align 4 %103 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #78 %104 = load i32, i32* %4, align 4 %105 = icmp eq i32 %104, %102 br i1 %105, label %111, label %106 %112 = phi i8 [ 0, %98 ], [ 1, %106 ] %113 = call i64 @ntp_get_next_leap() #78 store i64 %113, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 11), align 8 %114 = icmp eq i64 %113, 9223372036854775807 br i1 %114, label %118, label %115 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %119 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %120 = add i32 %119, 1 store i32 %120, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %99) #78 %121 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %122 = inttoptr i64 %121 to %struct.task_struct* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %122, i64 0, i32 105 %124 = load %struct.audit_context*, %struct.audit_context** %123, align 64 %125 = icmp eq %struct.audit_context* %124, null br i1 %125, label %131, label %126 %132 = load i32, i32* %9, align 8 %133 = and i32 %132, 16386 %134 = icmp eq i32 %133, 0 br i1 %134, label %139, label %135 %140 = phi i8 [ %138, %135 ], [ %112, %131 ] %141 = and i8 %140, 1 %142 = icmp eq i8 %141, 0 br i1 %142, label %144, label %143 call void @clock_was_set(i32 0) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_adjtimex 2 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %97 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %96, label %85 br label %98 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #79 call void @add_device_randomness(i8* nonnull %7, i64 16) #78 %99 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %100 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %101 = add i32 %100, 1 store i32 %101, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %102 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %102, i32* %4, align 4 %103 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #78 %104 = load i32, i32* %4, align 4 %105 = icmp eq i32 %104, %102 br i1 %105, label %111, label %106 %112 = phi i8 [ 0, %98 ], [ 1, %106 ] %113 = call i64 @ntp_get_next_leap() #78 store i64 %113, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 11), align 8 %114 = icmp eq i64 %113, 9223372036854775807 br i1 %114, label %118, label %115 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %119 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %120 = add i32 %119, 1 store i32 %120, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %99) #78 %121 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %122 = inttoptr i64 %121 to %struct.task_struct* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %122, i64 0, i32 105 %124 = load %struct.audit_context*, %struct.audit_context** %123, align 64 %125 = icmp eq %struct.audit_context* %124, null br i1 %125, label %131, label %126 %132 = load i32, i32* %9, align 8 %133 = and i32 %132, 16386 %134 = icmp eq i32 %133, 0 br i1 %134, label %139, label %135 %140 = phi i8 [ %138, %135 ], [ %112, %131 ] %141 = and i8 %140, 1 %142 = icmp eq i8 %141, 0 br i1 %142, label %144, label %143 call void @clock_was_set(i32 0) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %97 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %96, label %85 br label %98 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #79 call void @add_device_randomness(i8* nonnull %7, i64 16) #78 %99 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %100 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %101 = add i32 %100, 1 store i32 %101, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %102 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %102, i32* %4, align 4 %103 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #78 %104 = load i32, i32* %4, align 4 %105 = icmp eq i32 %104, %102 br i1 %105, label %111, label %106 %112 = phi i8 [ 0, %98 ], [ 1, %106 ] %113 = call i64 @ntp_get_next_leap() #78 store i64 %113, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 11), align 8 %114 = icmp eq i64 %113, 9223372036854775807 br i1 %114, label %118, label %115 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %119 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %120 = add i32 %119, 1 store i32 %120, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %99) #78 %121 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %122 = inttoptr i64 %121 to %struct.task_struct* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %122, i64 0, i32 105 %124 = load %struct.audit_context*, %struct.audit_context** %123, align 64 %125 = icmp eq %struct.audit_context* %124, null br i1 %125, label %131, label %126 %132 = load i32, i32* %9, align 8 %133 = and i32 %132, 16386 %134 = icmp eq i32 %133, 0 br i1 %134, label %139, label %135 %140 = phi i8 [ %138, %135 ], [ %112, %131 ] %141 = and i8 %140, 1 %142 = icmp eq i8 %141, 0 br i1 %142, label %144, label %143 call void @clock_was_set(i32 0) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_adjtimex 2 __se_sys_adjtimex_time32 3 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #78 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #78 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.cpu_itimer, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #78 br i1 %26, label %27, label %145 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %145, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #78 br i1 %41, label %42, label %145 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %145, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %145, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %145, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #78 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %98, label %68 %69 = bitcast %struct.cpu_itimer* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %5) #79 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %97 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %96, label %85 br label %98 call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %3) #79 call void @add_device_randomness(i8* nonnull %7, i64 16) #78 %99 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %100 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %101 = add i32 %100, 1 store i32 %101, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %102 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %102, i32* %4, align 4 %103 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.cpu_itimer* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #78 %104 = load i32, i32* %4, align 4 %105 = icmp eq i32 %104, %102 br i1 %105, label %111, label %106 %112 = phi i8 [ 0, %98 ], [ 1, %106 ] %113 = call i64 @ntp_get_next_leap() #78 store i64 %113, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 11), align 8 %114 = icmp eq i64 %113, 9223372036854775807 br i1 %114, label %118, label %115 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %119 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %120 = add i32 %119, 1 store i32 %120, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %99) #78 %121 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %122 = inttoptr i64 %121 to %struct.task_struct* %123 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %122, i64 0, i32 105 %124 = load %struct.audit_context*, %struct.audit_context** %123, align 64 %125 = icmp eq %struct.audit_context* %124, null br i1 %125, label %131, label %126 %132 = load i32, i32* %9, align 8 %133 = and i32 %132, 16386 %134 = icmp eq i32 %133, 0 br i1 %134, label %139, label %135 %140 = phi i8 [ %138, %135 ], [ %112, %131 ] %141 = and i8 %140, 1 %142 = icmp eq i8 %141, 0 br i1 %142, label %144, label %143 call void @clock_was_set(i32 0) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 timekeeping_inject_offset 2 timekeeping_warp_clock 3 __se_sys_settimeofday 4 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %168, label %91 %169 = phi i32 [ 0, %155 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1), i32 7) #79 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %170 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %171 = add i32 %170, 1 store i32 %171, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %9) #78 call void @clock_was_set(i32 170) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 timekeeping_inject_offset 2 timekeeping_warp_clock 3 __se_sys_settimeofday 4 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #78 Function:__se_sys_settimeofday %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca i64, align 8 %5 = inttoptr i64 %0 to %struct.cpu_itimer* %6 = bitcast i64* %4 to %struct.util_est* %7 = bitcast %struct.cpu_itimer* %3 to i8* %8 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %9 = icmp eq i64 %0, 0 br i1 %9, label %36, label %10 %12 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 %13 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 8, i64 %11) #6, !srcloc !4 %14 = extractvalue { i64*, i64, i64 } %13, 0 %15 = extractvalue { i64*, i64, i64 } %13, 1 %16 = extractvalue { i64*, i64, i64 } %13, 2 %17 = ptrtoint i64* %14 to i64 %18 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 store i64 %15, i64* %18, align 8 %19 = and i64 %17, 4294967295 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %77, !prof !5, !misexpect !6 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %22) #6, !srcloc !7 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 %29 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 store i64 %26, i64* %29, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %77, !prof !5, !misexpect !6 %33 = icmp ugt i64 %26, 1000000 br i1 %33, label %77, label %34 %35 = mul nuw nsw i64 %26, 1000 store i64 %35, i64* %29, align 8 br label %36 %37 = icmp eq i64 %1, 0 br i1 %37, label %42, label %38 %39 = inttoptr i64 %1 to i8* %40 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %39, i64 8) #78 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %77 %43 = phi %struct.util_est* [ null, %36 ], [ %6, %38 ] %44 = select i1 %9, %struct.cpu_itimer* null, %struct.cpu_itimer* %3 br i1 %9, label %55, label %45 %46 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %47 = load i64, i64* %46, align 8 %48 = icmp slt i64 %47, 0 br i1 %48, label %74, label %49 %50 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, 1000000000 %53 = icmp ult i64 %47, 8277292036 %54 = and i1 %53, %52 br i1 %54, label %55, label %74 %56 = call i32 @security_settime64(%struct.cpu_itimer* %44, %struct.util_est* %43) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %74 %59 = icmp eq %struct.util_est* %43, null br i1 %59, label %71, label %60 %61 = getelementptr inbounds %struct.util_est, %struct.util_est* %43, i64 0, i32 0 %62 = load i32, i32* %61, align 4 %63 = add i32 %62, 900 %64 = icmp ugt i32 %63, 1800 br i1 %64, label %74, label %65 %66 = bitcast %struct.util_est* %43 to i64* %67 = load i64, i64* %66, align 4 store i64 %67, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %68 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %68, label %71, label %69 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %70, label %72 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %168, label %91 %169 = phi i32 [ 0, %155 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1), i32 7) #79 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %170 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %171 = add i32 %170, 1 store i32 %171, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %9) #78 call void @clock_was_set(i32 170) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 timekeeping_inject_offset 2 timekeeping_warp_clock 3 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to %struct.util_est* %11 = bitcast i64* %3 to %struct.util_est* %12 = bitcast %struct.cpu_itimer* %2 to i8* %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = icmp eq i64 %6, 0 br i1 %14, label %43, label %15 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %18 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %17, i64 4, i64 %16) #6, !srcloc !4 %19 = extractvalue { i32*, i32, i64 } %18, 0 %20 = extractvalue { i32*, i32, i64 } %18, 1 %21 = extractvalue { i32*, i32, i64 } %18, 2 %22 = ptrtoint i32* %19 to i64 %23 = sext i32 %20 to i64 %24 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %23, i64* %24, align 8 %25 = and i64 %22, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %84, !prof !5, !misexpect !6 %29 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %30 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %29, i64 4, i64 %28) #6, !srcloc !7 %31 = extractvalue { i32*, i32, i64 } %30, 0 %32 = extractvalue { i32*, i32, i64 } %30, 1 %33 = extractvalue { i32*, i32, i64 } %30, 2 %34 = ptrtoint i32* %31 to i64 %35 = sext i32 %32 to i64 %36 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 %35, i64* %36, align 8 %37 = and i64 %34, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %84, !prof !5, !misexpect !6 %40 = icmp ugt i32 %32, 1000000 br i1 %40, label %84, label %41 %42 = mul nsw i64 %35, 1000 store i64 %42, i64* %36, align 8 br label %43 %44 = icmp eq i64 %9, 0 br i1 %44, label %49, label %45 %46 = inttoptr i64 %9 to i8* %47 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %46, i64 8) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %84 %50 = phi %struct.util_est* [ null, %43 ], [ %11, %45 ] %51 = select i1 %14, %struct.cpu_itimer* null, %struct.cpu_itimer* %2 br i1 %14, label %62, label %52 %53 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 %54 = load i64, i64* %53, align 8 %55 = icmp slt i64 %54, 0 br i1 %55, label %81, label %56 %57 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 %58 = load i64, i64* %57, align 8 %59 = icmp ult i64 %58, 1000000000 %60 = icmp ult i64 %54, 8277292036 %61 = and i1 %60, %59 br i1 %61, label %62, label %81 %63 = call i32 @security_settime64(%struct.cpu_itimer* %51, %struct.util_est* %50) #78 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %81 %66 = icmp eq %struct.util_est* %50, null br i1 %66, label %78, label %67 %68 = getelementptr inbounds %struct.util_est, %struct.util_est* %50, i64 0, i32 0 %69 = load i32, i32* %68, align 4 %70 = add i32 %69, 900 %71 = icmp ugt i32 %70, 1800 br i1 %71, label %81, label %72 %73 = bitcast %struct.util_est* %50 to i64* %74 = load i64, i64* %73, align 4 store i64 %74, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #78 %75 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %75, label %78, label %76 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %14, label %77, label %79 call void @timekeeping_warp_clock() #78 Function:timekeeping_warp_clock %1 = alloca %struct.cpu_itimer, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.cpu_itimer* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.cpu_itimer* nonnull %1) #78 Function:timekeeping_inject_offset %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %6 = load i64, i64* %5, align 8 %7 = icmp ugt i64 %6, 999999999 br i1 %7, label %172, label %8 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %10 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %11 = add i32 %10, 1 store i32 %11, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %13 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.86638* %12) #78 %16 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %8 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %5, align 8 %69 = bitcast %struct.cpu_itimer* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %70, i64 %71) #78 %72 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %168, label %91 %169 = phi i32 [ 0, %155 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1), i32 7) #79 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %170 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %171 = add i32 %170, 1 store i32 %171, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %9) #78 call void @clock_was_set(i32 170) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_settimeofday64 2 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %24, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %18 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %135, label %88 %136 = phi i1 [ true, %117 ], [ false, %88 ], [ false, %86 ] %137 = phi i32 [ 0, %117 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1), i32 7) #79 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %138 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %139 = add i32 %138, 1 store i32 %139, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %15) #78 call void @clock_was_set(i32 170) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_settimeofday64 2 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %9) #6, !srcloc !4 %11 = extractvalue { i64*, i64, i64 } %10, 0 %12 = extractvalue { i64*, i64, i64 } %10, 1 %13 = extractvalue { i64*, i64, i64 } %10, 2 %14 = ptrtoint i64* %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %12, i64* %15, align 8 %16 = and i64 %14, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %135, label %88 %136 = phi i1 [ true, %117 ], [ false, %88 ], [ false, %86 ] %137 = phi i32 [ 0, %117 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1), i32 7) #79 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %138 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %139 = add i32 %138, 1 store i32 %139, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %15) #78 call void @clock_was_set(i32 170) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_settimeofday64 2 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.cpu_itimer* %2 to i8* %7 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %7, align 8 %9 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i32, i64 } %9, 0 %11 = extractvalue { i32*, i32, i64 } %9, 1 %12 = extractvalue { i32*, i32, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = sext i32 %11 to i64 %15 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %25, !prof !5, !misexpect !6 store i64 0, i64* %7, align 8 %19 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %135, label %88 %136 = phi i1 [ true, %117 ], [ false, %88 ], [ false, %86 ] %137 = phi i32 [ 0, %117 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1), i32 7) #79 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %138 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %139 = add i32 %138, 1 store i32 %139, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %15) #78 call void @clock_was_set(i32 170) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 clock_was_set 1 do_settimeofday64 2 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.cpu_itimer* %2 to i8* %8 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 1 store i64 0, i64* %8, align 8 %10 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %9) #6, !srcloc !4 %11 = extractvalue { i32*, i32, i64 } %10, 0 %12 = extractvalue { i32*, i32, i64 } %10, 1 %13 = extractvalue { i32*, i32, i64 } %10, 2 %14 = ptrtoint i32* %11 to i64 %15 = sext i32 %12 to i64 %16 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %2, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = and i64 %14, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %26, !prof !5, !misexpect !6 store i64 0, i64* %8, align 8 %20 = call i32 @security_settime64(%struct.cpu_itimer* nonnull %2, %struct.util_est* null) #78 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.cpu_itimer* nonnull %2) #78 Function:do_settimeofday64 %2 = alloca %struct.cpu_itimer, align 8 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, 0 br i1 %7, label %156, label %8 %9 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %0, i64 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000000 %12 = icmp ult i64 %6, 8277292036 %13 = and i1 %12, %11 br i1 %13, label %14, label %156 %15 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #78 %16 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %17 = add i32 %16, 1 store i32 %17, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile %struct.clocksource.86638*, %struct.clocksource.86638** getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 0), align 8 %19 = getelementptr inbounds %struct.clocksource.86638, %struct.clocksource.86638* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.86638*)*, i64 (%struct.clocksource.86638*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.86638* %18) #78 %22 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %14 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %5, align 8 %73 = load i64, i64* %9, align 8 %74 = bitcast %struct.cpu_itimer* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.cpu_itimer* nonnull %3, i64 %75, i64 %76) #78 %77 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %135, label %88 %136 = phi i1 [ true, %117 ], [ false, %88 ], [ false, %86 ] %137 = phi i32 [ 0, %117 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 1), i32 7) #79 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %138 = load i32, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 %139 = add i32 %138, 1 store i32 %139, i32* getelementptr inbounds (%struct.anon.78, %struct.anon.78* @tk_core, i64 0, i32 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %15) #78 call void @clock_was_set(i32 170) #78 Function:clock_was_set %2 = alloca [1 x %struct.cpumask], align 8 %3 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %4 = inttoptr i64 %3 to %struct.hrtimer_cpu_base* %5 = bitcast [1 x %struct.cpumask]* %2 to i8* %6 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %6, align 8 %7 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %4, i64 0, i32 4 %8 = load i8, i8* %7, align 16 %9 = and i8 %8, 1 %10 = icmp ne i8 %9, 0 %11 = load i64, i64* @tick_nohz_active, align 8 %12 = icmp ne i64 %11, 0 %13 = or i1 %10, %12 br i1 %13, label %14, label %96 store i64 0, i64* %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #78 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %5, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 38 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 64 switch i32 %0, label %20 [ i32 1, label %10 i32 2, label %15 i32 0, label %21 ], !prof !5 %11 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 11, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 16 %14 = icmp eq i32 %13, 0 br i1 %14, label %93, label %34 %35 = phi i1 [ false, %31 ], [ true, %10 ] %36 = phi void (i8*)* [ %27, %31 ], [ @ipi_sync_core, %10 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %37 = icmp slt i32 %1, 0 br i1 %37, label %59, label %38 store i64 0, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #78 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %5, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 38 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 64 switch i32 %0, label %20 [ i32 1, label %10 i32 2, label %15 i32 0, label %21 ], !prof !5 %11 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 11, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 16 %14 = icmp eq i32 %13, 0 br i1 %14, label %93, label %34 %35 = phi i1 [ false, %31 ], [ true, %10 ] %36 = phi void (i8*)* [ %27, %31 ], [ @ipi_sync_core, %10 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %37 = icmp slt i32 %1, 0 br i1 %37, label %59, label %38 store i64 0, i64* %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #78 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %5, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 38 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 64 switch i32 %0, label %20 [ i32 1, label %10 i32 2, label %15 i32 0, label %21 ], !prof !5 %11 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 11, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 16 %14 = icmp eq i32 %13, 0 br i1 %14, label %93, label %34 %35 = phi i1 [ false, %31 ], [ true, %10 ] %36 = phi void (i8*)* [ %27, %31 ], [ @ipi_sync_core, %10 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %37 = icmp slt i32 %1, 0 br i1 %37, label %59, label %38 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %86 = tail call fastcc i32 @membarrier_private_expedited(i32 1, i32 -1) #78 Function:membarrier_private_expedited %3 = alloca [1 x %struct.cpumask], align 8 %4 = bitcast [1 x %struct.cpumask]* %3 to i8* %5 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %5, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 38 %9 = load %struct.mm_struct*, %struct.mm_struct** %8, align 64 switch i32 %0, label %20 [ i32 1, label %10 i32 2, label %15 i32 0, label %21 ], !prof !5 %11 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %9, i64 0, i32 0, i32 11, i32 0 %12 = load volatile i32, i32* %11, align 4 %13 = and i32 %12, 16 %14 = icmp eq i32 %13, 0 br i1 %14, label %93, label %34 %35 = phi i1 [ false, %31 ], [ true, %10 ] %36 = phi void (i8*)* [ %27, %31 ], [ @ipi_sync_core, %10 ] tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %37 = icmp slt i32 %1, 0 br i1 %37, label %59, label %38 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %25 = bitcast [1 x %struct.cpumask]* %4 to i8* %26 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %26, align 8 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 1 br i1 %28, label %61, label %29 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store i64 0, i64* %26, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_membarrier %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = icmp eq i32 %5, 128 br i1 %8, label %9, label %16 %17 = icmp eq i32 %6, 0 br i1 %17, label %18, label %108, !prof !6, !misexpect !5 switch i32 %5, label %108 [ i32 0, label %19 i32 1, label %20 i32 2, label %24 i32 4, label %62 i32 8, label %72 i32 16, label %75 i32 32, label %85 i32 64, label %88 i32 256, label %98 ] %25 = bitcast [1 x %struct.cpumask]* %4 to i8* %26 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %26, align 8 %27 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %28 = icmp eq i32 %27, 1 br i1 %28, label %61, label %29 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 store i64 0, i64* %26, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 wq_pool_ids_show ------------- Path:  Function:wq_pool_ids_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %5 = bitcast i32* %4 to %struct.workqueue_struct** %6 = load %struct.workqueue_struct*, %struct.workqueue_struct** %5, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 wq_nice_store ------------- Path:  Function:wq_nice_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %6 = bitcast i32* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 wq_cpumask_store ------------- Path:  Function:wq_cpumask_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %6 = bitcast i32* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 wq_numa_store ------------- Path:  Function:wq_numa_store %5 = alloca i32, align 4 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 37 %7 = bitcast i32* %6 to %struct.workqueue_struct** %8 = load %struct.workqueue_struct*, %struct.workqueue_struct** %7, align 8 %9 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 workqueue_set_unbound_cpumask 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = call i32 @bitmap_parse(i8* %2, i32 -1, i64* nonnull %7, i32 64) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %13 %11 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %12 = call i32 @workqueue_set_unbound_cpumask(%struct.cpumask* nonnull %11) #79 Function:workqueue_set_unbound_cpumask %2 = alloca %struct.list_head, align 8 %3 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %4 = load i64, i64* %3, align 8 %5 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %6 = and i64 %5, %4 store i64 %6, i64* %3, align 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %69, label %8 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 set_sysctl_tfa ------------- Path:  Function:set_sysctl_tfa %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = call i32 @kstrtobool(i8* %2, i8* nonnull %5) #78 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i8, i8* %5, align 1, !range !4 %12 = load i8, i8* @allow_tsx_force_abort, align 1, !range !4 %13 = icmp eq i8 %11, %12 br i1 %13, label %15, label %14 store i8 %11, i8* @allow_tsx_force_abort, align 1 call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %12 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #78 %13 = trunc i64 %12 to i32 %14 = icmp slt i32 %13, 0 br i1 %14, label %15, label %18 %19 = call i64 @strlen(i8* nonnull %8) #79 %20 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %19 %21 = getelementptr i8, i8* %20, i64 -1 store i8* %21, i8** %5, align 8 %22 = icmp eq i64 %19, 0 br i1 %22, label %27, label %23 %28 = bitcast [80 x i8]* %6 to i64* %29 = load i64, i64* %28, align 16 %30 = icmp eq i64 %29, 4424061378758928740 br i1 %30, label %31, label %39 %32 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 8 %33 = call i64 @simple_strtoul(i8* %32, i8** nonnull %5, i32 0) #78 %34 = trunc i64 %33 to i32 %35 = call i32 @mtrr_del_page(i32 %34, i64 0, i64 0) #78 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 store i8 0, i8* %5, align 1 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 store i8 0, i8* %4, align 1 %9 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %10 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* %14 = bitcast %struct.efi_table_hdr_t* %8 to i8* switch i32 %1, label %303 [ i32 1074810112, label %15 i32 1074810113, label %15 i32 1074810114, label %15 i32 1074810116, label %15 i32 1074810117, label %15 i32 1074810118, label %15 i32 1074810119, label %15 i32 1074810121, label %15 i32 -1072149245, label %18 i32 -1072149240, label %18 i32 1074547968, label %21 i32 1074547969, label %21 i32 1074547970, label %21 i32 1074547972, label %21 i32 1074547973, label %21 i32 1074547974, label %21 i32 1074547975, label %21 i32 1074547977, label %21 i32 -1072673533, label %54 i32 -1072673528, label %54 ] %16 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %96, label %303 switch i32 %1, label %303 [ i32 1074810112, label %97 i32 1074547968, label %97 i32 1074810113, label %106 i32 1074547969, label %106 i32 1074810114, label %115 i32 1074547970, label %115 i32 1074810116, label %144 i32 1074547972, label %144 i32 -1072149245, label %151 i32 -1072673533, label %151 i32 1074810117, label %179 i32 1074547973, label %179 i32 1074810118, label %188 i32 1074547974, label %188 i32 1074810119, label %197 i32 1074547975, label %197 i32 1074810121, label %220 i32 1074547977, label %220 i32 -1072149240, label %227 i32 -1072673528, label %227 ] %221 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %222 = load i64, i64* %221, align 8 %223 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %224 = load i32, i32* %223, align 8 %225 = zext i32 %224 to i64 %226 = call i32 @mtrr_del_page(i32 -1, i64 %222, i64 %225) #78 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 store i8 0, i8* %5, align 1 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 store i8 0, i8* %4, align 1 %9 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %10 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* %14 = bitcast %struct.efi_table_hdr_t* %8 to i8* switch i32 %1, label %303 [ i32 1074810112, label %15 i32 1074810113, label %15 i32 1074810114, label %15 i32 1074810116, label %15 i32 1074810117, label %15 i32 1074810118, label %15 i32 1074810119, label %15 i32 1074810121, label %15 i32 -1072149245, label %18 i32 -1072149240, label %18 i32 1074547968, label %21 i32 1074547969, label %21 i32 1074547970, label %21 i32 1074547972, label %21 i32 1074547973, label %21 i32 1074547974, label %21 i32 1074547975, label %21 i32 1074547977, label %21 i32 -1072673533, label %54 i32 -1072673528, label %54 ] %16 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %96, label %303 switch i32 %1, label %303 [ i32 1074810112, label %97 i32 1074547968, label %97 i32 1074810113, label %106 i32 1074547969, label %106 i32 1074810114, label %115 i32 1074547970, label %115 i32 1074810116, label %144 i32 1074547972, label %144 i32 -1072149245, label %151 i32 -1072673533, label %151 i32 1074810117, label %179 i32 1074547973, label %179 i32 1074810118, label %188 i32 1074547974, label %188 i32 1074810119, label %197 i32 1074547975, label %197 i32 1074810121, label %220 i32 1074547977, label %220 i32 -1072149240, label %227 i32 -1072673528, label %227 ] %221 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %222 = load i64, i64* %221, align 8 %223 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %224 = load i32, i32* %223, align 8 %225 = zext i32 %224 to i64 %226 = call i32 @mtrr_del_page(i32 -1, i64 %222, i64 %225) #78 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 store i8 0, i8* %5, align 1 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_del 2 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file.29775, %struct.file.29775* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.29776** %5 = load %struct.seq_file.29776*, %struct.seq_file.29776** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.29776, %struct.seq_file.29776* %5, i64 0, i32 11 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #78 Function:mtrr_del %4 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %16, label %6 %7 = or i64 %2, %1 %8 = and i64 %7, 4095 %9 = icmp eq i64 %8, 0 br i1 %9, label %12, label %10 %13 = lshr i64 %1, 12 %14 = lshr i64 %2, 12 %15 = tail call i32 @mtrr_del_page(i32 %0, i64 %13, i64 %14) #79 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 store i8 0, i8* %5, align 1 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %63, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_add_page 1 mtrr_write ------------- Path:  Function:mtrr_write %5 = alloca i8*, align 8 %6 = alloca [80 x i8], align 16 %7 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %8 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %9 = icmp ult i64 %2, 79 %10 = select i1 %9, i64 %2, i64 79 %11 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 0 %12 = call i64 @strncpy_from_user(i8* nonnull %8, i8* %1, i64 %10) #78 %13 = trunc i64 %12 to i32 %14 = icmp slt i32 %13, 0 br i1 %14, label %15, label %18 %19 = call i64 @strlen(i8* nonnull %8) #79 %20 = getelementptr [80 x i8], [80 x i8]* %6, i64 0, i64 %19 %21 = getelementptr i8, i8* %20, i64 -1 store i8* %21, i8** %5, align 8 %22 = icmp eq i64 %19, 0 br i1 %22, label %27, label %23 %28 = bitcast [80 x i8]* %6 to i64* %29 = load i64, i64* %28, align 16 %30 = icmp eq i64 %29, 4424061378758928740 br i1 %30, label %31, label %39 %40 = call i32 @bcmp(i8* nonnull dereferenceable(5) %8, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.9.3170, i64 0, i64 0), i64 5) %41 = icmp eq i32 %40, 0 br i1 %41, label %42, label %74 %43 = getelementptr inbounds [80 x i8], [80 x i8]* %6, i64 0, i64 5 %44 = call i64 @simple_strtoull(i8* %43, i8** nonnull %5, i32 0) #78 %45 = load i8*, i8** %5, align 8 %46 = call i8* @skip_spaces(i8* %45) #78 store i8* %46, i8** %5, align 8 %47 = call i32 @strncmp(i8* %46, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.10.3171, i64 0, i64 0), i64 5) #79 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %74 %50 = getelementptr i8, i8* %46, i64 5 %51 = call i64 @simple_strtoull(i8* %50, i8** nonnull %5, i32 0) #78 %52 = or i64 %51, %44 %53 = and i64 %52, 4095 %54 = icmp eq i64 %53, 0 br i1 %54, label %55, label %74 %56 = load i8*, i8** %5, align 8 %57 = call i8* @skip_spaces(i8* %56) #78 store i8* %57, i8** %5, align 8 %58 = call i32 @strncmp(i8* %57, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.11.3172, i64 0, i64 0), i64 5) #79 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %74 %61 = getelementptr i8, i8* %57, i64 5 %62 = call i8* @skip_spaces(i8* %61) #78 store i8* %62, i8** %5, align 8 %63 = call i32 @match_string(i8** getelementptr inbounds ([7 x i8*], [7 x i8*]* @mtrr_strings, i64 0, i64 0), i64 7, i8* %62) #78 %64 = icmp slt i32 %63, 0 br i1 %64, label %65, label %67 %68 = lshr i64 %44, 12 %69 = lshr i64 %51, 12 %70 = call i32 @mtrr_add_page(i64 %68, i64 %69, i32 %63, i1 zeroext true) #78 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %11 = bitcast i64* %8 to i8* store i64 0, i64* %8, align 8 store i8 0, i8* %9, align 1 %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.318968* (i32, %struct.pci_dev.318968*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #78 %28 = icmp eq %struct.pci_dev* %27, null br i1 %28, label %49, label %29 %30 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 7 %31 = load i16, i16* %30, align 4 switch i16 %31, label %48 [ i16 4454, label %32 i16 -32634, label %42 ] %43 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 8 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, -31542 br i1 %45, label %46, label %48 tail call void bitcast (void (%struct.pci_dev.318968*)* @pci_dev_put to void (%struct.pci_dev*)*)(%struct.pci_dev* nonnull %27) #78 br label %49 %50 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %51 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %50, i64 0, i32 7 %52 = load i32 ()*, i32 ()** %51, align 8 %53 = icmp eq i32 ()* %52, null br i1 %53, label %57, label %54 %55 = tail call i32 %52() #78 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i64 %1, 0 br i1 %60, label %61, label %63 %64 = add i64 %0, -1 %65 = add i64 %64, %1 %66 = or i64 %65, %0 %67 = load i8, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 7), align 1 %68 = zext i8 %67 to i64 %69 = add nuw nsw i64 %68, 4294967284 %70 = and i64 %69, 4294967295 %71 = lshr i64 %66, %70 %72 = icmp eq i64 %71, 0 br i1 %72, label %75, label %73 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_add_page 1 mtrr_file_add 2 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 store i8 0, i8* %4, align 1 %9 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %10 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* %14 = bitcast %struct.efi_table_hdr_t* %8 to i8* switch i32 %1, label %303 [ i32 1074810112, label %15 i32 1074810113, label %15 i32 1074810114, label %15 i32 1074810116, label %15 i32 1074810117, label %15 i32 1074810118, label %15 i32 1074810119, label %15 i32 1074810121, label %15 i32 -1072149245, label %18 i32 -1072149240, label %18 i32 1074547968, label %21 i32 1074547969, label %21 i32 1074547970, label %21 i32 1074547972, label %21 i32 1074547973, label %21 i32 1074547974, label %21 i32 1074547975, label %21 i32 1074547977, label %21 i32 -1072673533, label %54 i32 -1072673528, label %54 ] %16 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %96, label %303 switch i32 %1, label %303 [ i32 1074810112, label %97 i32 1074547968, label %97 i32 1074810113, label %106 i32 1074547969, label %106 i32 1074810114, label %115 i32 1074547970, label %115 i32 1074810116, label %144 i32 1074547972, label %144 i32 -1072149245, label %151 i32 -1072673533, label %151 i32 1074810117, label %179 i32 1074547973, label %179 i32 1074810118, label %188 i32 1074547974, label %188 i32 1074810119, label %197 i32 1074547975, label %197 i32 1074810121, label %220 i32 1074547977, label %220 i32 -1072149240, label %227 i32 -1072673528, label %227 ] %180 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %181 = load i64, i64* %180, align 8 %182 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %183 = load i32, i32* %182, align 8 %184 = zext i32 %183 to i64 %185 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %186 = load i32, i32* %185, align 4 %187 = call fastcc i32 @mtrr_file_add(i64 %181, i64 %184, i32 %186, %struct.file.29775* %0, i32 1) #79 Function:mtrr_file_add %6 = getelementptr inbounds %struct.file.29775, %struct.file.29775* %3, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.29776** %8 = load %struct.seq_file.29776*, %struct.seq_file.29776** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.29776, %struct.seq_file.29776* %8, i64 0, i32 11 %10 = bitcast i8** %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = icmp eq i32* %11, null br i1 %12, label %13, label %26 %14 = load i32, i32* @num_var_ranges, align 4 %15 = sext i32 %14 to i64 %17 = extractvalue { i64, i1 } %16, 1 br i1 %17, label %46, label %18, !prof !4, !misexpect !5 %19 = extractvalue { i64, i1 } %16, 0 %20 = tail call noalias align 8 i8* @__kmalloc(i64 %19, i32 3520) #78 %21 = icmp eq i8* %20, null br i1 %21, label %46, label %22 %23 = load %struct.seq_file.29776*, %struct.seq_file.29776** %7, align 8 %24 = bitcast i8* %20 to i32* %25 = getelementptr inbounds %struct.seq_file.29776, %struct.seq_file.29776* %23, i64 0, i32 11 store i8* %20, i8** %25, align 8 br label %26 %27 = phi i32* [ %24, %22 ], [ %11, %5 ] %28 = icmp eq i32 %4, 0 br i1 %28, label %29, label %36 %37 = phi i64 [ %1, %26 ], [ %35, %33 ] %38 = phi i64 [ %0, %26 ], [ %34, %33 ] %39 = tail call i32 @mtrr_add_page(i64 %38, i64 %37, i32 %2, i1 zeroext true) #78 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %11 = bitcast i64* %8 to i8* store i64 0, i64* %8, align 8 store i8 0, i8* %9, align 1 %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.318968* (i32, %struct.pci_dev.318968*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #78 %28 = icmp eq %struct.pci_dev* %27, null br i1 %28, label %49, label %29 %30 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 7 %31 = load i16, i16* %30, align 4 switch i16 %31, label %48 [ i16 4454, label %32 i16 -32634, label %42 ] %43 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 8 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, -31542 br i1 %45, label %46, label %48 tail call void bitcast (void (%struct.pci_dev.318968*)* @pci_dev_put to void (%struct.pci_dev*)*)(%struct.pci_dev* nonnull %27) #78 br label %49 %50 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %51 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %50, i64 0, i32 7 %52 = load i32 ()*, i32 ()** %51, align 8 %53 = icmp eq i32 ()* %52, null br i1 %53, label %57, label %54 %55 = tail call i32 %52() #78 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i64 %1, 0 br i1 %60, label %61, label %63 %64 = add i64 %0, -1 %65 = add i64 %64, %1 %66 = or i64 %65, %0 %67 = load i8, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 7), align 1 %68 = zext i8 %67 to i64 %69 = add nuw nsw i64 %68, 4294967284 %70 = and i64 %69, 4294967295 %71 = lshr i64 %66, %70 %72 = icmp eq i64 %71, 0 br i1 %72, label %75, label %73 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_add_page 1 mtrr_file_add 2 mtrr_ioctl ------------- Path:  Function:mtrr_ioctl %4 = alloca i8, align 1 %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.efi_table_hdr_t, align 8 store i8 0, i8* %4, align 1 %9 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %10 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %11 = bitcast %struct.arch_uprobe_task* %7 to i8* %12 = bitcast %struct.efi_table_hdr_t* %8 to i8* %13 = inttoptr i64 %2 to i8* %14 = bitcast %struct.efi_table_hdr_t* %8 to i8* switch i32 %1, label %303 [ i32 1074810112, label %15 i32 1074810113, label %15 i32 1074810114, label %15 i32 1074810116, label %15 i32 1074810117, label %15 i32 1074810118, label %15 i32 1074810119, label %15 i32 1074810121, label %15 i32 -1072149245, label %18 i32 -1072149240, label %18 i32 1074547968, label %21 i32 1074547969, label %21 i32 1074547970, label %21 i32 1074547972, label %21 i32 1074547973, label %21 i32 1074547974, label %21 i32 1074547975, label %21 i32 1074547977, label %21 i32 -1072673533, label %54 i32 -1072673528, label %54 ] %16 = call i64 @_copy_from_user(i8* nonnull %11, i8* %13, i64 16) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %96, label %303 switch i32 %1, label %303 [ i32 1074810112, label %97 i32 1074547968, label %97 i32 1074810113, label %106 i32 1074547969, label %106 i32 1074810114, label %115 i32 1074547970, label %115 i32 1074810116, label %144 i32 1074547972, label %144 i32 -1072149245, label %151 i32 -1072673533, label %151 i32 1074810117, label %179 i32 1074547973, label %179 i32 1074810118, label %188 i32 1074547974, label %188 i32 1074810119, label %197 i32 1074547975, label %197 i32 1074810121, label %220 i32 1074547977, label %220 i32 -1072149240, label %227 i32 -1072673528, label %227 ] %180 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 0 %181 = load i64, i64* %180, align 8 %182 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 1 %183 = load i32, i32* %182, align 8 %184 = zext i32 %183 to i64 %185 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %7, i64 0, i32 2 %186 = load i32, i32* %185, align 4 %187 = call fastcc i32 @mtrr_file_add(i64 %181, i64 %184, i32 %186, %struct.file.29775* %0, i32 1) #79 Function:mtrr_file_add %6 = getelementptr inbounds %struct.file.29775, %struct.file.29775* %3, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.29776** %8 = load %struct.seq_file.29776*, %struct.seq_file.29776** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.29776, %struct.seq_file.29776* %8, i64 0, i32 11 %10 = bitcast i8** %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = icmp eq i32* %11, null br i1 %12, label %13, label %26 %14 = load i32, i32* @num_var_ranges, align 4 %15 = sext i32 %14 to i64 %17 = extractvalue { i64, i1 } %16, 1 br i1 %17, label %46, label %18, !prof !4, !misexpect !5 %19 = extractvalue { i64, i1 } %16, 0 %20 = tail call noalias align 8 i8* @__kmalloc(i64 %19, i32 3520) #78 %21 = icmp eq i8* %20, null br i1 %21, label %46, label %22 %23 = load %struct.seq_file.29776*, %struct.seq_file.29776** %7, align 8 %24 = bitcast i8* %20 to i32* %25 = getelementptr inbounds %struct.seq_file.29776, %struct.seq_file.29776* %23, i64 0, i32 11 store i8* %20, i8** %25, align 8 br label %26 %27 = phi i32* [ %24, %22 ], [ %11, %5 ] %28 = icmp eq i32 %4, 0 br i1 %28, label %29, label %36 %37 = phi i64 [ %1, %26 ], [ %35, %33 ] %38 = phi i64 [ %0, %26 ], [ %34, %33 ] %39 = tail call i32 @mtrr_add_page(i64 %38, i64 %37, i32 %2, i1 zeroext true) #78 Function:mtrr_add_page %5 = alloca %struct.set_mtrr_data, align 8 %6 = alloca %struct.set_mtrr_data, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i8, align 1 %10 = bitcast i64* %7 to i8* store i64 0, i64* %7, align 8 %11 = bitcast i64* %8 to i8* store i64 0, i64* %8, align 8 store i8 0, i8* %9, align 1 %12 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %13 = icmp eq i8 %12, 0 br i1 %13, label %195, label %14 %15 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %16 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %15, i64 0, i32 6 %17 = load i32 (i64, i64, i32)*, i32 (i64, i64, i32)** %16, align 8 %18 = tail call i32 %17(i64 %0, i64 %1, i32 %2) #78 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %195 %21 = icmp ugt i32 %2, 6 br i1 %21, label %22, label %24 %25 = icmp eq i32 %2, 1 br i1 %25, label %26, label %59 %27 = tail call %struct.pci_dev* bitcast (%struct.pci_dev.318968* (i32, %struct.pci_dev.318968*)* @pci_get_class to %struct.pci_dev* (i32, %struct.pci_dev*)*)(i32 393216, %struct.pci_dev* null) #78 %28 = icmp eq %struct.pci_dev* %27, null br i1 %28, label %49, label %29 %30 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 7 %31 = load i16, i16* %30, align 4 switch i16 %31, label %48 [ i16 4454, label %32 i16 -32634, label %42 ] %43 = getelementptr inbounds %struct.pci_dev, %struct.pci_dev* %27, i64 0, i32 8 %44 = load i16, i16* %43, align 2 %45 = icmp eq i16 %44, -31542 br i1 %45, label %46, label %48 tail call void bitcast (void (%struct.pci_dev.318968*)* @pci_dev_put to void (%struct.pci_dev*)*)(%struct.pci_dev* nonnull %27) #78 br label %49 %50 = load %struct.mtrr_ops*, %struct.mtrr_ops** @mtrr_if, align 8 %51 = getelementptr inbounds %struct.mtrr_ops, %struct.mtrr_ops* %50, i64 0, i32 7 %52 = load i32 ()*, i32 ()** %51, align 8 %53 = icmp eq i32 ()* %52, null br i1 %53, label %57, label %54 %55 = tail call i32 %52() #78 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %59 %60 = icmp eq i64 %1, 0 br i1 %60, label %61, label %63 %64 = add i64 %0, -1 %65 = add i64 %64, %1 %66 = or i64 %65, %0 %67 = load i8, i8* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 7), align 1 %68 = zext i8 %67 to i64 %69 = add nuw nsw i64 %68, 4294967284 %70 = and i64 %69, 4294967295 %71 = lshr i64 %66, %70 %72 = icmp eq i64 %71, 0 br i1 %72, label %75, label %73 tail call void @cpus_read_lock() #78 ------------- Use: =BAD PATH= Call Stack: 0 reload_store ------------- Path:  Function:reload_store %5 = alloca i64, align 8 %6 = load i16, i16* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 32), align 4 %7 = zext i16 %6 to i32 %8 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i64, i64* %5, align 8 %15 = icmp eq i64 %14, 1 br i1 %15, label %16, label %52 call void @cpus_read_lock() #78 ------------- Good: 489 Bad: 45 Ignored: 285 Check Use of Function:drm_atomic_connector_commit_dpms Check Use of Function:proc_lookupfdinfo Check Use of Function:init_chown Check Use of Function:uart_set_ldisc Check Use of Function:static_key_slow_inc Check Use of Function:housekeeping_cpumask Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 __pm_runtime_suspend 7 __intel_runtime_pm_put 8 intel_runtime_pm_put_unchecked 9 intel_rps_read_punit_req_frequency 10 intel_rps_get_requested_frequency 11 gt_cur_freq_mhz_show ------------- Path:  Function:gt_cur_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.423982** %8 = load %struct.drm_i915_private.423982*, %struct.drm_i915_private.423982** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.423982, %struct.drm_i915_private.423982* %8, i64 0, i32 102, i32 19 %10 = tail call i32 @intel_rps_get_requested_frequency(%struct.intel_rps* %9) #78 Function:intel_rps_get_requested_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 7 %3 = getelementptr inbounds i32, i32* %2, i64 6 %4 = bitcast i32* %3 to %struct.intel_uc.449265* %5 = getelementptr inbounds i32, i32* %2, i64 9 %6 = load i32, i32* %5, align 4 %7 = icmp sgt i32 %6, 4 br i1 %7, label %8, label %18 %9 = getelementptr inbounds %struct.intel_uc.449265, %struct.intel_uc.449265* %4, i64 0, i32 1, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %18, label %12 %13 = getelementptr inbounds %struct.intel_uc.449265, %struct.intel_uc.449265* %4, i64 0, i32 1, i32 3, i32 3 %14 = load i8, i8* %13, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %18, label %16 %17 = tail call i32 @intel_rps_read_punit_req_frequency(%struct.intel_rps* %0) #78 Function:intel_rps_read_punit_req_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 7 %3 = getelementptr inbounds i32, i32* %2, i64 2 %4 = bitcast i32* %3 to %struct.intel_uncore.449122** %5 = load %struct.intel_uncore.449122*, %struct.intel_uncore.449122** %4, align 8 %6 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %5, i64 0, i32 2 %7 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %6, align 8 %8 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %7) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %5, i64 0, i32 8, i32 6 %12 = load i32 (%struct.intel_uncore.449122*, i32, i1)*, i32 (%struct.intel_uncore.449122*, i32, i1)** %11, align 8 %13 = tail call i32 %12(%struct.intel_uncore.449122* %5, i32 40968, i1 zeroext true) #78 tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %7) #78 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #78 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39258, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39260, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !8 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39263, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !9 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !10 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !11 %39 = tail call i64 @ktime_get_mono_fast_ns() #78 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #78 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #79 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %4 = call %struct.irq_desc.76301* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #78 %5 = icmp eq %struct.irq_desc.76301* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14777*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.76301*, i1, i1)*)(%struct.irq_desc.76301* nonnull %4, i1 zeroext true, i1 zeroext true) #78 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8260, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !9 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #78 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.76301*)* @irq_setup_affinity to i32 (%struct.irq_desc.14777*)*)(%struct.irq_desc.14777* %0) #78 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.76301* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %13, align 8 %15 = icmp eq %struct.irq_chip.76315* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #78 %21 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.76296* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #79 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.76301** %6 = load %struct.irq_desc.76301*, %struct.irq_desc.76301** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %84, label %10 %11 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %12, null br i1 %13, label %84, label %14 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_do_set_affinity.tmp_mask_lock) #78 %15 = load %struct.irq_common_data*, %struct.irq_common_data** %4, align 8 %16 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2097152 %19 = icmp eq i32 %18, 0 br i1 %19, label %33, label %20 %21 = tail call zeroext i1 @housekeeping_enabled(i32 128) #78 br i1 %21, label %22, label %33 %23 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #78 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 __pm_runtime_suspend 7 __intel_runtime_pm_put 8 intel_runtime_pm_put_unchecked 9 intel_rps_read_actual_frequency 10 gt_act_freq_mhz_show ------------- Path:  Function:gt_act_freq_mhz_show %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 16 %7 = bitcast i8* %6 to %struct.drm_i915_private.423982** %8 = load %struct.drm_i915_private.423982*, %struct.drm_i915_private.423982** %7, align 8 %9 = getelementptr inbounds %struct.drm_i915_private.423982, %struct.drm_i915_private.423982* %8, i64 0, i32 102, i32 19 %10 = tail call i32 @intel_rps_read_actual_frequency(%struct.intel_rps* %9) #78 Function:intel_rps_read_actual_frequency %2 = getelementptr %struct.intel_rps, %struct.intel_rps* %0, i64 -8, i32 7 %3 = getelementptr inbounds i32, i32* %2, i64 2 %4 = bitcast i32* %3 to %struct.intel_uncore.449122** %5 = load %struct.intel_uncore.449122*, %struct.intel_uncore.449122** %4, align 8 %6 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %5, i64 0, i32 2 %7 = load %struct.intel_runtime_pm*, %struct.intel_runtime_pm** %6, align 8 %8 = tail call i32 @intel_runtime_pm_get_if_in_use(%struct.intel_runtime_pm* %7) #78 %9 = icmp eq i32 %8, 0 br i1 %9, label %112, label %10 %11 = bitcast i32* %2 to %struct.drm_i915_private.449467** %12 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 13 %13 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 14 %14 = getelementptr inbounds %struct.intel_rps, %struct.intel_rps* %0, i64 0, i32 20 %15 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %11, align 8 %16 = load %struct.intel_uncore.449122*, %struct.intel_uncore.449122** %4, align 8 %17 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %15, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 9437184 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %15, i64 0, i32 3, i32 0 %25 = load i8, i8* %24, align 8 %26 = icmp ugt i8 %25, 5 %27 = getelementptr inbounds %struct.intel_uncore.449122, %struct.intel_uncore.449122* %16, i64 0, i32 8, i32 6 %28 = load i32 (%struct.intel_uncore.449122*, i32, i1)*, i32 (%struct.intel_uncore.449122*, i32, i1)** %27, align 8 br i1 %26, label %29, label %31 %32 = tail call i32 %28(%struct.intel_uncore.449122* %16, i32 70136, i1 zeroext true) #78 br label %33 %34 = phi i32 [ %22, %21 ], [ %30, %29 ], [ %32, %31 ] %35 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %11, align 8 %36 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %35, i64 0, i32 4, i32 0, i64 0 %37 = load i32, i32* %36, align 4 %38 = zext i32 %37 to i64 %39 = and i64 %38, 9437184 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %67 %42 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %35, i64 0, i32 3, i32 0 %43 = load i8, i8* %42, align 8 %44 = icmp ugt i8 %43, 8 br i1 %44, label %45, label %47 %46 = lshr i32 %34, 23 br label %73 %74 = phi i32 [ %46, %45 ], [ %69, %67 ] %75 = mul nuw nsw i32 %74, 50 %76 = icmp eq i32 %74, 0 %77 = or i32 %75, 1 %78 = add nsw i32 %75, -1 %79 = select i1 %76, i32 %78, i32 %77 %80 = sdiv i32 %79, 3 br label %110 %111 = phi i32 [ %109, %106 ], [ %80, %73 ], [ %93, %86 ], [ %105, %97 ] tail call void @intel_runtime_pm_put_unchecked(%struct.intel_runtime_pm* %7) #78 Function:intel_runtime_pm_put_unchecked tail call fastcc void @__intel_runtime_pm_put(%struct.intel_runtime_pm* %0, i1 zeroext true) #78 Function:__intel_runtime_pm_put %3 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 3 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp ne i8 %8, 0 %10 = load i1, i1* @assert_rpm_device_not_suspended.__already_done, align 1 %11 = xor i1 %10, true %12 = and i1 %9, %11 br i1 %1, label %13, label %29 br i1 %12, label %14, label %15, !prof !5, !misexpect !6 store i1 true, i1* @assert_rpm_device_not_suspended.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.7.39258, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 99, i32 2313, i64 12) #6, !srcloc !7 br label %15 %16 = and i32 %6, 65535 %17 = icmp eq i32 %16, 0 %18 = load i1, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 %19 = xor i1 %18, true %20 = and i1 %17, %19 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_raw_wakeref_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.6.39260, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 107, i32 2313, i64 12) #6, !srcloc !8 br label %22 %23 = icmp ult i32 %6, 65536 %24 = load i1, i1* @__assert_rpm_wakelock_held.__already_done, align 1 %25 = xor i1 %24, true %26 = and i1 %23, %25 br i1 %26, label %27, label %28, !prof !5, !misexpect !6 store i1 true, i1* @__assert_rpm_wakelock_held.__already_done, align 1 tail call void (i8*, ...) @__warn_printk(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.39263, i64 0, i64 0)) #78 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.5.39259, i64 0, i64 0), i32 115, i32 2313, i64 12) #6, !srcloc !9 br label %28 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subl $1,$0", "=*m,ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 65536, i32* %5) #6, !srcloc !10 br label %38 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32* %5) #6, !srcloc !11 %39 = tail call i64 @ktime_get_mono_fast_ns() #78 %40 = getelementptr inbounds %struct.device, %struct.device* %4, i64 0, i32 11, i32 21 store volatile i64 %39, i64* %40, align 8 %41 = tail call i32 @__pm_runtime_suspend(%struct.device* %4, i32 13) #78 Function:__pm_runtime_suspend %3 = and i32 %1, 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %11, label %5 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %7 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32* %6) #6, !srcloc !4 %8 = and i8 %7, 1 %9 = icmp eq i8 %8, 0 br i1 %9, label %10, label %11 %12 = and i32 %1, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %16 = load i16, i16* %15, align 8 %17 = and i16 %16, 1024 %18 = icmp eq i16 %17, 0 br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #79 %24 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %1) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %4 = call %struct.irq_desc.76301* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #78 %5 = icmp eq %struct.irq_desc.76301* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14777*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.76301*, i1, i1)*)(%struct.irq_desc.76301* nonnull %4, i1 zeroext true, i1 zeroext true) #78 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8260, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !9 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #78 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.76301*)* @irq_setup_affinity to i32 (%struct.irq_desc.14777*)*)(%struct.irq_desc.14777* %0) #78 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.76301* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %13, align 8 %15 = icmp eq %struct.irq_chip.76315* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #78 %21 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.76296* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #79 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.76301** %6 = load %struct.irq_desc.76301*, %struct.irq_desc.76301** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %84, label %10 %11 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %12, null br i1 %13, label %84, label %14 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_do_set_affinity.tmp_mask_lock) #78 %15 = load %struct.irq_common_data*, %struct.irq_common_data** %4, align 8 %16 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2097152 %19 = icmp eq i32 %18, 0 br i1 %19, label %33, label %20 %21 = tail call zeroext i1 @housekeeping_enabled(i32 128) #78 br i1 %21, label %22, label %33 %23 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #78 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 rpm_idle 7 pm_runtime_set_autosuspend_delay 8 autosuspend_store ------------- Path:  Function:autosuspend_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.6.53981, i64 0, i64 0), i32* nonnull %5) #78 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = add i32 %9, 2147482 %11 = icmp ugt i32 %10, 4294964 %12 = or i1 %8, %11 br i1 %12, label %15, label %13 %14 = mul nsw i32 %9, 1000 call void @pm_runtime_set_autosuspend_delay(%struct.device* %0, i32 %14) #79 Function:pm_runtime_set_autosuspend_delay %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #78 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = lshr i16 %8, 11 %10 = and i16 %9, 1 store i32 %1, i32* %5, align 4 %11 = and i16 %8, 2048 %12 = icmp ne i16 %11, 0 %13 = icmp slt i32 %1, 0 %14 = and i1 %13, %12 br i1 %14, label %15, label %23 %24 = icmp ne i16 %10, 0 %25 = icmp slt i32 %6, 0 %26 = and i1 %25, %24 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32* %28) #6, !srcloc !5 br label %29 %30 = tail call fastcc i32 @rpm_idle(%struct.device* %0, i32 8) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %4 = call %struct.irq_desc.76301* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #78 %5 = icmp eq %struct.irq_desc.76301* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14777*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.76301*, i1, i1)*)(%struct.irq_desc.76301* nonnull %4, i1 zeroext true, i1 zeroext true) #78 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8260, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !9 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #78 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.76301*)* @irq_setup_affinity to i32 (%struct.irq_desc.14777*)*)(%struct.irq_desc.14777* %0) #78 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.76301* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %13, align 8 %15 = icmp eq %struct.irq_chip.76315* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #78 %21 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.76296* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #79 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.76301** %6 = load %struct.irq_desc.76301*, %struct.irq_desc.76301** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %84, label %10 %11 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %12, null br i1 %13, label %84, label %14 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_do_set_affinity.tmp_mask_lock) #78 %15 = load %struct.irq_common_data*, %struct.irq_common_data** %4, align 8 %16 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2097152 %19 = icmp eq i32 %18, 0 br i1 %19, label %33, label %20 %21 = tail call zeroext i1 @housekeeping_enabled(i32 128) #78 br i1 %21, label %22, label %33 %23 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #78 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 rpm_idle 7 __rpm_callback 8 rpm_resume 9 __pm_runtime_resume 10 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %7 = bitcast %struct.irq_domain** %6 to %struct.pci_dev.318968* %8 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #78 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %7, i64 0, i32 33 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.318968* %7) #78 br label %22 %23 = call i32 @__pm_runtime_resume(%struct.device* %0, i32 0) #78 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #78 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #79 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %12 = bitcast i8** %11 to %struct.task_struct** %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %17 = and i32 %1, 3 %18 = icmp eq i32 %17, 0 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %20 = bitcast %struct.spinlock* %19 to i8* %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %24 = and i32 %1, 1 %25 = icmp eq i32 %24, 0 %26 = bitcast %struct.wait_queue_entry* %3 to i64* br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #79 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %23, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %25, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %23, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #79 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #79 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %126, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %126 %19 = tail call i32 @device_links_read_lock() #78 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %125, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #78 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #78 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #78 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %185, label %90 %91 = phi %struct.list_head* [ %123, %117 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = bitcast %struct.list_head* %92 to %struct.device** %94 = load %struct.device*, %struct.device** %93, align 8 %95 = getelementptr inbounds %struct.device, %struct.device* %94, i64 0, i32 11, i32 13, i32 0 %96 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %97 = bitcast %struct.list_head* %96 to %struct.seqcount_spinlock* %98 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %98, label %99, label %117 %100 = load volatile i32, i32* %95, align 4 %101 = icmp sgt i32 %100, 0 br i1 %101, label %102, label %117 %103 = load volatile i32, i32* %95, align 4 %104 = icmp eq i32 %103, 0 br i1 %104, label %115, label %105, !prof !8, !misexpect !9 %106 = phi i32 [ %113, %112 ], [ %103, %102 ] %107 = add i32 %106, -1 %108 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %95, i32 %107, i32* %95, i32 %106) #6, !srcloc !10 %109 = extractvalue { i8, i32 } %108, 0 %110 = and i8 %109, 1 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %115, !prof !8, !misexpect !9 %113 = extractvalue { i8, i32 } %108, 1 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %105, !prof !8, !misexpect !9 %116 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %116, label %99, label %117 %118 = load %struct.device*, %struct.device** %93, align 8 %119 = getelementptr inbounds %struct.device, %struct.device* %118, i64 0, i32 11, i32 3, i32 0, i32 0 %120 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %119) #78 %121 = tail call fastcc i32 @rpm_idle(%struct.device* %118, i32 1) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %4 = call %struct.irq_desc.76301* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #78 %5 = icmp eq %struct.irq_desc.76301* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14777*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.76301*, i1, i1)*)(%struct.irq_desc.76301* nonnull %4, i1 zeroext true, i1 zeroext true) #78 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8260, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !9 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #78 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.76301*)* @irq_setup_affinity to i32 (%struct.irq_desc.14777*)*)(%struct.irq_desc.14777* %0) #78 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.76301* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %13, align 8 %15 = icmp eq %struct.irq_chip.76315* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #78 %21 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.76296* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #79 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.76301** %6 = load %struct.irq_desc.76301*, %struct.irq_desc.76301** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %84, label %10 %11 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %12, null br i1 %13, label %84, label %14 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_do_set_affinity.tmp_mask_lock) #78 %15 = load %struct.irq_common_data*, %struct.irq_common_data** %4, align 8 %16 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2097152 %19 = icmp eq i32 %18, 0 br i1 %19, label %33, label %20 %21 = tail call zeroext i1 @housekeeping_enabled(i32 128) #78 br i1 %21, label %22, label %33 %23 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #78 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 rpm_idle 7 __rpm_callback 8 rpm_resume 9 __pm_runtime_resume 10 __submit_bio 11 submit_bio_noacct 12 __blk_queue_split 13 blk_queue_split 14 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.705679*, align 8 store %struct.bio.705679* %0, %struct.bio.705679** %2, align 8 %3 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 1 %4 = load %struct.block_device.705676*, %struct.block_device.705676** %3, align 8 %5 = getelementptr inbounds %struct.block_device.705676, %struct.block_device.705676* %4, i64 0, i32 16 %6 = load %struct.gendisk.705501*, %struct.gendisk.705501** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.705501, %struct.gendisk.705501* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 39 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #78 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 1 %18 = icmp ne i64 %17, 0 %19 = icmp eq i8* %13, null %20 = or i1 %19, %18 %21 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 2 %22 = load i32, i32* %21, align 8 br i1 %20, label %23, label %51, !prof !4, !misexpect !5 %52 = trunc i32 %22 to i8 switch i8 %52, label %55 [ i8 3, label %53 i8 5, label %53 i8 7, label %53 i8 9, label %53 ] call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.705679**)*)(%struct.bio.705679** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #78 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %37 = icmp eq %struct.device.296127* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %36, i32 1) #78 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #78 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #78 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %54 = icmp eq %struct.device.296127* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %53, i32 1) #78 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #78 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #79 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %12 = bitcast i8** %11 to %struct.task_struct** %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %17 = and i32 %1, 3 %18 = icmp eq i32 %17, 0 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %20 = bitcast %struct.spinlock* %19 to i8* %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %24 = and i32 %1, 1 %25 = icmp eq i32 %24, 0 %26 = bitcast %struct.wait_queue_entry* %3 to i64* br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #79 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %23, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %25, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %23, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #79 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #79 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %126, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %126 %19 = tail call i32 @device_links_read_lock() #78 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %125, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #78 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #78 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #78 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %185, label %90 %91 = phi %struct.list_head* [ %123, %117 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = bitcast %struct.list_head* %92 to %struct.device** %94 = load %struct.device*, %struct.device** %93, align 8 %95 = getelementptr inbounds %struct.device, %struct.device* %94, i64 0, i32 11, i32 13, i32 0 %96 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %97 = bitcast %struct.list_head* %96 to %struct.seqcount_spinlock* %98 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %98, label %99, label %117 %100 = load volatile i32, i32* %95, align 4 %101 = icmp sgt i32 %100, 0 br i1 %101, label %102, label %117 %103 = load volatile i32, i32* %95, align 4 %104 = icmp eq i32 %103, 0 br i1 %104, label %115, label %105, !prof !8, !misexpect !9 %106 = phi i32 [ %113, %112 ], [ %103, %102 ] %107 = add i32 %106, -1 %108 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %95, i32 %107, i32* %95, i32 %106) #6, !srcloc !10 %109 = extractvalue { i8, i32 } %108, 0 %110 = and i8 %109, 1 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %115, !prof !8, !misexpect !9 %113 = extractvalue { i8, i32 } %108, 1 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %105, !prof !8, !misexpect !9 %116 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %116, label %99, label %117 %118 = load %struct.device*, %struct.device** %93, align 8 %119 = getelementptr inbounds %struct.device, %struct.device* %118, i64 0, i32 11, i32 3, i32 0, i32 0 %120 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %119) #78 %121 = tail call fastcc i32 @rpm_idle(%struct.device* %118, i32 1) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %4 = call %struct.irq_desc.76301* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #78 %5 = icmp eq %struct.irq_desc.76301* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14777*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.76301*, i1, i1)*)(%struct.irq_desc.76301* nonnull %4, i1 zeroext true, i1 zeroext true) #78 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8260, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !9 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #78 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.76301*)* @irq_setup_affinity to i32 (%struct.irq_desc.14777*)*)(%struct.irq_desc.14777* %0) #78 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.76301* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %13, align 8 %15 = icmp eq %struct.irq_chip.76315* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #78 %21 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.76296* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #79 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.76301** %6 = load %struct.irq_desc.76301*, %struct.irq_desc.76301** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %84, label %10 %11 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %12, null br i1 %13, label %84, label %14 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_do_set_affinity.tmp_mask_lock) #78 %15 = load %struct.irq_common_data*, %struct.irq_common_data** %4, align 8 %16 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2097152 %19 = icmp eq i32 %18, 0 br i1 %19, label %33, label %20 %21 = tail call zeroext i1 @housekeeping_enabled(i32 128) #78 br i1 %21, label %22, label %33 %23 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #78 ------------- Use: =BAD PATH= Call Stack: 0 irq_do_set_affinity 1 irq_setup_affinity 2 irq_startup 3 enable_irq 4 dev_pm_enable_wake_irq_check 5 rpm_suspend 6 rpm_idle 7 __rpm_callback 8 rpm_resume 9 __pm_runtime_resume 10 __submit_bio 11 submit_bio_noacct 12 __blk_queue_split 13 blk_queue_split 14 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.296195*, align 8 store %struct.bio.296195* %0, %struct.bio.296195** %2, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %8 = load %struct.block_device.296192*, %struct.block_device.296192** %7, align 8 %9 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %8, i64 0, i32 16 %10 = load %struct.gendisk.296190*, %struct.gendisk.296190** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.296195**)*)(%struct.bio.296195** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %19 = load i32, i32* %9, align 8 %20 = and i32 %19, 2097152 %21 = icmp eq i32 %20, 0 br i1 %21, label %31, label %22 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = call i32 @__cond_resched() #78 %33 = load i32, i32* %10, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %43 %36 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %37 = icmp eq %struct.device.296127* %36, null br i1 %37, label %66, label %38 %39 = load volatile i32, i32* %12, align 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %66, label %41 %42 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %36, i32 1) #78 br label %43 %44 = load volatile i64, i64* %13, align 8 %45 = and i64 %44, 4 %46 = icmp eq i64 %45, 0 br i1 %46, label %47, label %66 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %2, i32 0) #78 br label %48 %49 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %15, %struct.wait_queue_entry* nonnull %2, i32 2) #78 %50 = load i32, i32* %10, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %60 %53 = load %struct.device.296127*, %struct.device.296127** %11, align 8 %54 = icmp eq %struct.device.296127* %53, null br i1 %54, label %65, label %55 %56 = load volatile i32, i32* %12, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %65, label %58 %59 = call i32 bitcast (i32 (%struct.device*, i32)* @__pm_runtime_resume to i32 (%struct.device.296127*, i32)*)(%struct.device.296127* nonnull %53, i32 1) #78 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #78 %24 = tail call fastcc i32 @rpm_resume(%struct.device* %0, i32 %1) #79 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %12 = bitcast i8** %11 to %struct.task_struct** %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %15 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %17 = and i32 %1, 3 %18 = icmp eq i32 %17, 0 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %20 = bitcast %struct.spinlock* %19 to i8* %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 1 %24 = and i32 %1, 1 %25 = icmp eq i32 %24, 0 %26 = bitcast %struct.wait_queue_entry* %3 to i64* br label %27 %28 = phi %struct.device* [ %115, %135 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #79 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %75 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %76 = load i16, i16* %5, align 8 %77 = and i16 %76, 512 %78 = icmp eq i16 %77, 0 %79 = icmp ne %struct.device* %28, null %80 = or i1 %79, %78 br i1 %80, label %103, label %81 %82 = load %struct.device*, %struct.device** %23, align 8 %83 = icmp eq %struct.device* %82, null br i1 %83, label %103, label %84 br i1 %25, label %113, label %104 br i1 %79, label %139, label %114 %115 = load %struct.device*, %struct.device** %23, align 8 %116 = icmp eq %struct.device* %115, null br i1 %116, label %139, label %117 %118 = load i16, i16* %5, align 8 %119 = and i16 %118, 1024 %120 = icmp eq i16 %119, 0 br i1 %120, label %121, label %139 %140 = phi %struct.device* [ %28, %113 ], [ %115, %117 ], [ null, %114 ] %141 = load i16, i16* %5, align 8 %142 = and i16 %141, 512 %143 = icmp eq i16 %142, 0 br i1 %143, label %144, label %259 %145 = and i16 %141, 7 %146 = icmp eq i16 %145, 0 br i1 %146, label %147, label %164 store i32 1, i32* %9, align 4 %165 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %166 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %165, align 8 %167 = icmp eq %struct.dev_pm_domain* %166, null br i1 %167, label %168, label %192 %193 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %166, i64 0, i32 0 br label %194 %195 = phi %struct.dev_pm_ops* [ %193, %192 ], [ %190, %188 ], [ %182, %180 ], [ %174, %172 ] %196 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %195, i64 0, i32 21 %197 = load i32 (%struct.device*)*, i32 (%struct.device*)** %196, align 8 %198 = icmp eq i32 (%struct.device*)* %197, null br i1 %198, label %199, label %210 %211 = phi i32 (%struct.device*)* [ %197, %194 ], [ %209, %207 ], [ null, %203 ], [ null, %199 ] call void @dev_pm_disable_wake_irq_check(%struct.device* %0) #79 %212 = load i16, i16* %5, align 8 %213 = and i16 %212, 8192 %214 = icmp eq i16 %213, 0 br i1 %214, label %226, label %215 %227 = call fastcc i32 @__rpm_callback(i32 (%struct.device*)* %211, %struct.device* %0) #79 Function:__rpm_callback %3 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 4 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %126, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %126 %19 = tail call i32 @device_links_read_lock() #78 %20 = getelementptr inbounds %struct.device, %struct.device* %1, i64 0, i32 10, i32 0 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %125, label %24 %25 = phi %struct.list_head* [ %83, %81 ], [ %22, %18 ] %26 = getelementptr %struct.list_head, %struct.list_head* %25, i64 -2 %27 = bitcast %struct.list_head* %26 to %struct.device_link* %28 = getelementptr inbounds %struct.device_link, %struct.device_link* %27, i64 0, i32 6 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %81, label %32 %33 = bitcast %struct.list_head* %26 to %struct.device** %34 = load %struct.device*, %struct.device** %33, align 8 %35 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 15 %36 = load i16, i16* %35, align 8 %37 = and i16 %36, 1024 %38 = icmp eq i16 %37, 0 br i1 %38, label %39, label %45 %46 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !7 %47 = getelementptr inbounds %struct.device, %struct.device* %34, i64 0, i32 11, i32 3, i32 0, i32 0 %48 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %47) #78 %49 = tail call fastcc i32 @rpm_resume(%struct.device* %34, i32 4) #78 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %47, i64 %48) #78 %50 = icmp slt i32 %49, 0 %51 = icmp ne i32 %49, -13 %52 = and i1 %50, %51 br i1 %52, label %53, label %69 %54 = bitcast %struct.list_head* %26 to %struct.device** %55 = load %struct.device*, %struct.device** %54, align 8 %56 = getelementptr inbounds %struct.device, %struct.device* %55, i64 0, i32 11, i32 13, i32 0 %57 = load volatile i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %87, label %59, !prof !8, !misexpect !9 %88 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 %89 = icmp eq %struct.list_head* %88, %20 br i1 %89, label %185, label %90 %91 = phi %struct.list_head* [ %123, %117 ], [ %88, %87 ] %92 = getelementptr %struct.list_head, %struct.list_head* %91, i64 -2 %93 = bitcast %struct.list_head* %92 to %struct.device** %94 = load %struct.device*, %struct.device** %93, align 8 %95 = getelementptr inbounds %struct.device, %struct.device* %94, i64 0, i32 11, i32 13, i32 0 %96 = getelementptr %struct.list_head, %struct.list_head* %91, i64 47 %97 = bitcast %struct.list_head* %96 to %struct.seqcount_spinlock* %98 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %98, label %99, label %117 %100 = load volatile i32, i32* %95, align 4 %101 = icmp sgt i32 %100, 0 br i1 %101, label %102, label %117 %103 = load volatile i32, i32* %95, align 4 %104 = icmp eq i32 %103, 0 br i1 %104, label %115, label %105, !prof !8, !misexpect !9 %106 = phi i32 [ %113, %112 ], [ %103, %102 ] %107 = add i32 %106, -1 %108 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %95, i32 %107, i32* %95, i32 %106) #6, !srcloc !10 %109 = extractvalue { i8, i32 } %108, 0 %110 = and i8 %109, 1 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %115, !prof !8, !misexpect !9 %113 = extractvalue { i8, i32 } %108, 1 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %105, !prof !8, !misexpect !9 %116 = tail call zeroext i1 @refcount_dec_not_one(%struct.seqcount_spinlock* %97) #78 br i1 %116, label %99, label %117 %118 = load %struct.device*, %struct.device** %93, align 8 %119 = getelementptr inbounds %struct.device, %struct.device* %118, i64 0, i32 11, i32 3, i32 0, i32 0 %120 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %119) #78 %121 = tail call fastcc i32 @rpm_idle(%struct.device* %118, i32 1) #78 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device* %0, i32 %1) #78 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %59, align 8 %61 = icmp eq %struct.dev_pm_domain* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %89, i64 0, i32 22 %91 = load i32 (%struct.device*)*, i32 (%struct.device*)** %90, align 8 %92 = icmp eq i32 (%struct.device*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #78 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device* %0, i32 %145) #78 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device* %0, i32 %1) #78 %4 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %358 %8 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 32 %27 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.task_struct** %33 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %34, i64 0, i32 0 %36 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %37 = and i32 %1, 3 %38 = icmp eq i32 %37, 0 %39 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %40 = bitcast %struct.spinlock* %39 to i8* %41 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %39, i64 0, i32 0, i32 0 %42 = bitcast %struct.wait_queue_entry* %3 to i64* br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %358 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %358, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %358 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %358, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %358, label %68 %69 = call i32 @__dev_pm_qos_resume_latency(%struct.device* %0) #79 %70 = icmp eq i32 %69, 0 br i1 %70, label %358, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = zext i1 %73 to i32 %75 = icmp eq i32 %72, 1 %76 = and i1 %14, %75 %77 = select i1 %76, i32 -11, i32 %74 %78 = icmp eq i32 %77, 0 br i1 %78, label %79, label %358 %80 = icmp eq i32 %72, 3 %81 = or i1 %16, %80 br i1 %81, label %107, label %82 %83 = load i16, i16* %8, align 8 %84 = and i16 %83, 2048 %85 = icmp eq i16 %84, 0 br i1 %85, label %107, label %86 %108 = load i64, i64* %19, align 8 %109 = icmp eq i64 %108, 0 br i1 %109, label %112, label %110 store i32 0, i32* %12, align 8 %113 = load i32, i32* %11, align 4 %114 = icmp eq i32 %113, 3 br i1 %114, label %115, label %135 %136 = load i16, i16* %8, align 8 %137 = and i16 %136, 512 %138 = icmp eq i16 %137, 0 br i1 %138, label %139, label %232 br i1 %14, label %149, label %140 %150 = and i16 %136, 7 %151 = icmp eq i16 %150, 0 br i1 %151, label %152, label %166 store i32 3, i32* %11, align 4 %167 = load %struct.dev_pm_domain*, %struct.dev_pm_domain** %24, align 8 %168 = icmp eq %struct.dev_pm_domain* %167, null br i1 %168, label %169, label %190 %191 = getelementptr inbounds %struct.dev_pm_domain, %struct.dev_pm_domain* %167, i64 0, i32 0 br label %192 %193 = phi %struct.dev_pm_ops* [ %191, %190 ], [ %188, %186 ], [ %181, %179 ], [ %174, %172 ] %194 = getelementptr %struct.dev_pm_ops, %struct.dev_pm_ops* %193, i64 0, i32 20 %195 = load i32 (%struct.device*)*, i32 (%struct.device*)** %194, align 8 %196 = icmp eq i32 (%struct.device*)* %195, null br i1 %196, label %197, label %207 %208 = phi i32 (%struct.device*)* [ %195, %192 ], [ %206, %204 ], [ null, %200 ], [ null, %197 ] call void @dev_pm_enable_wake_irq_check(%struct.device* %0, i1 zeroext true) #79 Function:dev_pm_enable_wake_irq_check %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 12 %4 = load %struct.wake_irq*, %struct.wake_irq** %3, align 8 %5 = icmp eq %struct.wake_irq* %4, null br i1 %5, label %20, label %6 %7 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 3 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = and i32 %8, 2 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.wake_irq, %struct.wake_irq* %4, i64 0, i32 2 %19 = load i32, i32* %18, align 4 tail call void @enable_irq(i32 %19) #78 Function:enable_irq %2 = alloca i64, align 8 %3 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %4 = call %struct.irq_desc.76301* @__irq_get_desc_lock(i32 %0, i64* nonnull %2, i1 zeroext true, i32 1) #78 %5 = icmp eq %struct.irq_desc.76301* %4, null br i1 %5, label %31, label %6 %7 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 1, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 7 %13 = load i32, i32* %12, align 64 switch i32 %13, label %27 [ i32 0, label %14 i32 1, label %17 ] %18 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 6 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 2048 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %14 %23 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %4, i64 0, i32 5 %24 = load i32, i32* %23, align 8 %25 = or i32 %24, 1024 store i32 %25, i32* %23, align 8 %26 = call i32 bitcast (i32 (%struct.irq_desc.14777*, i1, i1)* @irq_startup to i32 (%struct.irq_desc.76301*, i1, i1)*)(%struct.irq_desc.76301* nonnull %4, i1 zeroext true, i1 zeroext true) #78 Function:irq_startup %4 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 3 %6 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %7 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 4, i64 0 %8 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 7 store i32 0, i32* %8, align 64 %9 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %6, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4194304 %12 = icmp eq i32 %11, 0 br i1 %12, label %57, label %13 %58 = and i32 %10, 2097152 %59 = icmp eq i32 %58, 0 br i1 %59, label %71, label %60 %72 = getelementptr inbounds %struct.irq_desc.14777, %struct.irq_desc.14777* %0, i64 0, i32 1, i32 4 %73 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %74 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %73, i64 0, i32 35 %75 = load i64, i64* %74, align 8 %76 = and i64 %75, 1024 %77 = icmp eq i64 %76, 0 br i1 %77, label %83, label %78 %84 = phi i32 [ %10, %71 ], [ %82, %78 ] %85 = and i32 %84, 512 %86 = icmp eq i32 %85, 0 br i1 %86, label %87, label %88, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.8260, i64 0, i64 0), i32 242, i32 2307, i64 12) #6, !srcloc !9 br label %88 %89 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %90 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %89, i64 0, i32 2 %91 = load i32 (%struct.irq_data*)*, i32 (%struct.irq_data*)** %90, align 8 %92 = icmp eq i32 (%struct.irq_data*)* %91, null br i1 %92, label %103, label %93 %104 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %105 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %104, i64 0, i32 0 %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 65536 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %121 %122 = and i32 %106, -65537 store i32 %122, i32* %105, align 8 %123 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %124 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 4 %125 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %124, align 8 %126 = icmp eq void (%struct.irq_data*)* %125, null br i1 %126, label %132, label %127 %133 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %134 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %133, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = and i32 %135, 131072 %137 = icmp eq i32 %136, 0 br i1 %137, label %147, label %138 %139 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %123, i64 0, i32 9 %140 = load void (%struct.irq_data*)*, void (%struct.irq_data*)** %139, align 8 %141 = icmp eq void (%struct.irq_data*)* %140, null br i1 %141, label %147, label %142 tail call void %140(%struct.irq_data* %4) #78 %143 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %144 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %143, i64 0, i32 0 %145 = load i32, i32* %144, align 8 %146 = and i32 %145, -131073 store i32 %146, i32* %144, align 8 br label %147 %148 = phi i32 [ %94, %93 ], [ 0, %109 ], [ 0, %112 ], [ 0, %116 ], [ 0, %127 ], [ 0, %132 ], [ 0, %138 ], [ 0, %142 ] %149 = load %struct.irq_common_data*, %struct.irq_common_data** %5, align 8 %150 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %149, i64 0, i32 0 %151 = load i32, i32* %150, align 8 %152 = or i32 %151, 4194304 store i32 %152, i32* %150, align 8 %153 = load %struct.irq_chip*, %struct.irq_chip** %72, align 8 %154 = getelementptr inbounds %struct.irq_chip, %struct.irq_chip* %153, i64 0, i32 35 %155 = load i64, i64* %154, align 8 %156 = and i64 %155, 1024 %157 = icmp eq i64 %156, 0 br i1 %157, label %158, label %239 %159 = tail call i32 bitcast (i32 (%struct.irq_desc.76301*)* @irq_setup_affinity to i32 (%struct.irq_desc.14777*)*)(%struct.irq_desc.14777* %0) #78 Function:irq_setup_affinity %2 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 1 %3 = load i32, i32* %2, align 4 %4 = icmp eq %struct.irq_desc.76301* %0, null br i1 %4, label %54, label %5 %6 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 3 %7 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %8 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %7, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3072 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %54 %13 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1, i32 4 %14 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %13, align 8 %15 = icmp eq %struct.irq_chip.76315* %14, null br i1 %15, label %54, label %16 %17 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %14, i64 0, i32 11 %18 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %17, align 8 %19 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %18, null br i1 %19, label %54, label %20 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_setup_affinity.mask_lock) #78 %21 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 1 %22 = load %struct.irq_common_data*, %struct.irq_common_data** %6, align 8 %23 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %22, i64 0, i32 0 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 2101248 %26 = icmp eq i32 %25, 0 br i1 %26, label %36, label %27 %28 = getelementptr inbounds %struct.irq_desc.76301, %struct.irq_desc.76301* %0, i64 0, i32 0, i32 4, i64 0 %29 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %28, i64 0, i32 0, i64 0 %30 = load i64, i64* %29, align 8 %31 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %32 = and i64 %31, %30 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %36 %37 = phi %struct.cpumask* [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %34 ], [ %28, %27 ], [ getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @irq_default_affinity, i64 0, i64 0), %20 ] %38 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %37, i64 0, i32 0, i64 0 %39 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %40 = load i64, i64* %38, align 8 %41 = and i64 %40, %39 %42 = icmp eq i64 %41, 0 %43 = select i1 %42, i64 %39, i64 %41 store i64 %43, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @irq_setup_affinity.mask, i64 0, i32 0, i64 0), align 8 %44 = icmp eq i32 %3, -1 br i1 %44, label %52, label %45 %46 = sext i32 %3 to i64 %47 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %46, i64 0, i32 0, i64 0 %48 = load i64, i64* %47, align 8 %49 = and i64 %48, %43 %50 = icmp eq i64 %49, 0 br i1 %50, label %52, label %51 %53 = tail call i32 @irq_do_set_affinity(%struct.irq_data.76296* %21, %struct.cpumask* nonnull @irq_setup_affinity.mask, i1 zeroext false) #79 Function:irq_do_set_affinity %4 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 3 %5 = bitcast %struct.irq_common_data** %4 to %struct.irq_desc.76301** %6 = load %struct.irq_desc.76301*, %struct.irq_desc.76301** %5, align 8 %7 = getelementptr inbounds %struct.irq_data.76296, %struct.irq_data.76296* %0, i64 0, i32 4 %8 = load %struct.irq_chip.76315*, %struct.irq_chip.76315** %7, align 8 %9 = icmp eq %struct.irq_chip.76315* %8, null br i1 %9, label %84, label %10 %11 = getelementptr inbounds %struct.irq_chip.76315, %struct.irq_chip.76315* %8, i64 0, i32 11 %12 = load i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)*, i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)** %11, align 8 %13 = icmp eq i32 (%struct.irq_data.76296*, %struct.cpumask*, i1)* %12, null br i1 %13, label %84, label %14 tail call void @_raw_spin_lock(%struct.raw_spinlock* nonnull @irq_do_set_affinity.tmp_mask_lock) #78 %15 = load %struct.irq_common_data*, %struct.irq_common_data** %4, align 8 %16 = getelementptr inbounds %struct.irq_common_data, %struct.irq_common_data* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 2097152 %19 = icmp eq i32 %18, 0 br i1 %19, label %33, label %20 %21 = tail call zeroext i1 @housekeeping_enabled(i32 128) #78 br i1 %21, label %22, label %33 %23 = tail call %struct.cpumask* @housekeeping_cpumask(i32 128) #78 ------------- Good: 1100 Bad: 6 Ignored: 1100 Check Use of Function:dev_set_threaded Check Use of Function:dm_pr_clear Check Use of Function:evdev_ioctl_compat Check Use of Function:msr_ioctl Check Use of Function:i915_driver_lastclose Check Use of Function:ext4_sb_bread Check Use of Function:dev_uc_del Check Use of Function:drm_property_create_blob Check Use of Function:dev_ifsioc Check Use of Function:freeze_super Check Use of Function:qdisc_graft Check Use of Function:snd_ctl_ioctl_compat Check Use of Function:dev_get_mac_address Check Use of Function:__lookup_slow Check Use of Function:find_task_by_vpid Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __ia32_sys_ioprio_get ------------- Path:  Function:__ia32_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %4, i64 %7) #78 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %3, label %231 [ i32 1, label %5 i32 2, label %31 i32 3, label %128 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %10 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __x64_sys_ioprio_get ------------- Path:  Function:__x64_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %3, i64 %5) #78 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %3, label %231 [ i32 1, label %5 i32 2, label %31 i32 3, label %128 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %10 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %20 = icmp eq i32 %5, 0 br i1 %20, label %21, label %24 %25 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %20 = icmp eq i32 %5, 0 br i1 %20, label %21, label %24 %25 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_move_pages 1 __ia32_sys_move_pages ------------- Path:  Function:__ia32_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_move_pages(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #78 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_move_pages 1 __x64_sys_move_pages ------------- Path:  Function:__x64_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_move_pages(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:__se_sys_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.migration_target_control, align 8 %10 = alloca %struct.migration_target_control, align 8 %11 = alloca %struct.migration_target_control, align 8 %12 = alloca %struct.cpumask, align 8 %13 = alloca %struct.list_head, align 8 %14 = trunc i64 %0 to i32 %15 = inttoptr i64 %2 to i8** %16 = inttoptr i64 %3 to i32* %17 = inttoptr i64 %4 to i32* %18 = trunc i64 %5 to i32 %19 = and i32 %18, -7 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %341 %22 = and i32 %18, 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %26, label %24 %25 = tail call zeroext i1 @capable(i32 23) #78 br i1 %25, label %26, label %341 %27 = icmp eq i32 %14, 0 br i1 %27, label %28, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %37 = tail call %struct.task_struct* @find_task_by_vpid(i32 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_migrate_pages 1 __ia32_sys_migrate_pages ------------- Path:  Function:__ia32_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_migrate_pages(i64 %4, i64 %7, i64 %10, i64 %13) #78 Function:__se_sys_migrate_pages %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.nodemask_scratch, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %2 to i64* %10 = inttoptr i64 %3 to i64* %11 = bitcast %struct.nodemask_scratch* %7 to i8* %12 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 1 %14 = add i64 %1, -1 %15 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0, i32 0, i64 0 %16 = icmp ne i64 %14, 0 %17 = icmp ne i64 %2, 0 %18 = and i1 %17, %16 br i1 %18, label %19, label %78 %20 = icmp ugt i64 %14, 32768 br i1 %20, label %210, label %21 %22 = bitcast i64* %6 to i8* br label %23 %24 = phi i64 [ %50, %47 ], [ %14, %21 ] %25 = icmp ugt i64 %24, 64 br i1 %25, label %26, label %53 %54 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %55 = inttoptr i64 %54 to %struct.task_struct* %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %55, i64 0, i32 0, i32 2 %57 = load i32, i32* %56, align 8 %58 = and i32 %57, 2 %59 = icmp eq i32 %58, 0 br i1 %59, label %63, label %60 %64 = inttoptr i64 %2 to i8* %65 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %64, i64 8) #78 br label %66 %67 = phi i64 [ %62, %60 ], [ %65, %63 ] %68 = trunc i64 %67 to i32 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %210 %71 = and i64 %24, 63 %72 = icmp eq i64 %71, 0 br i1 %72, label %78, label %73 %74 = shl nsw i64 -1, %71 %75 = xor i64 %74, -1 %76 = load i64, i64* %15, align 8 %77 = and i64 %76, %75 store i64 %77, i64* %15, align 8 br label %78 %79 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %13, i64 0, i32 0, i64 0 store i64 0, i64* %79, align 8 %80 = icmp ne i64 %3, 0 %81 = and i1 %16, %80 br i1 %81, label %82, label %142 %83 = icmp ugt i64 %14, 32768 br i1 %83, label %210, label %84 %85 = bitcast i64* %5 to i8* br label %86 %87 = phi i64 [ %113, %110 ], [ %14, %84 ] %88 = icmp ugt i64 %87, 64 br i1 %88, label %89, label %116 %117 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct* %119 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %126, label %123 %127 = bitcast %struct.cpumask* %13 to i8* %128 = inttoptr i64 %3 to i8* %129 = call i64 @_copy_from_user(i8* %127, i8* nonnull %128, i64 8) #78 br label %130 %131 = phi i64 [ %125, %123 ], [ %129, %126 ] %132 = trunc i64 %131 to i32 %133 = icmp eq i32 %132, 0 br i1 %133, label %134, label %210 %135 = and i64 %87, 63 %136 = icmp eq i64 %135, 0 br i1 %136, label %142, label %137 %138 = shl nsw i64 -1, %135 %139 = xor i64 %138, -1 %140 = load i64, i64* %79, align 8 %141 = and i64 %140, %139 store i64 %141, i64* %79, align 8 br label %142 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %143 = icmp eq i32 %8, 0 br i1 %143, label %146, label %144 %145 = call %struct.task_struct* @find_task_by_vpid(i32 %8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_migrate_pages 1 __x64_sys_migrate_pages ------------- Path:  Function:__x64_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_migrate_pages(i64 %3, i64 %5, i64 %7, i64 %9) #78 Function:__se_sys_migrate_pages %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.nodemask_scratch, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %2 to i64* %10 = inttoptr i64 %3 to i64* %11 = bitcast %struct.nodemask_scratch* %7 to i8* %12 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0 %13 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 1 %14 = add i64 %1, -1 %15 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %7, i64 0, i32 0, i32 0, i64 0 %16 = icmp ne i64 %14, 0 %17 = icmp ne i64 %2, 0 %18 = and i1 %17, %16 br i1 %18, label %19, label %78 %20 = icmp ugt i64 %14, 32768 br i1 %20, label %210, label %21 %22 = bitcast i64* %6 to i8* br label %23 %24 = phi i64 [ %50, %47 ], [ %14, %21 ] %25 = icmp ugt i64 %24, 64 br i1 %25, label %26, label %53 %54 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %55 = inttoptr i64 %54 to %struct.task_struct* %56 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %55, i64 0, i32 0, i32 2 %57 = load i32, i32* %56, align 8 %58 = and i32 %57, 2 %59 = icmp eq i32 %58, 0 br i1 %59, label %63, label %60 %64 = inttoptr i64 %2 to i8* %65 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %64, i64 8) #78 br label %66 %67 = phi i64 [ %62, %60 ], [ %65, %63 ] %68 = trunc i64 %67 to i32 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %210 %71 = and i64 %24, 63 %72 = icmp eq i64 %71, 0 br i1 %72, label %78, label %73 %74 = shl nsw i64 -1, %71 %75 = xor i64 %74, -1 %76 = load i64, i64* %15, align 8 %77 = and i64 %76, %75 store i64 %77, i64* %15, align 8 br label %78 %79 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %13, i64 0, i32 0, i64 0 store i64 0, i64* %79, align 8 %80 = icmp ne i64 %3, 0 %81 = and i1 %16, %80 br i1 %81, label %82, label %142 %83 = icmp ugt i64 %14, 32768 br i1 %83, label %210, label %84 %85 = bitcast i64* %5 to i8* br label %86 %87 = phi i64 [ %113, %110 ], [ %14, %84 ] %88 = icmp ugt i64 %87, 64 br i1 %88, label %89, label %116 %117 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %118 = inttoptr i64 %117 to %struct.task_struct* %119 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %118, i64 0, i32 0, i32 2 %120 = load i32, i32* %119, align 8 %121 = and i32 %120, 2 %122 = icmp eq i32 %121, 0 br i1 %122, label %126, label %123 %127 = bitcast %struct.cpumask* %13 to i8* %128 = inttoptr i64 %3 to i8* %129 = call i64 @_copy_from_user(i8* %127, i8* nonnull %128, i64 8) #78 br label %130 %131 = phi i64 [ %125, %123 ], [ %129, %126 ] %132 = trunc i64 %131 to i32 %133 = icmp eq i32 %132, 0 br i1 %133, label %134, label %210 %135 = and i64 %87, 63 %136 = icmp eq i64 %135, 0 br i1 %136, label %142, label %137 %138 = shl nsw i64 -1, %135 %139 = xor i64 %138, -1 %140 = load i64, i64* %79, align 8 %141 = and i64 %140, %139 store i64 %141, i64* %79, align 8 br label %142 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %143 = icmp eq i32 %8, 0 br i1 %143, label %146, label %144 %145 = call %struct.task_struct* @find_task_by_vpid(i32 %8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_get_robust_list 1 __ia32_sys_get_robust_list ------------- Path:  Function:__ia32_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_get_robust_list(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_get_robust_list %4 = trunc i64 %0 to i32 %5 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %5, label %6, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %8, label %11 %12 = tail call %struct.task_struct.92019* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.92019* (i32)*)(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_get_robust_list 1 __x64_sys_get_robust_list ------------- Path:  Function:__x64_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_get_robust_list(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_get_robust_list %4 = trunc i64 %0 to i32 %5 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %5, label %6, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %8, label %11 %12 = tail call %struct.task_struct.92019* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.92019* (i32)*)(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_get_robust_list ------------- Path:  Function:__ia32_compat_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %11, label %12, label %47 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = icmp eq i32 %10, 0 br i1 %13, label %14, label %17 %18 = tail call %struct.task_struct.92019* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.92019* (i32)*)(i32 %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #78 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #78 %11 = tail call %struct.task_struct* @find_task_by_vpid(i32 %8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __ia32_sys_kcmp ------------- Path:  Function:__ia32_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_kcmp(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_kcmp 1 __x64_sys_kcmp ------------- Path:  Function:__x64_sys_kcmp %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_kcmp(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_kcmp %6 = alloca %struct.uid_gid_extent, align 4 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = tail call %struct.task_struct* @find_task_by_vpid(i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__ia32_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #78 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__x64_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #78 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #78 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.cpu_itimer** %7 = load %struct.cpu_itimer*, %struct.cpu_itimer** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #78 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %8, align 8 %9 = shl i32 %6, 3 %10 = load i32, i32* @nr_cpu_ids, align 4 %11 = icmp uge i32 %9, %10 %12 = and i32 %6, 7 %13 = icmp eq i32 %12, 0 %14 = and i1 %13, %11 br i1 %14, label %15, label %49 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = icmp eq i32 %5, 0 br i1 %16, label %19, label %17 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %8, align 8 %9 = shl i32 %6, 3 %10 = load i32, i32* @nr_cpu_ids, align 4 %11 = icmp uge i32 %9, %10 %12 = and i32 %6, 7 %13 = icmp eq i32 %12, 0 %14 = and i1 %13, %11 br i1 %14, label %15, label %49 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = icmp eq i32 %5, 0 br i1 %16, label %19, label %17 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __se_compat_sys_sched_getaffinity 2 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #78 Function:__se_compat_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %1 to i32 %6 = inttoptr i64 %2 to i32* %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %8, align 8 %9 = shl i32 %5, 3 %10 = load i32, i32* @nr_cpu_ids, align 4 %11 = icmp uge i32 %9, %10 %12 = and i32 %5, 3 %13 = icmp eq i32 %12, 0 %14 = and i1 %13, %11 br i1 %14, label %15, label %65 %16 = trunc i64 %0 to i32 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %18 = call i64 @sched_getaffinity(i32 %16, %struct.cpumask* nonnull %17) #78 Function:sched_getaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __se_compat_sys_sched_setaffinity 2 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_setaffinity(i64 %4, i64 %7, i64 %10) #78 Function:__se_compat_sys_sched_setaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to i32* %8 = bitcast [1 x %struct.cpumask]* %4 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %11 = icmp ult i32 %6, 8 br i1 %11, label %12, label %16 store i64 0, i64* %9, align 8 %13 = shl i64 %1, 3 %14 = and i64 %13, 4294967288 %15 = add nuw nsw i64 %14, 31 br label %16 %17 = phi i64 [ %15, %12 ], [ 95, %3 ] %18 = lshr i64 %17, 3 %19 = and i64 %18, 2305843009213693948 %20 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %21 = add i64 %19, %2 %22 = icmp ult i64 %21, %19 %23 = icmp ugt i64 %21, %20 %24 = or i1 %22, %23 br i1 %24, label %59, label %25, !prof !5, !misexpect !6 %26 = lshr i64 %17, 5 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %27 %28 = phi i64* [ %9, %25 ], [ %45, %39 ] %29 = phi i32* [ %7, %25 ], [ %40, %39 ] %30 = phi i64 [ %26, %25 ], [ %46, %39 ] %31 = icmp ugt i64 %30, 1 br i1 %31, label %32, label %47 %48 = icmp eq i64 %30, 0 br i1 %48, label %55, label %49 %50 = bitcast i32* %29 to %struct.__large_struct* %51 = callbr i32 asm "\0A1:\09movl $1,$0\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long 3 \0A .popsection\0A", "=r,*m,X,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %50, i8* blockaddress(@__se_compat_sys_sched_setaffinity, %54)) #4 to label %52 [label %54], !srcloc !11 %53 = zext i32 %51 to i64 store i64 %53, i64* %28, align 8 br label %55 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %56 = call i64 @sched_setaffinity(i32 %5, %struct.cpumask* nonnull %10) #78 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 %14 = icmp ult i32 %11, 8 store i64 0, i64* %13, align 8 %15 = select i1 %14, i64 %7, i64 8 %16 = inttoptr i64 %10 to i8* %17 = call i64 @_copy_from_user(i8* nonnull %12, i8* %16, i64 %15) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %25 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %21 = trunc i64 %4 to i32 %22 = call i64 @sched_setaffinity(i32 %21, %struct.cpumask* nonnull %20) #78 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %15 = icmp ult i32 %11, 8 br i1 %15, label %16, label %18 store i64 0, i64* %13, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %16 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %14) #78 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #78 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct* @find_task_by_vpid(i32 %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #78 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct* @find_task_by_vpid(i32 %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %4, i64 %7) #78 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %3, i64 %5) #78 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #78 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %88 = call %struct.task_struct* @find_task_by_vpid(i32 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #78 %44 = icmp sgt i32 %43, 0 %45 = icmp eq i32 %43, 0 %46 = select i1 %45, i32 -7, i32 %43 br i1 %44, label %47, label %50 %48 = call i64 @_copy_from_user(i8* nonnull %7, i8* %29, i64 %33) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %54, label %64 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %31, %58 br i1 %59, label %64, label %67 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %69 = load i32, i32* %68, align 8 %70 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %71 = load i32, i32* %70, align 4 %72 = icmp slt i32 %71, 0 %73 = and i64 %56, 8 %74 = icmp sgt i32 %69, -20 br i1 %74, label %75, label %77 %76 = icmp slt i32 %69, 19 br i1 %76, label %77, label %79 store i32 19, i32* %68, align 8 br i1 %72, label %139, label %80 %81 = icmp eq i64 %73, 0 br i1 %81, label %83, label %82 store i32 -1, i32* %70, align 4 br label %83 %84 = phi i64* [ %53, %51 ], [ %55, %80 ], [ %55, %82 ] %85 = phi i32* [ %52, %51 ], [ %68, %80 ], [ %68, %82 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %86 = icmp eq i32 %5, 0 br i1 %86, label %89, label %87 %88 = call %struct.task_struct* @find_task_by_vpid(i32 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to %struct.kuid_t* %9 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %8) #78 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 store i32 0, i32* %7, align 4 %8 = icmp eq %struct.kuid_t* %2, null %9 = icmp slt i32 %0, 0 %10 = or i1 %9, %8 br i1 %10, label %63, label %11 %12 = bitcast %struct.kuid_t* %2 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %6, i8* %12, i64 4) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %63 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = icmp eq i32 %0, 0 br i1 %16, label %19, label %17 %18 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.kuid_t** %6 = load %struct.kuid_t*, %struct.kuid_t** %5, align 8 %7 = trunc i64 %3 to i32 %8 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %6) #78 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 store i32 0, i32* %7, align 4 %8 = icmp eq %struct.kuid_t* %2, null %9 = icmp slt i32 %0, 0 %10 = or i1 %9, %8 br i1 %10, label %63, label %11 %12 = bitcast %struct.kuid_t* %2 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %6, i8* %12, i64 4) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %63 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = icmp eq i32 %0, 0 br i1 %16, label %19, label %17 %18 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %16, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %9 to %struct.kuid_t* %13 = trunc i64 %11 to i32 %14 = tail call fastcc i32 @do_sched_setscheduler(i32 %13, i32 %4, %struct.kuid_t* %12) #78 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 store i32 0, i32* %7, align 4 %8 = icmp eq %struct.kuid_t* %2, null %9 = icmp slt i32 %0, 0 %10 = or i1 %9, %8 br i1 %10, label %63, label %11 %12 = bitcast %struct.kuid_t* %2 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %6, i8* %12, i64 4) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %63 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = icmp eq i32 %0, 0 br i1 %16, label %19, label %17 %18 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to %struct.kuid_t** %9 = load %struct.kuid_t*, %struct.kuid_t** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %11 to i32 %13 = tail call fastcc i32 @do_sched_setscheduler(i32 %12, i32 %4, %struct.kuid_t* %9) #78 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 store i32 0, i32* %7, align 4 %8 = icmp eq %struct.kuid_t* %2, null %9 = icmp slt i32 %0, 0 %10 = or i1 %9, %8 br i1 %10, label %63, label %11 %12 = bitcast %struct.kuid_t* %2 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %6, i8* %12, i64 4) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %63 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = icmp eq i32 %0, 0 br i1 %16, label %19, label %17 %18 = call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __ia32_compat_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_compat_sys_rt_tgsigqueueinfo %2 = alloca %struct.compat_siginfo, align 4 %3 = alloca %struct.kernel_siginfo, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %5 to i32 %14 = trunc i64 %7 to i32 %15 = trunc i64 %9 to i32 %16 = bitcast %struct.kernel_siginfo* %3 to i8* %17 = bitcast %struct.compat_siginfo* %2 to i8* %18 = inttoptr i64 %12 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %17, i8* %18, i64 128) #78 %20 = icmp eq i64 %19, 0 br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.compat_siginfo, %struct.compat_siginfo* %2, i64 0, i32 0 store i32 %15, i32* %23, align 4 call fastcc void @post_copy_siginfo_from_user32(%struct.kernel_siginfo* nonnull %3, %struct.compat_siginfo* nonnull %2) #78 %24 = icmp slt i32 %14, 1 %25 = icmp slt i32 %13, 1 %26 = or i1 %25, %24 br i1 %26, label %41, label %27 %28 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %29 = load i32, i32* %28, align 8 %30 = icmp sgt i32 %29, -1 %31 = icmp eq i32 %29, -6 %32 = or i1 %30, %31 br i1 %32, label %33, label %38 %34 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct.51970* %36 = call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %35, i32 0, %struct.pid_namespace.51753* null) #78 %37 = icmp eq i32 %36, %14 br i1 %37, label %38, label %41 %39 = call fastcc i32 @do_send_specific(i32 %13, i32 %14, i32 %15, %struct.kernel_siginfo* nonnull %3) #78 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct.51970* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.51970* (i32)*)(i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __se_sys_rt_tgsigqueueinfo 2 __ia32_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_sys_rt_tgsigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_rt_tgsigqueueinfo(i64 %4, i64 %7, i64 %10, i64 %13) #78 Function:__se_sys_rt_tgsigqueueinfo %5 = alloca [80 x i8], align 16 %6 = alloca %struct.kernel_siginfo, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = inttoptr i64 %3 to %struct.siginfo* %11 = bitcast %struct.kernel_siginfo* %6 to i8* %12 = inttoptr i64 %3 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %11, i8* %12, i64 48) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %76 %16 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 0 store i32 %9, i32* %16, align 8 %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = icmp eq i32 %18, 128 br i1 %19, label %60, label %20 %21 = icmp sgt i32 %18, 0 br i1 %21, label %22, label %38 %39 = icmp sgt i32 %18, -8 %40 = icmp eq i32 %18, -60 %41 = or i1 %39, %40 br i1 %41, label %60, label %42 %43 = getelementptr %struct.siginfo, %struct.siginfo* %10, i64 0, i32 0, i32 1, i64 0 %44 = getelementptr inbounds [80 x i8], [80 x i8]* %5, i64 0, i64 0 %45 = call i64 @_copy_from_user(i8* nonnull %44, i8* %43, i64 80) #78 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %57 %53 = phi i64 [ %95, %94 ], [ 0, %42 ] %54 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %53 %55 = load i8, i8* %54, align 1 %56 = icmp eq i8 %55, 0 br i1 %56, label %47, label %57 %48 = add nuw nsw i64 %53, 1 %49 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %48 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %79, label %57 %80 = add nuw nsw i64 %53, 2 %81 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %80 %82 = load i8, i8* %81, align 1 %83 = icmp eq i8 %82, 0 br i1 %83, label %84, label %57 %85 = add nuw nsw i64 %53, 3 %86 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %85 %87 = load i8, i8* %86, align 1 %88 = icmp eq i8 %87, 0 br i1 %88, label %89, label %57 %90 = add nuw nsw i64 %53, 4 %91 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %90 %92 = load i8, i8* %91, align 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %57 %95 = add nuw nsw i64 %53, 5 %96 = icmp eq i64 %95, 80 br i1 %96, label %59, label %52 br label %60 %61 = icmp slt i32 %8, 1 %62 = icmp slt i32 %7, 1 %63 = or i1 %62, %61 br i1 %63, label %76, label %64 %65 = load i32, i32* %17, align 8 %66 = icmp sgt i32 %65, -1 %67 = icmp eq i32 %65, -6 %68 = or i1 %66, %67 br i1 %68, label %69, label %74 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %71 = inttoptr i64 %70 to %struct.task_struct.51970* %72 = call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %71, i32 0, %struct.pid_namespace.51753* null) #78 %73 = icmp eq i32 %72, %8 br i1 %73, label %74, label %76 %75 = call fastcc i32 @do_send_specific(i32 %7, i32 %8, i32 %9, %struct.kernel_siginfo* nonnull %6) #78 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct.51970* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.51970* (i32)*)(i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __se_sys_rt_tgsigqueueinfo 2 __x64_sys_rt_tgsigqueueinfo ------------- Path:  Function:__x64_sys_rt_tgsigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_rt_tgsigqueueinfo(i64 %3, i64 %5, i64 %7, i64 %9) #78 Function:__se_sys_rt_tgsigqueueinfo %5 = alloca [80 x i8], align 16 %6 = alloca %struct.kernel_siginfo, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = inttoptr i64 %3 to %struct.siginfo* %11 = bitcast %struct.kernel_siginfo* %6 to i8* %12 = inttoptr i64 %3 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %11, i8* %12, i64 48) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %76 %16 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 0 store i32 %9, i32* %16, align 8 %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = icmp eq i32 %18, 128 br i1 %19, label %60, label %20 %21 = icmp sgt i32 %18, 0 br i1 %21, label %22, label %38 %39 = icmp sgt i32 %18, -8 %40 = icmp eq i32 %18, -60 %41 = or i1 %39, %40 br i1 %41, label %60, label %42 %43 = getelementptr %struct.siginfo, %struct.siginfo* %10, i64 0, i32 0, i32 1, i64 0 %44 = getelementptr inbounds [80 x i8], [80 x i8]* %5, i64 0, i64 0 %45 = call i64 @_copy_from_user(i8* nonnull %44, i8* %43, i64 80) #78 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %57 %53 = phi i64 [ %95, %94 ], [ 0, %42 ] %54 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %53 %55 = load i8, i8* %54, align 1 %56 = icmp eq i8 %55, 0 br i1 %56, label %47, label %57 %48 = add nuw nsw i64 %53, 1 %49 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %48 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %79, label %57 %80 = add nuw nsw i64 %53, 2 %81 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %80 %82 = load i8, i8* %81, align 1 %83 = icmp eq i8 %82, 0 br i1 %83, label %84, label %57 %85 = add nuw nsw i64 %53, 3 %86 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %85 %87 = load i8, i8* %86, align 1 %88 = icmp eq i8 %87, 0 br i1 %88, label %89, label %57 %90 = add nuw nsw i64 %53, 4 %91 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %90 %92 = load i8, i8* %91, align 1 %93 = icmp eq i8 %92, 0 br i1 %93, label %94, label %57 %95 = add nuw nsw i64 %53, 5 %96 = icmp eq i64 %95, 80 br i1 %96, label %59, label %52 br label %60 %61 = icmp slt i32 %8, 1 %62 = icmp slt i32 %7, 1 %63 = or i1 %62, %61 br i1 %63, label %76, label %64 %65 = load i32, i32* %17, align 8 %66 = icmp sgt i32 %65, -1 %67 = icmp eq i32 %65, -6 %68 = or i1 %66, %67 br i1 %68, label %69, label %74 %70 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %71 = inttoptr i64 %70 to %struct.task_struct.51970* %72 = call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %71, i32 0, %struct.pid_namespace.51753* null) #78 %73 = icmp eq i32 %72, %8 br i1 %73, label %74, label %76 %75 = call fastcc i32 @do_send_specific(i32 %7, i32 %8, i32 %9, %struct.kernel_siginfo* nonnull %6) #78 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct.51970* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.51970* (i32)*)(i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __ia32_sys_tkill ------------- Path:  Function:__ia32_sys_tkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = icmp slt i32 %7, 1 br i1 %9, label %29, label %10 %11 = bitcast %struct.kernel_siginfo* %2 to i8* %12 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %8, i32* %12, align 8 %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %13, align 4 %14 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.51970* %17 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %16, i32 1, %struct.pid_namespace.51753* null) #78 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %16, i64 0, i32 85 %20 = load %struct.cred*, %struct.cred** %19, align 64 %21 = getelementptr inbounds %struct.cred, %struct.cred* %20, i64 0, i32 1, i32 0 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, -1 %24 = load i32, i32* @overflowuid, align 4 %25 = select i1 %23, i32 %24, i32 %22 %26 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %25, i32* %26, align 4 %27 = call fastcc i32 @do_send_specific(i32 0, i32 %7, i32 %8, %struct.kernel_siginfo* nonnull %2) #78 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct.51970* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.51970* (i32)*)(i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __x64_sys_tkill ------------- Path:  Function:__x64_sys_tkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = icmp slt i32 %7, 1 br i1 %9, label %29, label %10 %11 = bitcast %struct.kernel_siginfo* %2 to i8* %12 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %8, i32* %12, align 8 %13 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %13, align 4 %14 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %14, align 8 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %16 = inttoptr i64 %15 to %struct.task_struct.51970* %17 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %16, i32 1, %struct.pid_namespace.51753* null) #78 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %16, i64 0, i32 85 %20 = load %struct.cred*, %struct.cred** %19, align 64 %21 = getelementptr inbounds %struct.cred, %struct.cred* %20, i64 0, i32 1, i32 0 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, -1 %24 = load i32, i32* @overflowuid, align 4 %25 = select i1 %23, i32 %24, i32 %22 %26 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %25, i32* %26, align 4 %27 = call fastcc i32 @do_send_specific(i32 0, i32 %7, i32 %8, %struct.kernel_siginfo* nonnull %2) #78 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct.51970* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.51970* (i32)*)(i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __ia32_sys_tgkill ------------- Path:  Function:__ia32_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct.51970* %22 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %21, i32 1, %struct.pid_namespace.51753* null) #78 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %21, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #78 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct.51970* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.51970* (i32)*)(i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_send_specific 1 __x64_sys_tgkill ------------- Path:  Function:__x64_sys_tgkill %2 = alloca %struct.kernel_siginfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp slt i32 %10, 1 %13 = icmp slt i32 %9, 1 %14 = or i1 %13, %12 br i1 %14, label %34, label %15 %16 = bitcast %struct.kernel_siginfo* %2 to i8* %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %11, i32* %17, align 8 %18 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %18, align 4 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 -6, i32* %19, align 8 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.51970** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.51970**)) #11, !srcloc !4 %21 = inttoptr i64 %20 to %struct.task_struct.51970* %22 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.51970*, i32, %struct.pid_namespace.51753*)*)(%struct.task_struct.51970* %21, i32 1, %struct.pid_namespace.51753* null) #78 %23 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %22, i32* %23, align 8 %24 = getelementptr inbounds %struct.task_struct.51970, %struct.task_struct.51970* %21, i64 0, i32 85 %25 = load %struct.cred*, %struct.cred** %24, align 64 %26 = getelementptr inbounds %struct.cred, %struct.cred* %25, i64 0, i32 1, i32 0 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 %29 = load i32, i32* @overflowuid, align 4 %30 = select i1 %28, i32 %29, i32 %27 %31 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %30, i32* %31, align 4 %32 = call fastcc i32 @do_send_specific(i32 %9, i32 %10, i32 %11, %struct.kernel_siginfo* nonnull %2) #78 Function:do_send_specific tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.task_struct.51970* bitcast (%struct.task_struct* (i32)* @find_task_by_vpid to %struct.task_struct.51970* (i32)*)(i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpriority 1 __ia32_sys_setpriority ------------- Path:  Function:__ia32_sys_setpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setpriority(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_setpriority %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp ugt i32 %4, 2 br i1 %11, label %142, label %12 %13 = icmp sgt i32 %6, -20 %14 = select i1 %13, i32 %6, i32 -20 %15 = icmp slt i32 %14, 19 %16 = select i1 %15, i32 %14, i32 19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 switch i32 %4, label %139 [ i32 0, label %17 i32 1, label %26 i32 2, label %81 ] %18 = icmp eq i32 %5, 0 br i1 %18, label %21, label %19 %20 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpriority 1 __x64_sys_setpriority ------------- Path:  Function:__x64_sys_setpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setpriority(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_setpriority %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp ugt i32 %4, 2 br i1 %11, label %142, label %12 %13 = icmp sgt i32 %6, -20 %14 = select i1 %13, i32 %6, i32 -20 %15 = icmp slt i32 %14, 19 %16 = select i1 %15, i32 %14, i32 19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 switch i32 %4, label %139 [ i32 0, label %17 i32 1, label %26 i32 2, label %81 ] %18 = icmp eq i32 %5, 0 br i1 %18, label %21, label %19 %20 = tail call %struct.task_struct* @find_task_by_vpid(i32 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_getpriority 1 __ia32_sys_getpriority ------------- Path:  Function:__ia32_sys_getpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_getpriority(i64 %4, i64 %7) #78 Function:__se_sys_getpriority %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 85 %8 = load %struct.cred*, %struct.cred** %7, align 64 %9 = icmp ugt i32 %3, 2 br i1 %9, label %153, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 switch i32 %3, label %150 [ i32 0, label %11 i32 1, label %26 i32 2, label %86 ] %12 = icmp eq i32 %4, 0 br i1 %12, label %15, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_getpriority 1 __x64_sys_getpriority ------------- Path:  Function:__x64_sys_getpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_getpriority(i64 %3, i64 %5) #78 Function:__se_sys_getpriority %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 85 %8 = load %struct.cred*, %struct.cred** %7, align 64 %9 = icmp ugt i32 %3, 2 br i1 %9, label %153, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 switch i32 %3, label %150 [ i32 0, label %11 i32 1, label %26 i32 2, label %86 ] %12 = icmp eq i32 %4, 0 br i1 %12, label %15, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpgid 1 __ia32_sys_setpgid ------------- Path:  Function:__ia32_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setpgid(i64 %4, i64 %7) #78 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #78 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpgid 1 __x64_sys_setpgid ------------- Path:  Function:__x64_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setpgid(i64 %3, i64 %5) #78 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #78 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getpgid ------------- Path:  Function:__x64_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getpgid ------------- Path:  Function:__ia32_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getsid ------------- Path:  Function:__x64_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getsid ------------- Path:  Function:__ia32_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %13 %14 = tail call %struct.task_struct* @find_task_by_vpid(i32 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __ia32_sys_prlimit64 ------------- Path:  Function:__ia32_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_prlimit64(i64 %4, i64 %7, i64 %10, i64 %13) #78 Function:__se_sys_prlimit64 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.cpu_itimer* %5 to i8* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = bitcast %struct.cpu_itimer* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct* @find_task_by_vpid(i32 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __x64_sys_prlimit64 ------------- Path:  Function:__x64_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_prlimit64(i64 %3, i64 %5, i64 %7, i64 %9) #78 Function:__se_sys_prlimit64 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca %struct.cpu_itimer, align 8 %7 = alloca %struct.cpu_itimer, align 8 %8 = alloca %struct.cpu_itimer, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.cpu_itimer* %5 to i8* %12 = bitcast %struct.cpu_itimer* %6 to i8* %13 = bitcast %struct.cpu_itimer* %7 to i8* %14 = bitcast %struct.cpu_itimer* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct* @find_task_by_vpid(i32 %9) #78 ------------- Good: 9 Bad: 56 Ignored: 10 Check Use of Function:__cleanup_nmi Check Use of Function:ksys_sync_helper Check Use of Function:ext4_fc_track_unlink Check Use of Function:acpi_early_processor_osc Check Use of Function:i915_gem_suspend Check Use of Function:snapshot_write_finalize Check Use of Function:tcf_proto_signal_destroying Check Use of Function:free_fs_struct Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __ia32_sys_unshare ------------- Path:  Function:__ia32_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call i32 @ksys_unshare(i64 %4) #78 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %156 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 65 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %156 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %156, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #78 br i1 %45, label %46, label %156 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 91 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 64 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %66 = phi i64 [ 0, %46 ], [ %63, %61 ], [ 0, %57 ] %67 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 92 %68 = load %struct.files_struct*, %struct.files_struct** %67, align 8 %69 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %70 = and i64 %8, 1024 %71 = icmp ne i64 %70, 0 %72 = icmp ne %struct.files_struct* %68, null %73 = and i1 %71, %72 br i1 %73, label %74, label %83 %75 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %68, i64 0, i32 0, i32 0 %76 = load volatile i32, i32* %75, align 4 %77 = icmp sgt i32 %76, 1 br i1 %77, label %78, label %83 %84 = phi i64 [ 0, %65 ], [ 0, %74 ], [ %80, %78 ] br label %87 %88 = phi i64 [ %84, %83 ], [ %80, %85 ] %89 = and i64 %8, 268435456 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %143 %92 = inttoptr i64 %66 to %struct.fs_struct* %93 = call i32 @unshare_nsproxy_namespaces(i64 %17, %struct.nsproxy** nonnull %3, %struct.cred* null, %struct.fs_struct* %92) #78 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %143 %96 = or i64 %66, %47 %97 = or i64 %96, %88 %98 = icmp ne i64 %97, 0 %99 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %100 = icmp ne %struct.nsproxy* %99, null %101 = or i1 %98, %100 br i1 %101, label %102, label %140 br i1 %48, label %104, label %103 %105 = and i64 %8, 134217728 %106 = icmp eq i64 %105, 0 br i1 %106, label %111, label %107 %112 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %113 = icmp eq %struct.nsproxy* %112, null br i1 %113, label %115, label %114 %116 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 112, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %116) #78 %117 = icmp eq i64 %66, 0 br i1 %117, label %130, label %118 %131 = phi i64 [ 0, %115 ], [ %128, %118 ] %132 = icmp eq i64 %88, 0 br i1 %132, label %136, label %133 %137 = phi i64 [ 0, %130 ], [ %135, %133 ] %138 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 112 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %139 = bitcast %struct.spinlock* %138 to i8* store volatile i8 0, i8* %139, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %140 %141 = phi i64 [ %131, %136 ], [ %66, %95 ] %142 = phi i64 [ %137, %136 ], [ %88, %95 ] call void bitcast (void (%struct.task_struct.115588*)* @perf_event_namespaces to void (%struct.task_struct*)*)(%struct.task_struct* %50) #78 br label %143 %144 = phi i64 [ %66, %87 ], [ %141, %140 ], [ %66, %91 ] %145 = phi i64 [ %88, %87 ], [ %142, %140 ], [ %88, %91 ] %146 = phi i32 [ -22, %87 ], [ 0, %140 ], [ %93, %91 ] %147 = icmp eq i64 %145, 0 br i1 %147, label %150, label %148 %151 = phi i64 [ %144, %143 ], [ %144, %148 ], [ %66, %85 ] %152 = phi i32 [ %146, %143 ], [ %146, %148 ], [ %82, %85 ] %153 = icmp eq i64 %151, 0 br i1 %153, label %156, label %154 %155 = inttoptr i64 %151 to %struct.fs_struct* call void @free_fs_struct(%struct.fs_struct* nonnull %155) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_unshare 1 __x64_sys_unshare ------------- Path:  Function:__x64_sys_unshare %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call i32 @ksys_unshare(i64 %3) #78 Function:ksys_unshare %2 = alloca i32, align 4 %3 = alloca %struct.nsproxy*, align 8 %4 = bitcast %struct.nsproxy** %3 to i8* store %struct.nsproxy* null, %struct.nsproxy** %3, align 8 %5 = and i64 %0, 268435456 %6 = icmp eq i64 %5, 0 %7 = or i64 %0, 66048 %8 = select i1 %6, i64 %0, i64 %7 %9 = shl i64 %8, 3 %10 = and i64 %9, 2048 %11 = or i64 %10, %8 %12 = shl i64 %11, 5 %13 = and i64 %12, 65536 %14 = or i64 %13, %11 %15 = lshr i64 %8, 8 %16 = and i64 %15, 512 %17 = or i64 %14, %16 %18 = and i64 %8, -2114391937 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %156 %21 = and i64 %14, 67840 %22 = icmp eq i64 %21, 0 br i1 %22, label %30, label %23 %24 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %25 = inttoptr i64 %24 to %struct.task_struct* %26 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %25, i64 0, i32 65 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %30, label %156 %31 = and i64 %11, 2304 %32 = icmp eq i64 %31, 0 br i1 %32, label %41, label %33 %34 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %35 = inttoptr i64 %34 to %struct.task_struct* %36 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %35, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 1, i32 0, i32 0 %39 = load volatile i32, i32* %38, align 4 %40 = icmp ugt i32 %39, 1 br i1 %40, label %156, label %41 %42 = and i64 %8, 256 %43 = icmp eq i64 %42, 0 br i1 %43, label %46, label %44 %45 = tail call zeroext i1 @current_is_single_threaded() #78 br i1 %45, label %46, label %156 %47 = and i64 %8, 134479872 %48 = icmp eq i64 %47, 0 %49 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %50 = inttoptr i64 %49 to %struct.task_struct* %51 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 91 %52 = load %struct.fs_struct*, %struct.fs_struct** %51, align 64 %53 = and i64 %17, 512 %54 = icmp ne i64 %53, 0 %55 = icmp ne %struct.fs_struct* %52, null %56 = and i1 %54, %55 br i1 %56, label %57, label %65 %66 = phi i64 [ 0, %46 ], [ %63, %61 ], [ 0, %57 ] %67 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 92 %68 = load %struct.files_struct*, %struct.files_struct** %67, align 8 %69 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %70 = and i64 %8, 1024 %71 = icmp ne i64 %70, 0 %72 = icmp ne %struct.files_struct* %68, null %73 = and i1 %71, %72 br i1 %73, label %74, label %83 %75 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %68, i64 0, i32 0, i32 0 %76 = load volatile i32, i32* %75, align 4 %77 = icmp sgt i32 %76, 1 br i1 %77, label %78, label %83 %84 = phi i64 [ 0, %65 ], [ 0, %74 ], [ %80, %78 ] br label %87 %88 = phi i64 [ %84, %83 ], [ %80, %85 ] %89 = and i64 %8, 268435456 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %143 %92 = inttoptr i64 %66 to %struct.fs_struct* %93 = call i32 @unshare_nsproxy_namespaces(i64 %17, %struct.nsproxy** nonnull %3, %struct.cred* null, %struct.fs_struct* %92) #78 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %143 %96 = or i64 %66, %47 %97 = or i64 %96, %88 %98 = icmp ne i64 %97, 0 %99 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %100 = icmp ne %struct.nsproxy* %99, null %101 = or i1 %98, %100 br i1 %101, label %102, label %140 br i1 %48, label %104, label %103 %105 = and i64 %8, 134217728 %106 = icmp eq i64 %105, 0 br i1 %106, label %111, label %107 %112 = load %struct.nsproxy*, %struct.nsproxy** %3, align 8 %113 = icmp eq %struct.nsproxy* %112, null br i1 %113, label %115, label %114 %116 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 112, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %116) #78 %117 = icmp eq i64 %66, 0 br i1 %117, label %130, label %118 %131 = phi i64 [ 0, %115 ], [ %128, %118 ] %132 = icmp eq i64 %88, 0 br i1 %132, label %136, label %133 %137 = phi i64 [ 0, %130 ], [ %135, %133 ] %138 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %50, i64 0, i32 112 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %139 = bitcast %struct.spinlock* %138 to i8* store volatile i8 0, i8* %139, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %140 %141 = phi i64 [ %131, %136 ], [ %66, %95 ] %142 = phi i64 [ %137, %136 ], [ %88, %95 ] call void bitcast (void (%struct.task_struct.115588*)* @perf_event_namespaces to void (%struct.task_struct*)*)(%struct.task_struct* %50) #78 br label %143 %144 = phi i64 [ %66, %87 ], [ %141, %140 ], [ %66, %91 ] %145 = phi i64 [ %88, %87 ], [ %142, %140 ], [ %88, %91 ] %146 = phi i32 [ -22, %87 ], [ 0, %140 ], [ %93, %91 ] %147 = icmp eq i64 %145, 0 br i1 %147, label %150, label %148 %151 = phi i64 [ %144, %143 ], [ %144, %148 ], [ %66, %85 ] %152 = phi i32 [ %146, %143 ], [ %146, %148 ], [ %82, %85 ] %153 = icmp eq i64 %151, 0 br i1 %153, label %156, label %154 %155 = inttoptr i64 %151 to %struct.fs_struct* call void @free_fs_struct(%struct.fs_struct* nonnull %155) #78 ------------- Good: 1 Bad: 2 Ignored: 1 Check Use of Function:swap_type_of Check Use of Function:ieee80211_clear_tx_pending Check Use of Function:unlock_device_hotplug Check Use of Function:ext4_xattr_hurd_get Check Use of Function:uts_proc_notify Check Use of Function:_dev_err Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60974, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60973, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #78 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %22 = bitcast %struct.list_head** %21 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60974, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #78 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %9 = bitcast %struct.list_head** %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %13 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %14 = bitcast %struct.list_head** %13 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %14, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60973, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60974, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60973, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #78 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %23 = bitcast %struct.list_head** %22 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60974, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #78 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %10 = bitcast %struct.list_head** %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %14 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %15 = bitcast %struct.list_head** %14 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %15, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60973, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.60995, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60974, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60973, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %30 = bitcast %struct.list_head** %29 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.60995, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %19 = bitcast %struct.list_head** %18 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60974, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %5 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 809 %6 = bitcast %struct.list_head** %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.list_head*, %struct.list_head** %4, i64 794 %11 = bitcast %struct.list_head** %10 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60973, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %8 = bitcast %struct.list_head** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %15 = getelementptr inbounds i8, i8* %9, i64 8 %16 = bitcast i8* %15 to %struct.lg4ff_device_entry** %17 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %16, align 8 %18 = icmp eq %struct.lg4ff_device_entry* %17, null br i1 %18, label %19, label %22 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %21 = bitcast %struct.list_head** %20 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %21, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.60974, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device, %struct.device* %0, i64 -9, i32 10, i32 2, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.hid_device* %7 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 809 %8 = bitcast %struct.list_head** %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %12 = getelementptr inbounds %struct.list_head*, %struct.list_head** %5, i64 794 %13 = bitcast %struct.list_head** %12 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %13, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.60973, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 store i8 0, i8* %6, align 1 %10 = tail call i8* @strchr(i8* %2, i32 32) #78 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.59.57175, i64 0, i64 0), i16* %21, i8* nonnull %6) #78 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.61.57177, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.56.57180, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 store i8 0, i8* %6, align 1 %10 = tail call i8* @strchr(i8* %2, i32 32) #78 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.59.57175, i64 0, i64 0), i16* %21, i8* nonnull %6) #78 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.60.57176, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.56.57180, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 store i8 0, i8* %6, align 1 %10 = tail call i8* @strchr(i8* %2, i32 32) #78 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.58.57182, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.56.57180, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 new_device_store ------------- Path:  Function:new_device_store %5 = alloca %struct.i2c_board_info, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.i2c_adapter* %9 = getelementptr inbounds %struct.i2c_board_info, %struct.i2c_board_info* %5, i64 0, i32 0, i64 0 store i8 0, i8* %6, align 1 %10 = tail call i8* @strchr(i8* %2, i32 32) #78 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.57.57181, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.56.57180, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 delete_device_store ------------- Path:  Function:delete_device_store %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast i16* %5 to i8* store i16 0, i16* %5, align 2 store i8 0, i8* %6, align 1 %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.59.57175, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #78 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 %13 = icmp eq i32 %9, 1 %14 = load i8, i8* %6, align 1 %15 = icmp eq i8 %14, 10 %16 = or i1 %13, %15 br i1 %16, label %18, label %17 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.61.57177, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.63.57174, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 delete_device_store ------------- Path:  Function:delete_device_store %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 22, i32 1 %8 = bitcast i16* %5 to i8* store i16 0, i16* %5, align 2 store i8 0, i8* %6, align 1 %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.59.57175, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #78 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.60.57176, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.63.57174, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 pnp_disable_dev 1 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.351947* %11 = getelementptr inbounds %struct.pnp_dev.351947, %struct.pnp_dev.351947* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #79 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.34057, i64 0, i64 0), i64 7) #80 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.352189*)* @pnp_disable_dev to i32 (%struct.pnp_dev.351947*)*)(%struct.pnp_dev.351947* %10) #79 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.352179*, %struct.pnp_protocol.352179** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.352179, %struct.pnp_protocol.352179* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.352189*)*, i32 (%struct.pnp_dev.352189*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.352189*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %28 = tail call i32 %9(%struct.pnp_dev.352189* %0) #79 %29 = icmp slt i32 %28, 0 %30 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 0 br i1 %29, label %31, label %32 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %30, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.8.33955, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 check_for_unclaimed_mmio 1 intel_uncore_forcewake_user_put 2 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.436889** %5 = load %struct.drm_i915_private.436889*, %struct.drm_i915_private.436889** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %5, i64 0, i32 3, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp ugt i8 %7, 5 br i1 %8, label %9, label %11 %10 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %5, i64 0, i32 9 tail call void bitcast (void (%struct.intel_uncore.429056*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.436570*)*)(%struct.intel_uncore.436570* %10) #78 Function:intel_uncore_forcewake_user_put %2 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %3) #78 %4 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 15 %5 = load i32, i32* %4, align 8 %6 = add i32 %5, -1 store i32 %6, i32* %4, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %64 %9 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 16 %10 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %11 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %13 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %12, i64 0, i32 3 %14 = load i32, i32* %13, align 4 %15 = add i32 %14, -1 store i32 %15, i32* %13, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %21 %22 = tail call fastcc zeroext i1 @check_for_unclaimed_mmio(%struct.intel_uncore.429056* %0) #79 Function:check_for_unclaimed_mmio %2 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 16 %3 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %2, align 8 %4 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %3, i64 0, i32 3 %5 = load i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %83 %8 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 271104 %16 = bitcast i8* %15 to i32* %17 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16) #6, !srcloc !4 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %30, !prof !5, !misexpect !6 %20 = icmp eq i32 %17, -1 br i1 %20, label %21, label %26, !prof !5, !misexpect !7 %22 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 1 %23 = load %struct.drm_i915_private.429396*, %struct.drm_i915_private.429396** %22, align 8 %24 = getelementptr inbounds %struct.drm_i915_private.429396, %struct.drm_i915_private.429396* %23, i64 0, i32 0, i32 2 %25 = load %struct.device*, %struct.device** %24, align 8 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %25, i8* getelementptr inbounds ([83 x i8], [83 x i8]* @.str.35.39371, i64 0, i64 0)) #78 ------------- Good: 2997 Bad: 24 Ignored: 2760 Check Use of Function:autofs_dev_ioctl Use: =BAD PATH= Call Stack: 0 autofs_dev_ioctl_compat ------------- Path:  Function:autofs_dev_ioctl_compat %4 = and i64 %2, 4294967295 %5 = tail call i64 @autofs_dev_ioctl(%struct.file* %0, i32 %1, i64 %4) #78 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:drm_gem_handle_create Check Use of Function:dev_change_tx_queue_len Check Use of Function:link_path_walk Check Use of Function:ip_tunnel_update Check Use of Function:scsi_autopm_get_host Check Use of Function:netlbl_unlabel_defconf Check Use of Function:serial8250_config_port Check Use of Function:dm_pr_register Check Use of Function:drv_event_callback.72991 Check Use of Function:i915_perf_ioctl Check Use of Function:cfg80211_sme_disassoc Check Use of Function:free_netdev Check Use of Function:drm_master_put Check Use of Function:security_get_bools Check Use of Function:find_get_context Check Use of Function:set_fs_root Check Use of Function:ldsem_up_write Check Use of Function:__mmap_lock_do_trace_released Use: =BAD PATH= Call Stack: 0 m_stop.18168 ------------- Path:  Function:m_stop.18168 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 %9 = load %struct.task_struct*, %struct.task_struct** %8, align 8 %10 = icmp eq %struct.task_struct* %9, null br i1 %10, label %32, label %11 %12 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 4 %13 = load %struct.mempolicy*, %struct.mempolicy** %12, align 8 %14 = icmp eq %struct.mempolicy* %13, null br i1 %14, label %16, label %15 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_stop.18168, %17)) #6 to label %18 [label %17], !srcloc !4 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 m_stop.18168 ------------- Path:  Function:m_stop.18168 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 %9 = load %struct.task_struct*, %struct.task_struct** %8, align 8 %10 = icmp eq %struct.task_struct* %9, null br i1 %10, label %32, label %11 %12 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 4 %13 = load %struct.mempolicy*, %struct.mempolicy** %12, align 8 %14 = icmp eq %struct.mempolicy* %13, null br i1 %14, label %16, label %15 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_stop.18168, %17)) #6 to label %18 [label %17], !srcloc !4 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 m_stop.18168 ------------- Path:  Function:m_stop.18168 %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.proc_maps_private** %5 = load %struct.proc_maps_private*, %struct.proc_maps_private** %4, align 8 %6 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 2 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 1 %9 = load %struct.task_struct*, %struct.task_struct** %8, align 8 %10 = icmp eq %struct.task_struct* %9, null br i1 %10, label %32, label %11 %12 = getelementptr inbounds %struct.proc_maps_private, %struct.proc_maps_private* %5, i64 0, i32 4 %13 = load %struct.mempolicy*, %struct.mempolicy** %12, align 8 %14 = icmp eq %struct.mempolicy* %13, null br i1 %14, label %16, label %15 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@m_stop.18168, %17)) #6 to label %18 [label %17], !srcloc !4 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __ia32_sys_get_mempolicy ------------- Path:  Function:__ia32_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %9 = bitcast %struct.cpumask* %7 to i8* %10 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %7, i64 0, i32 0, i64 0 store i64 0, i64* %10, align 8 %11 = icmp eq i64 %1, 0 br i1 %11, label %16, label %12 %13 = load i32, i32* @nr_node_ids, align 4 %14 = zext i32 %13 to i64 %15 = icmp ugt i64 %14, %2 br i1 %15, label %82, label %16 %17 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #78 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 146 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %163 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = and i64 %3, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %56, label %28 %57 = icmp eq i64 %2, 0 br i1 %57, label %64, label %163 %65 = icmp eq %struct.mempolicy* %10, null %66 = select i1 %65, %struct.mempolicy* @default_policy, %struct.mempolicy* %10 %67 = and i64 %3, 1 %68 = icmp eq i64 %67, 0 br i1 %68, label %85, label %73 %74 = icmp eq %struct.mempolicy* %66, %10 br i1 %74, label %75, label %128 %129 = phi %struct.mempolicy* [ %61, %69 ], [ %102, %110 ], [ %102, %125 ], [ %102, %100 ], [ %10, %75 ], [ %66, %73 ] %130 = phi i32 [ %71, %69 ], [ 0, %110 ], [ 0, %125 ], [ 0, %100 ], [ -22, %75 ], [ -22, %73 ] %131 = phi %struct.vm_area_struct* [ null, %69 ], [ %103, %110 ], [ %103, %125 ], [ %103, %100 ], [ null, %75 ], [ null, %73 ] %132 = phi %struct.mempolicy* [ %61, %69 ], [ %104, %110 ], [ %104, %125 ], [ %104, %100 ], [ null, %75 ], [ null, %73 ] %133 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %129, i64 0, i32 2 %134 = load i16, i16* %133, align 2 %135 = and i16 %134, 1 %136 = icmp eq i16 %135, 0 br i1 %136, label %145, label %137 %146 = icmp eq %struct.vm_area_struct* %131, null br i1 %146, label %151, label %147 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %148)) #6 to label %149 [label %148], !srcloc !7 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %8, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_get_mempolicy 1 __se_sys_get_mempolicy 2 __x64_sys_get_mempolicy ------------- Path:  Function:__x64_sys_get_mempolicy %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_get_mempolicy(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_get_mempolicy %6 = alloca i32, align 4 %7 = alloca %struct.cpumask, align 8 %8 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %9 = bitcast %struct.cpumask* %7 to i8* %10 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %7, i64 0, i32 0, i64 0 store i64 0, i64* %10, align 8 %11 = icmp eq i64 %1, 0 br i1 %11, label %16, label %12 %13 = load i32, i32* @nr_node_ids, align 4 %14 = zext i32 %13 to i64 %15 = icmp ugt i64 %14, %2 br i1 %15, label %82, label %16 %17 = call fastcc i64 @do_get_mempolicy(i32* nonnull %6, %struct.cpumask* nonnull %7, i64 %3, i64 %4) #78 Function:do_get_mempolicy %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 38 %8 = load %struct.mm_struct*, %struct.mm_struct** %7, align 64 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 146 %10 = load %struct.mempolicy*, %struct.mempolicy** %9, align 8 %11 = icmp ult i64 %3, 8 br i1 %11, label %12, label %163 %13 = and i64 %3, 4 %14 = icmp eq i64 %13, 0 br i1 %14, label %25, label %15 %26 = and i64 %3, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %56, label %28 %57 = icmp eq i64 %2, 0 br i1 %57, label %64, label %163 %65 = icmp eq %struct.mempolicy* %10, null %66 = select i1 %65, %struct.mempolicy* @default_policy, %struct.mempolicy* %10 %67 = and i64 %3, 1 %68 = icmp eq i64 %67, 0 br i1 %68, label %85, label %73 %74 = icmp eq %struct.mempolicy* %66, %10 br i1 %74, label %75, label %128 %129 = phi %struct.mempolicy* [ %61, %69 ], [ %102, %110 ], [ %102, %125 ], [ %102, %100 ], [ %10, %75 ], [ %66, %73 ] %130 = phi i32 [ %71, %69 ], [ 0, %110 ], [ 0, %125 ], [ 0, %100 ], [ -22, %75 ], [ -22, %73 ] %131 = phi %struct.vm_area_struct* [ null, %69 ], [ %103, %110 ], [ %103, %125 ], [ %103, %100 ], [ null, %75 ], [ null, %73 ] %132 = phi %struct.mempolicy* [ %61, %69 ], [ %104, %110 ], [ %104, %125 ], [ %104, %100 ], [ null, %75 ], [ null, %73 ] %133 = getelementptr inbounds %struct.mempolicy, %struct.mempolicy* %129, i64 0, i32 2 %134 = load i16, i16* %133, align 2 %135 = and i16 %134, 1 %136 = icmp eq i16 %135, 0 br i1 %136, label %145, label %137 %146 = icmp eq %struct.vm_area_struct* %131, null br i1 %146, label %151, label %147 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_get_mempolicy, %148)) #6 to label %149 [label %148], !srcloc !7 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %8, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 madvise_remove 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %88 = call fastcc i64 @madvise_remove(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86) #78 Function:madvise_remove %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %7 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8192 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %45 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = icmp eq %struct.file* %13, null br i1 %14, label %45, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = icmp eq %struct.address_space* %17, null br i1 %18, label %45, label %19 %20 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 0 %21 = load %struct.inode*, %struct.inode** %20, align 8 %22 = icmp eq %struct.inode* %21, null br i1 %22, label %45, label %23 %24 = and i64 %8, 10 %25 = icmp eq i64 %24, 10 br i1 %25, label %26, label %45 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = sub i64 %2, %28 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %31 = load i64, i64* %30, align 8 %32 = shl i64 %31, 12 %33 = add i64 %29, %32 %34 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_remove, %35)) #6 to label %36 [label %35], !srcloc !5 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %6, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 madvise_remove 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %88 = call fastcc i64 @madvise_remove(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86) #78 Function:madvise_remove %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %6 = load %struct.mm_struct*, %struct.mm_struct** %5, align 8 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %7 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8192 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %45 %12 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %13 = load %struct.file*, %struct.file** %12, align 8 %14 = icmp eq %struct.file* %13, null br i1 %14, label %45, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = icmp eq %struct.address_space* %17, null br i1 %18, label %45, label %19 %20 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 0 %21 = load %struct.inode*, %struct.inode** %20, align 8 %22 = icmp eq %struct.inode* %21, null br i1 %22, label %45, label %23 %24 = and i64 %8, 10 %25 = icmp eq i64 %24, 10 br i1 %25, label %26, label %45 %27 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = sub i64 %2, %28 %30 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %31 = load i64, i64* %30, align 8 %32 = shl i64 %31, 12 %33 = add i64 %29, %32 %34 = getelementptr inbounds %struct.file, %struct.file* %13, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_remove, %35)) #6 to label %36 [label %35], !srcloc !5 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %6, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86) #78 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %137 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %138 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %138, i64* %138) #6, !srcloc !11 %139 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %140 = load i64, i64* %139, align 8 %141 = sub i64 %2, %140 %142 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %143 = load i64, i64* %142, align 8 %144 = shl i64 %143, 12 %145 = add i64 %141, %144 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_willneed, %146)) #6 to label %147 [label %146], !srcloc !12 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #78 ------------- Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86) #78 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %16 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 18 %17 = load %struct.address_space*, %struct.address_space** %16, align 8 %18 = getelementptr inbounds %struct.address_space, %struct.address_space* %17, i64 0, i32 9 %19 = load %struct.address_space_operations*, %struct.address_space_operations** %18, align 8 %20 = icmp eq %struct.address_space_operations* %19, @shmem_aops br i1 %20, label %21, label %137 store %struct.vm_area_struct* null, %struct.vm_area_struct** %1, align 8 %138 = getelementptr inbounds %struct.file, %struct.file* %9, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %138, i64* %138) #6, !srcloc !11 %139 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 0 %140 = load i64, i64* %139, align 8 %141 = sub i64 %2, %140 %142 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 13 %143 = load i64, i64* %142, align 8 %144 = shl i64 %143, 12 %145 = add i64 %141, %144 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@madvise_willneed, %146)) #6 to label %147 [label %146], !srcloc !12 tail call void @__mmap_lock_do_trace_released(%struct.mm_struct* %7, i1 zeroext false) #78 ------------- Good: 147 Bad: 9 Ignored: 121 Check Use of Function:try_to_unuse Check Use of Function:acpi_ev_init_global_lock_handler Check Use of Function:ieee80211_reconfig Check Use of Function:__mmap_lock_do_trace_acquire_returned Check Use of Function:cfg80211_assoc_timeout Check Use of Function:alloc_netdev_mqs Check Use of Function:__put_net Use: =BAD PATH= Call Stack: 0 put_fs_context 1 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.158414*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #78 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 5 %3 = load %struct.dentry.158354*, %struct.dentry.158354** %2, align 8 %4 = icmp eq %struct.dentry.158354* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.157989*, %struct.fs_context_operations.157989** %15, align 8 %17 = icmp eq %struct.fs_context_operations.157989* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.157989, %struct.fs_context_operations.157989* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.158414*)*, void (%struct.fs_context.158414*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.158414*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #78 %25 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %26) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = tail call fastcc %struct.net* @get_proc_task_net(%struct.inode* %9) #78 tail call void @generic_fillattr(%struct.user_namespace* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.uid_gid_extent], [4 x i8] } }, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, i8, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [14 x i64] }* @init_user_ns to %struct.user_namespace*), %struct.inode* %9, %struct.kstat* %2) #79 %11 = icmp eq %struct.net* %10, null br i1 %11, label %28, label %12 %13 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 16 %14 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %13, align 32 %15 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %14, i64 0, i32 13 %16 = load i32, i32* %15, align 8 %17 = getelementptr inbounds %struct.kstat, %struct.kstat* %2, i64 0, i32 2 store i32 %16, i32* %17, align 8 %18 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 -1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 1 br i1 %21, label %27, label %22 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* nonnull %10) #79 ------------- Use: =BAD PATH= Call Stack: 0 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.net** %8 = load %struct.net*, %struct.net** %7, align 8 %9 = getelementptr inbounds %struct.net, %struct.net* %8, i64 0, i32 14, i32 3 %10 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %8) #78 ------------- Use: =BAD PATH= Call Stack: 0 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 11 %7 = bitcast i8** %6 to %struct.possible_net_t** %8 = load %struct.possible_net_t*, %struct.possible_net_t** %7, align 8 %9 = getelementptr inbounds %struct.possible_net_t, %struct.possible_net_t* %8, i64 0, i32 0 %10 = load %struct.net*, %struct.net** %9, align 8 %11 = getelementptr inbounds %struct.net, %struct.net* %10, i64 0, i32 14, i32 3 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @__put_net(%struct.net* %10) #78 ------------- Good: 86 Bad: 4 Ignored: 91 Check Use of Function:kernfs_vfs_xattr_get Check Use of Function:security_locked_down Use: =BAD PATH= Call Stack: 0 pccard_store_cis ------------- Path:  Function:pccard_store_cis %7 = tail call i32 @security_locked_down(i32 10) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* @PDE_DATA(%struct.inode* %6) #78 %8 = bitcast i8* %7 to %struct.pci_dev.327444* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 928 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_ioctl ------------- Path:  Function:proc_bus_pci_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = tail call i8* @PDE_DATA(%struct.inode* %5) #78 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.util_est** %9 = load %struct.util_est*, %struct.util_est** %8, align 8 %10 = tail call i32 @security_locked_down(i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_ioctl ------------- Path:  Function:proc_bus_pci_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = tail call i8* @PDE_DATA(%struct.inode* %5) #78 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.util_est** %9 = load %struct.util_est*, %struct.util_est** %8, align 8 %10 = tail call i32 @security_locked_down(i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318968* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #78 ------------- Use: =BAD PATH= Call Stack: 0 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %29 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %30 = load i32, i32* %29, align 4 %31 = and i32 %30, 2 %32 = icmp eq i32 %31, 0 br i1 %32, label %63, label %33 %34 = inttoptr i64 %2 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %5, i8* %34, i64 32) #78 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %63 %38 = call i32 @security_locked_down(i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %63 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %29 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %30 = load i32, i32* %29, align 4 %31 = and i32 %30, 2 %32 = icmp eq i32 %31, 0 br i1 %32, label %63, label %33 %34 = inttoptr i64 %2 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %5, i8* %34, i64 32) #78 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %63 %38 = call i32 @security_locked_down(i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 msr_write ------------- Path:  Function:msr_write %5 = alloca i64, align 8 %6 = bitcast i64* %5 to [2 x i32]* %7 = bitcast i8* %1 to i32* %8 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %12 = load %struct.inode*, %struct.inode** %11, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %12, i64 0, i32 13 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 1048575 %16 = tail call i32 @security_locked_down(i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 disk_store ------------- Path:  Function:disk_store %5 = load i1, i1* @nohibernate, align 4 br i1 %5, label %36, label %6 %7 = tail call i32 @security_locked_down(i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 disk_show ------------- Path:  Function:disk_show %4 = load i1, i1* @nohibernate, align 4 br i1 %4, label %13, label %5 %6 = tail call i32 @security_locked_down(i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 is_hibernate_resume_dev 2 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 Function:is_hibernate_resume_dev %2 = tail call zeroext i1 @hibernation_available() #78 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %8, label %2 %3 = tail call i32 @security_locked_down(i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 snapshot_open ------------- Path:  Function:snapshot_open %3 = tail call zeroext i1 @hibernation_available() #78 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %8, label %2 %3 = tail call i32 @security_locked_down(i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 state_show.7713 ------------- Path:  Function:state_show.7713 %4 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 1), align 8 %5 = icmp eq i8* %4, null br i1 %5, label %10, label %6 %11 = phi i8* [ %9, %6 ], [ %2, %3 ] %12 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 2), align 8 %13 = icmp eq i8* %12, null br i1 %13, label %29, label %25 %26 = tail call i32 (i8*, i8*, ...) @sprintf(i8* %11, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.30.7702, i64 0, i64 0), i8* nonnull %12) #78 %27 = sext i32 %26 to i64 %28 = getelementptr i8, i8* %11, i64 %27 br label %29 %30 = phi i8* [ %28, %25 ], [ %11, %10 ] %31 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 3), align 8 %32 = icmp eq i8* %31, null br i1 %32, label %37, label %33 %34 = tail call i32 (i8*, i8*, ...) @sprintf(i8* %30, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.30.7702, i64 0, i64 0), i8* nonnull %31) #78 %35 = sext i32 %34 to i64 %36 = getelementptr i8, i8* %30, i64 %35 br label %37 %38 = phi i8* [ %36, %33 ], [ %30, %29 ] %39 = tail call zeroext i1 @hibernation_available() #79 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %8, label %2 %3 = tail call i32 @security_locked_down(i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 hibernate 1 state_store ------------- Path:  Function:state_store %5 = tail call i8* @memchr(i8* %2, i32 10, i64 %3) #78 %6 = icmp eq i8* %5, null %7 = ptrtoint i8* %5 to i64 %8 = ptrtoint i8* %2 to i64 %9 = sub i64 %7, %8 %10 = select i1 %6, i64 %3, i64 %9 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 4 br i1 %12, label %13, label %16 %14 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.32.7714, i64 0, i64 0), i64 4) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %50, label %16 %51 = tail call i32 @hibernate() #78 Function:hibernate %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %7, label %2 %3 = tail call i32 @security_locked_down(i32 5) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_saved_tgids_open ------------- Path:  Function:tracing_saved_tgids_open %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_saved_cmdlines_open ------------- Path:  Function:tracing_saved_cmdlines_open %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_buffers_open ------------- Path:  Function:tracing_buffers_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_err_log_open ------------- Path:  Function:tracing_err_log_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.trace_array* %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_time_stamp_mode_open ------------- Path:  Function:tracing_time_stamp_mode_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_clock_open ------------- Path:  Function:tracing_clock_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_pipe ------------- Path:  Function:tracing_open_pipe %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open ------------- Path:  Function:tracing_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_trace_options_open ------------- Path:  Function:tracing_trace_options_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 show_traces_open ------------- Path:  Function:show_traces_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.trace_array* %6 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 dyn_event_open ------------- Path:  Function:dyn_event_open %3 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108810*)*)(%struct.trace_array.108810* null) #78 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_open ------------- Path:  Function:ftrace_event_set_open %3 = getelementptr inbounds %struct.inode.108911, %struct.inode.108911* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.108810** %5 = load %struct.trace_array.108810*, %struct.trace_array.108810** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108810*)*)(%struct.trace_array.108810* %5) #78 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_pid_open ------------- Path:  Function:ftrace_event_set_pid_open %3 = getelementptr inbounds %struct.inode.108911, %struct.inode.108911* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.108810** %5 = load %struct.trace_array.108810*, %struct.trace_array.108810** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108810*)*)(%struct.trace_array.108810* %5) #78 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_npid_open ------------- Path:  Function:ftrace_event_set_npid_open %3 = getelementptr inbounds %struct.inode.108911, %struct.inode.108911* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.108810** %5 = load %struct.trace_array.108810*, %struct.trace_array.108810** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.108810*)*)(%struct.trace_array.108810* %5) #78 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_stat_open ------------- Path:  Function:tracing_stat_open %3 = getelementptr inbounds %struct.inode.106756, %struct.inode.106756* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 ftrace_formats_open ------------- Path:  Function:ftrace_formats_open %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 ftrace_event_avail_open ------------- Path:  Function:ftrace_event_avail_open %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 event_trigger_open ------------- Path:  Function:event_trigger_open %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 profile_open ------------- Path:  Function:profile_open %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 probes_open ------------- Path:  Function:probes_open %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 profile_open.12382 ------------- Path:  Function:profile_open.12382 %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 probes_open.12387 ------------- Path:  Function:probes_open.12387 %3 = tail call i32 @security_locked_down(i32 24) #78 ------------- Use: =BAD PATH= Call Stack: 0 open_kcore ------------- Path:  Function:open_kcore %3 = tail call i32 @security_locked_down(i32 19) #78 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %4 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %5 = load i32, i32* %4, align 8 %6 = and i32 %5, 7 %7 = icmp eq i32 %6, 0 br i1 %7, label %11, label %8 %9 = tail call i32 @security_locked_down(i32 14) #78 ------------- Good: 65 Bad: 57 Ignored: 91 Check Use of Function:e1000_write_phy_reg Check Use of Function:dquot_quota_off Check Use of Function:kernel_read_file_from_fd Check Use of Function:vfs_unlink Check Use of Function:__mmu_notifier_invalidate_range Check Use of Function:proc_attr_dir_lookup Check Use of Function:ieee80211_free_keys Check Use of Function:flush_delayed_work Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.438758** %12 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %11, align 8 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #79 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39851, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #78 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %72 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.438758* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.39858, i64 0, i64 0)) #78 br label %50 %51 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 25 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %52) #78 %53 = load i32, i32* %5, align 4 %54 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 12 store i32 %53, i32* %54, align 4 %55 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 1, i32 1 store i32 0, i32* %55, align 8 %56 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 2, i32 1 store i32 0, i32* %56, align 8 %57 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 3, i32 1 store i32 0, i32* %57, align 8 %58 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 4, i32 1 store i32 0, i32* %58, align 8 %59 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 5, i32 1 store i32 0, i32* %59, align 8 %60 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 6, i32 1 store i32 0, i32* %60, align 8 %61 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 7, i32 1 store i32 0, i32* %61, align 8 %62 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 8, i32 1 store i32 0, i32* %62, align 8 %63 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 9, i32 1 store i32 0, i32* %63, align 8 %64 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 10, i32 1 store i32 0, i32* %64, align 8 %65 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 11, i32 1 store i32 0, i32* %65, align 8 %66 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 12, i32 1 store i32 0, i32* %66, align 8 %67 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 13, i32 1 store i32 0, i32* %67, align 8 %68 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 3, i64 14, i32 1 store i32 0, i32* %68, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %69 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %69, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %70 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %12, i64 0, i32 31, i32 6 %71 = call zeroext i1 @flush_delayed_work(%struct.delayed_work* %70) #78 ------------- Good: 26 Bad: 1 Ignored: 9 Check Use of Function:cfg80211_rdev_free_coalesce Check Use of Function:dma_map_page_attrs Check Use of Function:d_obtain_alias Check Use of Function:wiphy_regulatory_register Check Use of Function:iomem_is_exclusive Use: =BAD PATH= Call Stack: 0 devmem_is_allowed 1 write_mem ------------- Path:  Function:write_mem %5 = load i64, i64* %3, align 8 %6 = tail call i32 @valid_phys_addr_range(i64 %5, i64 %2) #78 %7 = icmp eq i32 %6, 0 br i1 %7, label %64, label %8 %9 = icmp eq i64 %2, 0 br i1 %9, label %60, label %10 %11 = phi i64 [ %37, %59 ], [ 0, %8 ] %12 = phi i64 [ %35, %59 ], [ %5, %8 ] %13 = phi i64 [ %36, %59 ], [ %2, %8 ] %14 = phi i8* [ %34, %59 ], [ %1, %8 ] %15 = and i64 %12, 4095 %16 = sub nuw nsw i64 4096, %15 %17 = icmp ult i64 %16, %13 %18 = select i1 %17, i64 %16, i64 %13 %19 = lshr i64 %12, 12 %20 = tail call i32 @devmem_is_allowed(i64 %19) #78 Function:devmem_is_allowed %2 = shl i64 %0, 12 %3 = tail call i32 @region_intersects(i64 %2, i64 4096, i64 16777728, i64 0) #78 %4 = icmp eq i32 %3, 1 br i1 %4, label %8, label %5 %9 = tail call zeroext i1 @iomem_is_exclusive(i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 devmem_is_allowed 1 mmap_mem ------------- Path:  Function:mmap_mem %3 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %6 = load i64, i64* %5, align 8 %7 = sub i64 %4, %6 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 4503599627370496 br i1 %10, label %11, label %52 %12 = shl nuw i64 %9, 12 %13 = add i64 %7, -1 %14 = xor i64 %12, -1 %15 = icmp ugt i64 %13, %14 br i1 %15, label %52, label %16 %17 = tail call i32 @valid_mmap_phys_addr_range(i64 %9, i64 %7) #78 %18 = icmp eq i32 %17, 0 br i1 %18, label %52, label %19 %20 = load i64, i64* %8, align 8 %21 = shl i64 %20, 12 %22 = add i64 %21, %7 %23 = icmp ult i64 %21, %22 br i1 %23, label %24, label %35 %25 = phi i64 [ %30, %29 ], [ %21, %19 ] %26 = phi i64 [ %31, %29 ], [ %20, %19 ] %27 = tail call i32 @devmem_is_allowed(i64 %26) #78 Function:devmem_is_allowed %2 = shl i64 %0, 12 %3 = tail call i32 @region_intersects(i64 %2, i64 4096, i64 16777728, i64 0) #78 %4 = icmp eq i32 %3, 1 br i1 %4, label %8, label %5 %9 = tail call zeroext i1 @iomem_is_exclusive(i64 %2) #78 ------------- Good: 2 Bad: 2 Ignored: 0 Check Use of Function:proc_tgid_base_lookup Check Use of Function:sr_reset Check Use of Function:clear_page_dirty_for_io Check Use of Function:e1000e_phc_enable Check Use of Function:snd_seq_ioctl_compat Check Use of Function:selinux_policy_commit Check Use of Function:debugfs_remove Check Use of Function:scsi_autopm_put_host Check Use of Function:security_inode_create Check Use of Function:scsi_try_host_reset Check Use of Function:handle_mm_fault Check Use of Function:pci_user_read_config_word Check Use of Function:__starget_for_each_device Check Use of Function:tg3_reset_hw Check Use of Function:__is_local_mountpoint Check Use of Function:destroy_local_trace_uprobe Check Use of Function:free_all_swap_pages Check Use of Function:pci_config_pm_runtime_get Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* @PDE_DATA(%struct.inode* %6) #78 %8 = bitcast i8* %7 to %struct.pci_dev.327444* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 928 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = icmp sgt i32 %13, %10 br i1 %19, label %20, label %124 %21 = sext i32 %13 to i64 %22 = icmp ugt i64 %21, %2 %23 = select i1 %22, i64 %2, i64 %21 %24 = shl i64 %9, 32 %25 = ashr exact i64 %24, 32 %26 = add i64 %23, %25 %27 = icmp ugt i64 %26, %21 %28 = sub i32 %13, %10 %29 = sext i32 %28 to i64 %30 = select i1 %27, i64 %29, i64 %23 %31 = trunc i64 %30 to i32 %32 = shl i64 %30, 32 %33 = ashr exact i64 %32, 32 %34 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %35 = ptrtoint i8* %1 to i64 %36 = add i64 %33, %35 %37 = icmp ult i64 %36, %33 %38 = icmp ugt i64 %36, %34 %39 = or i1 %37, %38 br i1 %39, label %124, label %40, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.pci_dev.318968*)* @pci_config_pm_runtime_get to void (%struct.pci_dev.327444*)*)(%struct.pci_dev.327444* %8) #78 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318968* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 232, i32 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = sext i32 %16 to i64 %18 = icmp slt i64 %17, %4 br i1 %18, label %122, label %19 %20 = add i64 %5, %4 %21 = icmp ugt i64 %20, %17 %22 = trunc i64 %4 to i32 %23 = sub i32 %16, %22 %24 = zext i32 %23 to i64 %25 = select i1 %21, i32 %23, i32 %9 %26 = select i1 %21, i64 %24, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.318968* %8) #78 ------------- Good: 2 Bad: 2 Ignored: 1 Check Use of Function:vfs_get_tree Check Use of Function:rfkill_fop_ioctl Check Use of Function:e1000_irq_enable Check Use of Function:tracing_buffers_ioctl Check Use of Function:security_read_policy Check Use of Function:sync_file_ioctl Check Use of Function:rfkill_destroy Check Use of Function:snd_ctl_ioctl Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.snd_ctl_elem_list, align 8 %9 = and i64 %2, 4294967295 %10 = inttoptr i64 %9 to i8* %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.snd_ctl_file** %13 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %12, align 8 %14 = icmp eq %struct.snd_ctl_file* %13, null br i1 %14, label %233, label %15, !prof !4 %16 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %13, i64 0, i32 1 %17 = load %struct.snd_card*, %struct.snd_card** %16, align 8 %18 = icmp eq %struct.snd_card* %17, null br i1 %18, label %233, label %19, !prof !4, !misexpect !5 switch i32 %1, label %212 [ i32 -2147199744, label %20 i32 -2122820351, label %20 i32 -1073457898, label %20 i32 -1073457712, label %20 i32 -2147199535, label %20 i32 1077957908, label %20 i32 1077957909, label %20 i32 -1069525735, label %20 i32 -1073195750, label %20 i32 -1073195749, label %20 i32 -1073195748, label %20 i32 -1069001456, label %22 i32 -1055894255, label %51 i32 -1027320558, label %154 i32 -1027320557, label %179 i32 -1055894249, label %204 i32 -1055894248, label %208 ] %21 = tail call i64 @snd_ctl_ioctl(%struct.file* %0, i32 %1, i64 %9) #78 ------------- Good: 0 Bad: 1 Ignored: 3 Check Use of Function:sparse_keymap_report_event Check Use of Function:drm_is_current_master Use: =BAD PATH= Call Stack: 0 drm_ioctl_kernel 1 i915_ioc32_compat_ioctl ------------- Path:  Function:i915_ioc32_compat_ioctl %4 = alloca i64, align 8 %5 = alloca %struct.drm_i915_getparam, align 8 %6 = and i32 %1, 255 %7 = add nsw i32 %6, -64 %8 = icmp ugt i32 %7, 95 br i1 %8, label %9, label %11 %12 = icmp ult i32 %6, 71 %13 = icmp eq i32 %7, 6 %14 = and i1 %12, %13 br i1 %14, label %15, label %35 %16 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %17 = bitcast %struct.drm_i915_getparam* %5 to i8* %18 = inttoptr i64 %2 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %16, i8* %18, i64 8) #78 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %33 %22 = bitcast i64* %4 to %struct.util_est* %23 = bitcast i64* %4 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 0 store i32 %24, i32* %25, align 8 %26 = getelementptr inbounds %struct.util_est, %struct.util_est* %22, i64 0, i32 1 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.drm_i915_getparam, %struct.drm_i915_getparam* %5, i64 0, i32 1 %31 = bitcast i32** %30 to i8** store i8* %29, i8** %31, align 8 %32 = call i64 bitcast (i64 (%struct.file*, i32 (%struct.drm_device.392954*, i8*, %struct.drm_file.392921*)*, i8*, i32)* @drm_ioctl_kernel to i64 (%struct.file.435818*, i32 (%struct.drm_device.435917*, i8*, %struct.drm_file.435822*)*, i8*, i32)*)(%struct.file.435818* %0, i32 (%struct.drm_device.435917*, i8*, %struct.drm_file.435822*)* nonnull bitcast (i32 (%struct.drm_device.382396*, i8*, %struct.drm_file*)* @i915_getparam_ioctl to i32 (%struct.drm_device.435917*, i8*, %struct.drm_file.435822*)*), i8* nonnull %17, i32 32) #78 Function:drm_ioctl_kernel %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.392921** %8 = load %struct.drm_file.392921*, %struct.drm_file.392921** %7, align 8 %9 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 13 %10 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %9, align 8 %11 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %10, i64 0, i32 3 %12 = load %struct.drm_device.392954*, %struct.drm_device.392954** %11, align 8 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = call zeroext i1 bitcast (i1 (%struct.drm_device.382396*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.392954*, i32*)*)(%struct.drm_device.392954* %12, i32* nonnull %5) #78 br i1 %14, label %16, label %15 %17 = load i32, i32* %5, align 4 call void @drm_dev_exit(i32 %17) #78 %18 = and i32 %3, 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %21 = call zeroext i1 @capable(i32 21) #78 br i1 %21, label %22, label %67, !prof !4, !misexpect !5 %23 = and i32 %3, 1 %24 = icmp eq i32 %23, 0 br i1 %24, label %34, label %25 %26 = load %struct.drm_minor.392919*, %struct.drm_minor.392919** %9, align 8 %27 = getelementptr inbounds %struct.drm_minor.392919, %struct.drm_minor.392919* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, 2 br i1 %29, label %34, label %30 %31 = getelementptr inbounds %struct.drm_file.392921, %struct.drm_file.392921* %8, i64 0, i32 0 %32 = load i8, i8* %31, align 8, !range !6 %33 = icmp eq i8 %32, 1 br i1 %33, label %34, label %67, !prof !4, !misexpect !5 %35 = and i32 %3, 2 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37 %38 = call zeroext i1 bitcast (i1 (%struct.drm_file*)* @drm_is_current_master to i1 (%struct.drm_file.392921*)*)(%struct.drm_file.392921* %8) #78 ------------- Good: 6 Bad: 1 Ignored: 16 Check Use of Function:ns_ioctl Check Use of Function:snd_seq_ioctl Use: =BAD PATH= Call Stack: 0 snd_seq_ioctl_compat ------------- Path:  Function:snd_seq_ioctl_compat %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.snd_seq_client** %6 = load %struct.snd_seq_client*, %struct.snd_seq_client** %5, align 8 %7 = and i64 %2, 4294967295 %8 = icmp eq %struct.snd_seq_client* %6, null br i1 %8, label %32, label %9, !prof !4, !misexpect !5 switch i32 %1, label %32 [ i32 -2147200256, label %10 i32 -2147200255, label %10 i32 -1070574846, label %10 i32 -1061399792, label %10 i32 1086083857, label %10 i32 1079006000, label %10 i32 1079006001, label %10 i32 -1064545486, label %10 i32 1082938163, label %10 i32 -1064545484, label %10 i32 -1064545483, label %10 i32 -1064545482, label %10 i32 -1067691200, label %10 i32 -1070836927, label %10 i32 1076646722, label %10 i32 -1067429051, label %10 i32 1080054598, label %10 i32 -1068739767, label %10 i32 1078743882, label %10 i32 -1067953333, label %10 i32 1079530316, label %10 i32 1077957454, label %10 i32 -1067953329, label %10 i32 -1068477616, label %10 i32 -1061399727, label %10 i32 -1072671997, label %10 i32 -1062972640, label %12 i32 1084511009, label %16 i32 -1062972638, label %20 i32 1084511011, label %24 i32 -1062972590, label %28 ] %11 = tail call i64 @snd_seq_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:pci_disable_msix Check Use of Function:__rseq_handle_notify_resume Check Use of Function:ata_acpi_ap_uevent Check Use of Function:block_ioctl Check Use of Function:random_ioctl Check Use of Function:fat_generic_ioctl Use: =BAD PATH= Call Stack: 0 fat_dir_ioctl ------------- Path:  Function:fat_dir_ioctl %4 = alloca %struct.fat_ioctl_filldir_callback, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = inttoptr i64 %2 to %struct.__fat_dirent* switch i32 %1, label %9 [ i32 -2110754302, label %11 i32 -2110754303, label %8 ] %10 = tail call i64 bitcast (i64 (%struct.file.148401*, i32, i64)* @fat_generic_ioctl to i64 (%struct.file*, i32, i64)*)(%struct.file* %0, i32 %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 fat_compat_dir_ioctl ------------- Path:  Function:fat_compat_dir_ioctl %4 = alloca %struct.fat_ioctl_filldir_callback, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = and i64 %2, 4294967295 %8 = inttoptr i64 %7 to i8* switch i32 %1, label %10 [ i32 -2112327166, label %12 i32 -2112327167, label %9 ] %11 = tail call i64 bitcast (i64 (%struct.file.148401*, i32, i64)* @fat_generic_ioctl to i64 (%struct.file*, i32, i64)*)(%struct.file* %0, i32 %1, i64 %2) #78 ------------- Good: 0 Bad: 2 Ignored: 0 Check Use of Function:d_lookup Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 2 %9 = bitcast %struct.list_head* %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %16, label %20, !prof !4, !misexpect !5 %21 = phi %struct.ctl_table_header* [ %12, %16 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %2 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %22 = icmp ugt %struct.ctl_table_header* %21, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %22, label %23, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %58 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry*, %struct.dentry** %32, align 8 %34 = getelementptr inbounds %struct.dentry, %struct.dentry* %33, i64 0, i32 5 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.22.18726, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #78 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %213 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry*, %struct.dentry** %44, align 8 %46 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #78 %48 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 3 %49 = load %struct.dentry*, %struct.dentry** %48, align 8 %50 = getelementptr inbounds %struct.dentry, %struct.dentry* %49, i64 0, i32 5 %51 = load %struct.inode*, %struct.inode** %50, align 8 %52 = getelementptr inbounds %struct.inode, %struct.inode* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = bitcast %struct.anon.1* %46 to i8* store volatile i8 0, i8* %54, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %55 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.23.18727, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #78 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %213 store i64 2, i64* %27, align 8 br label %58 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #78 %59 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %21, i64 1 %60 = bitcast %struct.ctl_table_header* %59 to %struct.rb_root* %61 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %60) #78 %62 = icmp eq %struct.rb_node* %61, null br i1 %62, label %79, label %63 %64 = phi %struct.rb_node* [ %77, %76 ], [ %61, %58 ] %65 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %64, i64 1 %66 = bitcast %struct.rb_node* %65 to %struct.ctl_table_header** %67 = load %struct.ctl_table_header*, %struct.ctl_table_header** %66, align 8 %68 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %67, i64 0, i32 1 %69 = load %struct.completion*, %struct.completion** %68, align 8 %70 = icmp eq %struct.completion* %69, null br i1 %70, label %71, label %76, !prof !4, !misexpect !5 %77 = tail call %struct.rb_node* @rb_next(%struct.rb_node* nonnull %64) #78 %78 = icmp eq %struct.rb_node* %77, null br i1 %78, label %79, label %63 %80 = phi %struct.ctl_node* [ %75, %71 ], [ null, %58 ], [ null, %76 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = icmp eq %struct.ctl_node* %80, null br i1 %81, label %213, label %82 %83 = getelementptr inbounds %struct.ctl_node, %struct.ctl_node* %80, i64 0, i32 1 %84 = load %struct.ctl_table_header*, %struct.ctl_table_header** %83, align 8 %85 = icmp eq %struct.ctl_table_header* %84, null br i1 %85, label %213, label %86 %87 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 0, i32 0, i32 0 %88 = load %struct.ctl_table*, %struct.ctl_table** %87, align 8 %89 = ptrtoint %struct.ctl_node* %80 to i64 %90 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 6 %91 = bitcast %struct.ctl_node** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = sub i64 %89, %92 %94 = ashr exact i64 %93, 5 %95 = getelementptr %struct.ctl_table, %struct.ctl_table* %88, i64 %94 %96 = bitcast %struct.ctl_table_header** %3 to i8* %97 = bitcast %struct.ctl_table** %4 to i8* br label %98 %99 = phi i64 [ 2, %86 ], [ %102, %200 ] %100 = phi %struct.ctl_table* [ %95, %86 ], [ %211, %200 ] %101 = phi %struct.ctl_table_header* [ %84, %86 ], [ %202, %200 ] %102 = add i64 %99, 1 %103 = load i64, i64* %27, align 8 %104 = icmp ult i64 %99, %103 br i1 %104, label %160, label %105 %106 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %100, i64 0, i32 3 %107 = load i16, i16* %106, align 4 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, -24576 br i1 %109, label %110, label %146, !prof !8, !misexpect !5 %147 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %101, %struct.ctl_table* %100) #78 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #78 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.util_est* %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #79 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*)* @d_lookup to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5) #80 ------------- Good: 15 Bad: 1 Ignored: 0 Check Use of Function:drv_change_interface Check Use of Function:posix_clock_ioctl Check Use of Function:napi_gro_receive Check Use of Function:drm_gem_handle_delete Check Use of Function:ext4_ioctl Use: =BAD PATH= Call Stack: 0 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %84 [ i32 -2147195389, label %5 i32 1074030084, label %6 i32 1074030087, label %7 i32 -2147191295, label %8 i32 1074034178, label %9 i32 -2147195387, label %10 i32 1074030086, label %11 i32 1076127240, label %12 i32 -1071094257, label %80 i32 1074292240, label %80 i32 -1072146311, label %80 i32 26130, label %80 i32 -2146671085, label %80 i32 1074816532, label %80 i32 1074554389, label %80 i32 -1073125866, label %80 i32 -1068472809, label %80 i32 -1069521384, label %80 i32 -1069521383, label %80 i32 -1065327078, label %80 i32 -2146408933, label %80 i32 -2147198851, label %80 i32 -1061136325, label %80 i32 1082156677, label %80 i32 -1073453434, label %80 i32 -1071094137, label %80 i32 26152, label %80 i32 1074030121, label %80 i32 -1071618518, label %80 i32 1074030123, label %80 ] %81 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %11 ], [ -2146933243, %10 ], [ 1074296322, %9 ], [ -2146929151, %8 ], [ 1074292231, %7 ], [ 1074292228, %6 ], [ -2146933245, %5 ] %82 = and i64 %2, 4294967295 %83 = tail call i64 @ext4_ioctl(%struct.file.196003* %0, i32 %81, i64 %82) #78 ------------- Good: 0 Bad: 1 Ignored: 1 Check Use of Function:ext4_setent Check Use of Function:drv_ampdu_action Check Use of Function:xt_compat_add_offset Check Use of Function:shmem_unlock_mapping Check Use of Function:simple_lookup Check Use of Function:ext4_split_extent_at Check Use of Function:audit_inode_permission Check Use of Function:is_subdir Check Use of Function:__get_locked_pte Check Use of Function:tg3_enable_ints Check Use of Function:__mmu_notifier_invalidate_range_end Check Use of Function:md_compat_ioctl Check Use of Function:drm_dev_put Use: =BAD PATH= Call Stack: 0 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.449467** %5 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %5, i64 0, i32 103, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.382396* %9) #78 ------------- Good: 3 Bad: 1 Ignored: 8 Check Use of Function:_atomic_dec_and_lock Use: =BAD PATH= Call Stack: 0 md_attr_show ------------- Path:  Function:md_attr_show %4 = getelementptr %struct.kobject.296318, %struct.kobject.296318* %0, i64 -2, i32 5 %5 = bitcast %struct.kernfs_node.296048** %4 to %struct.mddev* %6 = getelementptr inbounds %struct.attribute, %struct.attribute* %1, i64 1 %7 = bitcast %struct.attribute* %6 to i64 (%struct.mddev*, i8*)** %8 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %9 = icmp eq i64 (%struct.mddev*, i8*)* %8, null br i1 %9, label %66, label %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #78 %11 = getelementptr inbounds %struct.kernfs_node.296048*, %struct.kernfs_node.296048** %4, i64 121 %12 = bitcast %struct.kernfs_node.296048** %11 to %struct.list_head* %13 = bitcast %struct.kernfs_node.296048** %11 to %struct.list_head** %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %16, label %17 %18 = getelementptr inbounds %struct.kernfs_node.296048*, %struct.kernfs_node.296048** %4, i64 65 %19 = bitcast %struct.kernfs_node.296048** %18 to i32* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32* %19) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %21 = tail call i64 %20(%struct.mddev* %5, i8* %2) #78 %22 = bitcast %struct.kernfs_node.296048** %18 to %struct.kuid_t* %23 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %22, %struct.spinlock* nonnull @all_mddevs_lock) #78 ------------- Use: =BAD PATH= Call Stack: 0 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %28, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -952 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %18 = bitcast i8* %12 to i8** %19 = load i8*, i8** %18, align 8 %20 = icmp eq i8* %19, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %20, label %28, label %11 %29 = phi %struct.mddev* [ null, %21 ], [ %25, %24 ], [ null, %2 ], [ null, %17 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %30 = icmp eq %struct.mddev* %29, null br i1 %30, label %140, label %31 %32 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 11 %33 = load %struct.gendisk.296190*, %struct.gendisk.296190** %32, align 8 %34 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 16 %35 = load %struct.gendisk.296190*, %struct.gendisk.296190** %34, align 8 %36 = icmp eq %struct.gendisk.296190* %33, %35 br i1 %36, label %82, label %37 %38 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 61 %39 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %38, %struct.spinlock* nonnull @all_mddevs_lock) #78 ------------- Use: =BAD PATH= Call Stack: 0 md_release ------------- Path:  Function:md_release %3 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %0, i64 0, i32 10 %4 = bitcast i8** %3 to %struct.mddev** %5 = load %struct.mddev*, %struct.mddev** %4, align 8 %6 = icmp eq %struct.mddev* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 62, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !7 %10 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 61 %11 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %10, %struct.spinlock* nonnull @all_mddevs_lock) #78 ------------- Good: 21 Bad: 3 Ignored: 26 Check Use of Function:fsync_bdev Check Use of Function:io_clean_op Check Use of Function:dm_pr_reserve Check Use of Function:cfg80211_sme_assoc_timeout Check Use of Function:alloc_pid Check Use of Function:cfg80211_init_wdev Check Use of Function:sd_pr_preempt Check Use of Function:devres_remove_group Check Use of Function:__mmu_notifier_change_pte Check Use of Function:dm_pr_preempt Check Use of Function:ieee80211_recalc_sw_work Check Use of Function:sd_pr_clear Check Use of Function:blkdev_compat_ptr_ioctl Check Use of Function:lo_compat_ioctl Check Use of Function:cancel_delayed_work Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_commit_done ------------- Path:  Function:nfs4_commit_done %3 = getelementptr inbounds %struct.nfs_commit_data.236451, %struct.nfs_commit_data.236451* %1, i64 0, i32 9, i32 0, i32 0 %4 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %3, align 8 %5 = icmp eq %struct.nfs4_slot.236411* %4, null br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %4, i64 0, i32 0 %8 = load %struct.nfs4_slot_table.236410*, %struct.nfs4_slot_table.236410** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %8, i64 0, i32 3 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #78 %11 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236410* %8, %struct.nfs4_slot.236411* nonnull %4) #78 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236411* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #78 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #78 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #78 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #78 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #79 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.236410*, %struct.nfs4_slot_table.236410** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %9, i64 0, i32 3 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236410* %9, %struct.nfs4_slot.236411* nonnull %5) #78 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236411* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #78 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #78 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #78 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #78 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #79 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %8 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %5, i64 0, i32 0 %9 = load %struct.nfs4_slot_table.236410*, %struct.nfs4_slot_table.236410** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %9, i64 0, i32 3 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236410* %9, %struct.nfs4_slot.236411* nonnull %5) #78 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236411* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #78 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #78 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #78 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #78 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #79 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236419** %7 = load %struct.nfs_renamedata.236419*, %struct.nfs_renamedata.236419** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236411* %9, null br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %9, i64 0, i32 0 %13 = load %struct.nfs4_slot_table.236410*, %struct.nfs4_slot_table.236410** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %13, i64 0, i32 3 %15 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %14, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %15) #78 %16 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236410* %13, %struct.nfs4_slot.236411* nonnull %9) #78 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236411* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #78 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #78 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #78 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #78 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #79 ------------- Use: =BAD PATH= Call Stack: 0 __rpc_do_wake_up_task_on_wq 1 rpc_wake_up_first_on_wq 2 rpc_wake_up_first 3 nfs41_wake_and_assign_slot 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236416** %6 = load %struct.nfs_unlinkdata.236416*, %struct.nfs_unlinkdata.236416** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236411* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %8, i64 0, i32 0 %12 = load %struct.nfs4_slot_table.236410*, %struct.nfs4_slot_table.236410** %11, align 8 %13 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %12, i64 0, i32 3 %14 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %13, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %14) #78 %15 = tail call zeroext i1 @nfs41_wake_and_assign_slot(%struct.nfs4_slot_table.236410* %12, %struct.nfs4_slot.236411* nonnull %8) #78 Function:nfs41_wake_and_assign_slot %3 = getelementptr inbounds %struct.nfs4_slot.236411, %struct.nfs4_slot.236411* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 7 %6 = load i32, i32* %5, align 4 %7 = icmp ugt i32 %4, %6 br i1 %7, label %13, label %8 %9 = getelementptr inbounds %struct.nfs4_slot_table.236410, %struct.nfs4_slot_table.236410* %0, i64 0, i32 4 %10 = bitcast %struct.nfs4_slot.236411* %1 to i8* %11 = tail call %struct.rpc_task* @rpc_wake_up_first(%struct.rpc_wait_queue* %9, i1 (%struct.rpc_task*, i8*)* nonnull @nfs41_assign_slot, i8* %10) #78 Function:rpc_wake_up_first %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @rpciod_workqueue, align 8 %5 = tail call %struct.rpc_task* @rpc_wake_up_first_on_wq(%struct.workqueue_struct* %4, %struct.rpc_wait_queue* %0, i1 (%struct.rpc_task*, i8*)* %1, i8* %2) #78 Function:rpc_wake_up_first_on_wq %5 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 2 %7 = load i8, i8* %6, align 8 %8 = icmp eq i8 %7, 0 br i1 %8, label %76, label %9 %10 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1 %11 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 3 %12 = icmp ugt i8 %7, 2 br i1 %12, label %13, label %20 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 %15 = load volatile %struct.list_head*, %struct.list_head** %14, align 8 %16 = icmp eq %struct.list_head* %15, %11 br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 3 %22 = load i8, i8* %21, align 1 %23 = zext i8 %22 to i64 %24 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %23 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = load volatile %struct.list_head*, %struct.list_head** %25, align 8 %27 = icmp eq %struct.list_head* %26, %24 br i1 %27, label %37, label %28 %29 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 %30 = load i8, i8* %29, align 2 %31 = icmp eq i8 %30, 0 br i1 %31, label %37, label %32 %38 = getelementptr [4 x %struct.list_head], [4 x %struct.list_head]* %10, i64 0, i64 0 %39 = zext i8 %7 to i64 %40 = getelementptr %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 1, i64 %39 br label %41 %42 = phi %struct.list_head* [ %24, %37 ], [ %45, %64 ] %43 = icmp eq %struct.list_head* %42, %38 %44 = getelementptr %struct.list_head, %struct.list_head* %42, i64 -1 %45 = select i1 %43, %struct.list_head* %40, %struct.list_head* %44 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 0 %47 = load volatile %struct.list_head*, %struct.list_head** %46, align 8 %48 = icmp eq %struct.list_head* %47, %45 br i1 %48, label %64, label %49 %50 = getelementptr %struct.list_head, %struct.list_head* %47, i64 -4 %51 = bitcast %struct.list_head* %50 to i8* %52 = ptrtoint %struct.list_head* %45 to i64 %53 = ptrtoint [4 x %struct.list_head]* %10 to i64 %54 = sub i64 %52, %53 %55 = lshr exact i64 %54, 4 %56 = trunc i64 %55 to i32 %57 = zext i8 %22 to i32 %58 = icmp eq i32 %57, %56 br i1 %58, label %73, label %59 %60 = trunc i64 %55 to i8 store i8 %60, i8* %21, align 1 %61 = shl nuw i32 1, %56 %62 = trunc i32 %61 to i8 %63 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 4 store i8 %62, i8* %63, align 2 br label %73 %74 = phi i8* [ %36, %32 ], [ %19, %17 ], [ %51, %49 ], [ %51, %59 ] %75 = bitcast i8* %74 to %struct.rpc_task* br label %84 %85 = phi %struct.rpc_task* [ %83, %81 ], [ %75, %73 ] %86 = icmp eq %struct.rpc_task* %85, null br i1 %86, label %101, label %87 %88 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 6 %89 = load volatile i64, i64* %88, align 8 %90 = and i64 %89, 2 %91 = icmp eq i64 %90, 0 br i1 %91, label %101, label %92 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %93 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %85, i64 0, i32 7 %94 = load %struct.rpc_wait_queue*, %struct.rpc_wait_queue** %93, align 8 %95 = icmp eq %struct.rpc_wait_queue* %94, %1 br i1 %95, label %96, label %101 %97 = icmp eq i1 (%struct.rpc_task*, i8*)* %2, null br i1 %97, label %100, label %98 %99 = tail call zeroext i1 %2(%struct.rpc_task* nonnull %85, i8* %3) #78 br i1 %99, label %100, label %101 tail call fastcc void @__rpc_do_wake_up_task_on_wq(%struct.workqueue_struct* %0, %struct.rpc_wait_queue* %1, %struct.rpc_task* nonnull %85) #78 Function:__rpc_do_wake_up_task_on_wq %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 6 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 4 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_rpc_task_wakeup, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__rpc_do_wake_up_task_on_wq, %11)) #6 to label %25 [label %11], !srcloc !4 %26 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = load volatile %struct.list_head*, %struct.list_head** %27, align 8 %29 = icmp eq %struct.list_head* %28, %26 br i1 %29, label %43, label %30 %31 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 5 store i64 0, i64* %31, align 8 %32 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %2, i64 0, i32 8, i32 0, i32 2, i32 1 %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 1 store %struct.list_head* %33, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 0 store volatile %struct.list_head* %28, %struct.list_head** %35, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %32, align 8 %36 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 0 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 %38 = load volatile %struct.list_head*, %struct.list_head** %37, align 8 %39 = icmp eq %struct.list_head* %38, %36 br i1 %39, label %40, label %43 %41 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %1, i64 0, i32 6, i32 2 %42 = tail call zeroext i1 @cancel_delayed_work(%struct.delayed_work* %41) #79 ------------- Good: 190 Bad: 5 Ignored: 213 Check Use of Function:ieee80211_reset_erp_info Check Use of Function:tg3_restart_hw Check Use of Function:bsg_ioctl Check Use of Function:md_ioctl Use: =BAD PATH= Call Stack: 0 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.296192* %0, i32 %1, i32 %2, i64 %8) #78 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:drm_file_free Check Use of Function:cpu_hotplug_enable Check Use of Function:sd_ioctl Check Use of Function:lo_ioctl Use: =BAD PATH= Call Stack: 0 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device, %struct.block_device* %0, i64 0, i32 16 %8 = load %struct.gendisk*, %struct.gendisk** %7, align 8 %9 = getelementptr inbounds %struct.gendisk, %struct.gendisk* %8, i64 0, i32 10 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19466, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device* %0, i32 %1, i32 %2, i64 %35) #79 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:pci_mmap_fits Check Use of Function:timens_install Check Use of Function:file_update_time Check Use of Function:drm_property_change_valid_get Check Use of Function:i915_gem_ww_ctx_fini Check Use of Function:utsns_install Check Use of Function:migrate_pages Check Use of Function:filter_match_preds Check Use of Function:ieee80211_recalc_smps Check Use of Function:drm_dev_dbg Use: =BAD PATH= Call Stack: 0 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.557472* %5 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.382396* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.44203, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = alloca %struct.i915_gem_ww_ctx.557252, align 8 %6 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.557472* %7 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.intel_overlay** %9 = load %struct.intel_overlay*, %struct.intel_overlay** %8, align 8 %10 = icmp eq %struct.intel_overlay* %9, null br i1 %10, label %11, label %18 %12 = icmp eq %struct.drm_device.382396* %0, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %11 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.44203, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %5 = getelementptr inbounds i8, i8* %1, i64 8 %6 = bitcast i8* %5 to i32* %7 = load i32, i32* %6, align 8 %8 = zext i32 %7 to i64 %9 = add nsw i64 %8, -1 %10 = icmp ult i64 %9, 2147483647 br i1 %10, label %18, label %11 %12 = icmp eq %struct.drm_device.382396* %0, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %11 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.41055, i64 0, i64 0), i64 %8) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_fec_support_write ------------- Path:  Function:i915_dsc_fec_support_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file** %8 = load %struct.seq_file*, %struct.seq_file** %7, align 8 %9 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.intel_connector.438672** %11 = load %struct.intel_connector.438672*, %struct.intel_connector.438672** %10, align 8 %12 = getelementptr inbounds %struct.intel_connector.438672, %struct.intel_connector.438672* %11, i64 0, i32 1 %13 = load %struct.intel_encoder.438642*, %struct.intel_encoder.438642** %12, align 8 %14 = bitcast %struct.intel_encoder.438642* %13 to %struct.drm_i915_private.438758** %15 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %14, align 8 %16 = getelementptr inbounds %struct.intel_encoder.438642, %struct.intel_encoder.438642* %13, i64 0, i32 1 %17 = load i32, i32* %16, align 8 switch i32 %17, label %24 [ i32 10, label %18 i32 7, label %18 i32 8, label %18 i32 6, label %18 i32 11, label %20 ] %25 = phi %struct.intel_digital_port.438669* [ %19, %18 ], [ %23, %20 ], [ null, %4 ] %26 = icmp eq i64 %2, 0 br i1 %26, label %51, label %27 %28 = icmp eq %struct.drm_i915_private.438758* %15, null br i1 %28, label %32, label %29 %33 = phi %struct.device* [ %31, %29 ], [ null, %27 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %33, i32 2, i8* getelementptr inbounds ([41 x i8], [41 x i8]* @.str.255.39889, i64 0, i64 0), i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.438758** %12 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %11, align 8 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #79 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39851, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #78 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %72 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.438758* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.39858, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.438758** %12 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %11, align 8 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #79 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39851, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 store i32 50, i32* %5, align 4 %28 = icmp eq %struct.drm_i915_private.438758* %12, null br i1 %28, label %41, label %37 %42 = phi i32 [ %38, %37 ], [ %33, %36 ], [ 50, %27 ] %43 = phi %struct.device* [ %40, %37 ], [ null, %36 ], [ null, %27 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([45 x i8], [45 x i8]* @.str.40.39857, i64 0, i64 0), i32 %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.438758** %12 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 store i8 0, i8* %6, align 1 %14 = icmp ugt i64 %2, 15 br i1 %14, label %68, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %68 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #79 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39851, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68 %38 = icmp eq %struct.drm_i915_private.438758* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.39852, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.39853, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.39854, i64 0, i64 0), i8* %46) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.436855** %7 = load %struct.i915_gpu_coredump.436855*, %struct.i915_gpu_coredump.436855** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.436855* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.436855, %struct.i915_gpu_coredump.436855* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.436889*, %struct.drm_i915_private.436889** %10, align 8 %12 = icmp eq %struct.drm_i915_private.436889* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.42.39602, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 check_for_unclaimed_mmio 1 intel_uncore_forcewake_user_put 2 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.436889** %5 = load %struct.drm_i915_private.436889*, %struct.drm_i915_private.436889** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %5, i64 0, i32 3, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp ugt i8 %7, 5 br i1 %8, label %9, label %11 %10 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %5, i64 0, i32 9 tail call void bitcast (void (%struct.intel_uncore.429056*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.436570*)*)(%struct.intel_uncore.436570* %10) #78 Function:intel_uncore_forcewake_user_put %2 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %3) #78 %4 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 15 %5 = load i32, i32* %4, align 8 %6 = add i32 %5, -1 store i32 %6, i32* %4, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %64 %9 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 16 %10 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %11 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %13 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %12, i64 0, i32 3 %14 = load i32, i32* %13, align 4 %15 = add i32 %14, -1 store i32 %15, i32* %13, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %21 %22 = tail call fastcc zeroext i1 @check_for_unclaimed_mmio(%struct.intel_uncore.429056* %0) #79 Function:check_for_unclaimed_mmio %2 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 16 %3 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %2, align 8 %4 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %3, i64 0, i32 3 %5 = load i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %83 %8 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 271104 %16 = bitcast i8* %15 to i32* %17 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16) #6, !srcloc !4 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %30, !prof !5, !misexpect !6 %20 = icmp eq i32 %17, -1 br i1 %20, label %21, label %26, !prof !5, !misexpect !7 %22 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 1 %23 = load %struct.drm_i915_private.429396*, %struct.drm_i915_private.429396** %22, align 8 %24 = getelementptr inbounds %struct.drm_i915_private.429396, %struct.drm_i915_private.429396* %23, i64 0, i32 0, i32 2 %25 = load %struct.device*, %struct.device** %24, align 8 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %25, i8* getelementptr inbounds ([83 x i8], [83 x i8]* @.str.35.39371, i64 0, i64 0)) #78 br label %26 %27 = load i8*, i8** %13, align 8 %28 = getelementptr i8, i8* %27, i64 271104 %29 = bitcast i8* %28 to i32* tail call void asm sideeffect "movl $0,$1", "r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -2147483648, i32* %29) #6, !srcloc !8 br label %30 %31 = phi i8 [ 0, %7 ], [ 1, %26 ], [ 0, %12 ] %32 = load i32, i32* %8, align 4 %33 = and i32 %32, 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35 %52 = phi i32 [ %50, %47 ], [ %32, %30 ] %53 = phi i8 [ %49, %47 ], [ %31, %30 ] %54 = and i32 %52, 8 %55 = icmp eq i32 %54, 0 br i1 %55, label %79, label %56 %57 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 0 %58 = load i8*, i8** %57, align 8 %59 = getelementptr i8, i8* %58, i64 1179648 %60 = bitcast i8* %59 to i32* %61 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %60) #6, !srcloc !4 %62 = icmp ne i32 %61, 0 br i1 %62, label %63, label %75, !prof !5, !misexpect !7 %64 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 1 %65 = load %struct.drm_i915_private.429396*, %struct.drm_i915_private.429396** %64, align 8 %66 = icmp eq %struct.drm_i915_private.429396* %65, null br i1 %66, label %70, label %67 %68 = getelementptr inbounds %struct.drm_i915_private.429396, %struct.drm_i915_private.429396* %65, i64 0, i32 0, i32 2 %69 = load %struct.device*, %struct.device** %68, align 8 br label %70 %71 = phi %struct.device* [ %69, %67 ], [ null, %63 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %71, i32 2, i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str.36.39372, i64 0, i64 0), i32 %61) #79 ------------- Use: =BAD PATH= Call Stack: 0 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.423982** %12 = load %struct.drm_i915_private.423982*, %struct.drm_i915_private.423982** %11, align 8 %13 = icmp eq %struct.drm_i915_private.423982* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.38898, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_managed_release 1 drm_dev_put 2 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.449467** %5 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %5, i64 0, i32 103, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.382396* %9) #78 Function:drm_dev_put %2 = icmp eq %struct.drm_device.382396* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -1 %16 = bitcast %struct.qspinlock* %15 to %struct.drm_device.382396* %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 11 %18 = bitcast %struct.qspinlock* %17 to %struct.drm_driver** %19 = load %struct.drm_driver*, %struct.drm_driver** %18, align 8 %20 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %19, i64 0, i32 5 %21 = load void (%struct.drm_device.382396*)*, void (%struct.drm_device.382396*)** %20, align 8 %22 = icmp eq void (%struct.drm_device.382396*)* %21, null br i1 %22, label %24, label %23 tail call void %21(%struct.drm_device.382396* %16) #78 br label %24 tail call void bitcast (void (%struct.drm_device.408480*)* @drm_managed_release to void (%struct.drm_device.382396*)*)(%struct.drm_device.382396* %16) #78 Function:drm_managed_release %2 = icmp eq %struct.drm_device.408480* %0, null br i1 %2, label %6, label %3 %7 = phi %struct.device* [ %5, %3 ], [ null, %1 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %7, i32 512, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.38391, i64 0, i64 0)) #78 ------------- Good: 3079 Bad: 11 Ignored: 2018 Check Use of Function:sock_write_iter Check Use of Function:ring_buffer_discard_commit Check Use of Function:drm_mode_object_get Check Use of Function:put_sg_io_hdr Use: =BAD PATH= Call Stack: 0 sg_new_read 1 sg_read ------------- Path:  Function:sg_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %0, i64 0, i32 12 %7 = load %struct.cred*, %struct.cred** %6, align 8 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295320** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295320**)) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct.295320* %10 = getelementptr inbounds %struct.task_struct.295320, %struct.task_struct.295320* %9, i64 0, i32 84 %11 = load %struct.cred*, %struct.cred** %10, align 8 %12 = icmp eq %struct.cred* %7, %11 br i1 %12, label %19, label %13 %20 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %0, i64 0, i32 16 %21 = bitcast i8** %20 to %struct.sg_fd** %22 = load %struct.sg_fd*, %struct.sg_fd** %21, align 8 %23 = icmp eq %struct.sg_fd* %22, null br i1 %23, label %484, label %24 %25 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 1 %26 = load %struct.sg_device*, %struct.sg_device** %25, align 8 %27 = icmp eq %struct.sg_device* %26, null br i1 %27, label %484, label %28 %29 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 11 %30 = load i8, i8* %29, align 8 %31 = icmp ne i8 %30, 0 %32 = icmp ugt i64 %2, 35 %33 = and i1 %32, %31 br i1 %33, label %34, label %83 %84 = phi i32 [ %74, %71 ], [ -1, %28 ], [ -1, %64 ] %85 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 3 %86 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #78 %87 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %22, i64 0, i32 8 %88 = bitcast %struct.list_head* %87 to %struct.sg_request** %89 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %90 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %89, i64 0, i32 0 %91 = icmp eq %struct.list_head* %90, %87 br i1 %91, label %113, label %92 %93 = icmp eq i32 %84, -1 br label %94 %95 = phi %struct.sg_request* [ %89, %92 ], [ %110, %108 ] %96 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 7 %97 = load i8, i8* %96, align 2 %98 = icmp eq i8 %97, 0 br i1 %98, label %99, label %108 br i1 %93, label %104, label %100 %101 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 3, i32 11 %102 = load i32, i32* %101, align 8 %103 = icmp eq i32 %102, %84 br i1 %103, label %104, label %108 %105 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %95, i64 0, i32 8 %106 = load i8, i8* %105, align 1 %107 = icmp eq i8 %106, 1 br i1 %107, label %114, label %108 %109 = bitcast %struct.sg_request* %95 to %struct.sg_request** %110 = load %struct.sg_request*, %struct.sg_request** %109, align 8 %111 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %110, i64 0, i32 0 %112 = icmp eq %struct.list_head* %111, %87 br i1 %112, label %113, label %94 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %86) #78 br label %117 %118 = getelementptr inbounds %struct.file.295345, %struct.file.295345* %0, i64 0, i32 7 %119 = load i32, i32* %118, align 8 %120 = and i32 %119, 2048 %121 = icmp eq i32 %120, 0 br i1 %121, label %122, label %484 %123 = tail call i32 @__cond_resched() #78 %124 = tail call i64 @_raw_write_lock_irqsave(%struct.rwlock_t* %85) #78 %125 = load %struct.sg_request*, %struct.sg_request** %88, align 8 %126 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %125, i64 0, i32 0 %127 = icmp eq %struct.list_head* %126, %87 br i1 %127, label %152, label %128 %129 = icmp eq i32 %84, -1 br label %130 %131 = phi i8 [ 0, %128 ], [ %147, %146 ] %132 = phi %struct.sg_request* [ %125, %128 ], [ %149, %146 ] %133 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 7 %134 = load i8, i8* %133, align 2 %135 = icmp eq i8 %134, 0 br i1 %135, label %136, label %146 br i1 %129, label %141, label %137 %138 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 3, i32 11 %139 = load i32, i32* %138, align 8 %140 = icmp eq i32 %139, %84 br i1 %140, label %141, label %146 %142 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 8 %143 = load i8, i8* %142, align 1 %144 = sext i8 %143 to i32 switch i32 %144, label %146 [ i32 0, label %145 i32 1, label %154 ] %155 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %132, i64 0, i32 8 store i8 2, i8* %155, align 1 tail call void @_raw_write_unlock_irqrestore(%struct.rwlock_t* %85, i64 %124) #78 %156 = icmp eq %struct.sg_request* %132, null br i1 %156, label %157, label %222 %223 = phi %struct.sg_request* [ %95, %114 ], [ %212, %211 ], [ %132, %154 ] %224 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %223, i64 0, i32 3, i32 0 %225 = load i32, i32* %224, align 8 %226 = icmp eq i32 %225, 0 br i1 %226, label %229, label %227 %228 = call fastcc i64 @sg_new_read(%struct.sg_fd* nonnull %22, i8* %1, i64 %2, %struct.sg_request* nonnull %223) #80 Function:sg_new_read %5 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.295320** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.295320**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.295320* %8 = getelementptr inbounds %struct.task_struct.295320, %struct.task_struct.295320* %7, i64 0, i32 0, i32 2 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = icmp ult i64 %2, 88 br i1 %15, label %70, label %16 %17 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 16 store i8 0, i8* %17, align 1 %18 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 3 %19 = load i8, i8* %18, align 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %52, label %21 %22 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 8 %23 = load i8*, i8** %22, align 8 %24 = icmp eq i8* %23, null br i1 %24, label %52, label %25 %26 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 14 %27 = load i8, i8* %26, align 1 %28 = and i8 %27, 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %30, label %35 %36 = icmp ult i8 %19, 96 %37 = select i1 %36, i8 %19, i8 96 %38 = zext i8 %37 to i32 %39 = getelementptr %struct.sg_request, %struct.sg_request* %3, i64 0, i32 4, i64 7 %40 = load i8, i8* %39, align 1 %41 = zext i8 %40 to i32 %42 = add nuw nsw i32 %41, 8 %43 = icmp ugt i32 %42, %38 %44 = select i1 %43, i32 %38, i32 %42 %45 = zext i32 %44 to i64 %46 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 4, i64 0 %47 = tail call i64 @_copy_to_user(i8* nonnull %23, i8* %46, i64 %45) #78 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %70 %50 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 18 store i16 8, i16* %50, align 2 %51 = trunc i32 %44 to i8 store i8 %51, i8* %17, align 1 br label %52 %53 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 14 %54 = load i8, i8* %53, align 1 %55 = icmp eq i8 %54, 0 br i1 %55, label %56, label %64 %57 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 17 %58 = load i16, i16* %57, align 4 %59 = icmp eq i16 %58, 0 br i1 %59, label %60, label %64 %61 = getelementptr inbounds %struct.sg_request, %struct.sg_request* %3, i64 0, i32 3, i32 18 %62 = load i16, i16* %61, align 2 %63 = icmp eq i16 %62, 0 br i1 %63, label %68, label %64 %69 = tail call i32 @put_sg_io_hdr(%struct.sg_io_hdr* %5, i8* %1) #78 ------------- Good: 2 Bad: 1 Ignored: 0 Check Use of Function:xt_compat_match_from_user Check Use of Function:ring_buffer_event_data Use: =BAD PATH= Call Stack: 0 __find_next_entry 1 trace_find_next_entry 2 trace_print_lat_context 3 print_trace_line 4 s_show.11332 ------------- Path:  Function:s_show.11332 %3 = bitcast i8* %1 to %struct.trace_iterator* %4 = getelementptr inbounds i8, i8* %1, i64 8416 %5 = bitcast i8* %4 to %struct.trace_entry** %6 = load %struct.trace_entry*, %struct.trace_entry** %5, align 8 %7 = icmp eq %struct.trace_entry* %6, null br i1 %7, label %8, label %36 %37 = getelementptr inbounds i8, i8* %1, i64 8432 %38 = bitcast i8* %37 to i32* %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %45, label %41 %46 = tail call i32 @print_trace_line(%struct.trace_iterator* %3) #79 Function:print_trace_line %2 = alloca i8, align 1 %3 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 0 %4 = load %struct.trace_array*, %struct.trace_array** %3, align 8 %5 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %4, i64 0, i32 14 %6 = load i32, i32* %5, align 8 %7 = zext i32 %6 to i64 %8 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 18 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %28, label %11 %29 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 1 %30 = load %struct.tracer*, %struct.tracer** %29, align 8 %31 = icmp eq %struct.tracer* %30, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.tracer, %struct.tracer* %30, i64 0, i32 13 %34 = load i32 (%struct.trace_iterator*)*, i32 (%struct.trace_iterator*)** %33, align 8 %35 = icmp eq i32 (%struct.trace_iterator*)* %34, null br i1 %35, label %39, label %36 %37 = tail call i32 %34(%struct.trace_iterator* %0) #78 %38 = icmp eq i32 %37, 2 br i1 %38, label %39, label %285 %40 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 17 %41 = load %struct.trace_entry*, %struct.trace_entry** %40, align 8 %42 = getelementptr inbounds %struct.trace_entry, %struct.trace_entry* %41, i64 0, i32 0 %43 = load i16, i16* %42, align 4 %44 = icmp ne i16 %43, 14 %45 = and i64 %7, 4352 %46 = icmp ne i64 %45, 4352 %47 = or i1 %46, %44 br i1 %47, label %50, label %48 %51 = icmp ne i16 %43, 6 %52 = or i1 %46, %51 br i1 %52, label %55, label %53 %56 = icmp ne i16 %43, 5 %57 = or i1 %46, %56 br i1 %57, label %60, label %58 %61 = and i64 %7, 64 %62 = icmp eq i64 %61, 0 br i1 %62, label %99, label %63 %100 = and i64 %7, 32 %101 = icmp eq i64 %100, 0 br i1 %101, label %152, label %102 %153 = and i64 %7, 16 %154 = icmp eq i64 %153, 0 %155 = load %struct.trace_array*, %struct.trace_array** %3, align 8 %156 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 16 %157 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %155, i64 0, i32 14 %158 = load i32, i32* %157, align 8 br i1 %154, label %200, label %159 %201 = and i32 %158, 7 %202 = and i32 %158, 512 %203 = icmp eq i32 %202, 0 br i1 %203, label %241, label %204 %205 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 7 %206 = load i64, i64* %205, align 8 %207 = and i64 %206, 2 %208 = icmp eq i64 %207, 0 br i1 %208, label %241, label %209 %210 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 14, i64 0 %211 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 21 %212 = load i32, i32* %211, align 8 %213 = zext i32 %212 to i64 %214 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %210, i64 0, i32 0, i64 0 %215 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %214, i64 %213) #6, !srcloc !4 %216 = and i8 %215, 1 %217 = icmp eq i8 %216, 0 br i1 %217, label %218, label %241 %219 = load i32, i32* %211, align 8 %220 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %221 = load %struct.array_buffer*, %struct.array_buffer** %220, align 8 %222 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %221, i64 0, i32 2 %223 = bitcast %struct.trace_array_cpu** %222 to i64* %224 = load i64, i64* %223, align 8 %225 = sext i32 %219 to i64 %226 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %225 %227 = load i64, i64* %226, align 8 %228 = add i64 %227, %224 %229 = inttoptr i64 %228 to %struct.trace_array_cpu* %230 = getelementptr inbounds %struct.trace_array_cpu, %struct.trace_array_cpu* %229, i64 0, i32 10 %231 = load i64, i64* %230, align 8 %232 = icmp eq i64 %231, 0 br i1 %232, label %233, label %241 %234 = zext i32 %219 to i64 %235 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %210, i64 0, i32 0, i64 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %235, i64 %234) #6, !srcloc !5 %236 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 24 %237 = load i64, i64* %236, align 8 %238 = icmp sgt i64 %237, 1 br i1 %238, label %239, label %241 %240 = load i32, i32* %211, align 8 tail call void (%struct.trace_seq*, i8*, ...) @trace_seq_printf(%struct.trace_seq* %156, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.90.11324, i64 0, i64 0), i32 %240) #78 br label %241 %242 = load i16, i16* %42, align 4 %243 = zext i16 %242 to i32 %244 = tail call %struct.trace_event* bitcast (%struct.trace_event.106070* (i32)* @ftrace_find_event to %struct.trace_event* (i32)*)(i32 %243) #78 %245 = load i32, i32* %157, align 8 %246 = and i32 %245, 8192 %247 = icmp eq i32 %246, 0 br i1 %247, label %257, label %248 %249 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 7 %250 = load i64, i64* %249, align 8 %251 = and i64 %250, 1 %252 = icmp eq i64 %251, 0 br i1 %252, label %255, label %253 %254 = tail call i32 bitcast (i32 (%struct.trace_iterator.106068*)* @trace_print_lat_context to i32 (%struct.trace_iterator*)*)(%struct.trace_iterator* %0) #78 Function:trace_print_lat_context %2 = alloca [16 x i8], align 16 %3 = alloca i64, align 8 %4 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.trace_iterator.106068, %struct.trace_iterator.106068* %0, i64 0, i32 0 %6 = load %struct.trace_array.106063*, %struct.trace_array.106063** %5, align 8 %7 = getelementptr inbounds %struct.trace_iterator.106068, %struct.trace_iterator.106068* %0, i64 0, i32 16 %8 = getelementptr inbounds %struct.trace_array.106063, %struct.trace_array.106063* %6, i64 0, i32 14 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 8 %11 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %12 = call %struct.trace_entry* bitcast (%struct.trace_entry* (%struct.trace_iterator*, i32*, i64*)* @trace_find_next_entry to %struct.trace_entry* (%struct.trace_iterator.106068*, i32*, i64*)*)(%struct.trace_iterator.106068* %0, i32* null, i64* nonnull %3) #78 Function:trace_find_next_entry %4 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 20 %5 = load i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, getelementptr inbounds ([128 x i8], [128 x i8]* @static_temp_buf, i64 0, i64 0) %9 = icmp sgt i32 %5, 128 %10 = and i1 %9, %8 br i1 %10, label %47, label %11 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 17 %13 = load %struct.trace_entry*, %struct.trace_entry** %12, align 8 %14 = icmp eq %struct.trace_entry* %13, null %15 = bitcast i8* %7 to %struct.trace_entry* %16 = icmp eq %struct.trace_entry* %13, %15 %17 = or i1 %14, %16 br i1 %17, label %45, label %18 %46 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %0, i32* %1, i64* null, i64* %2) #79 Function:__find_next_entry %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %8 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %9 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %8, i64 0, i32 1 %10 = load %struct.trace_buffer*, %struct.trace_buffer** %9, align 8 %11 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 4 %13 = load i32, i32* %12, align 8 %14 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %15 = icmp sgt i32 %13, -1 br i1 %15, label %19, label %16 %17 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 6 %18 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 20 br label %96 %97 = phi %struct.trace_entry* [ %93, %92 ], [ null, %16 ] %98 = phi i64 [ %94, %92 ], [ 0, %16 ] %99 = phi i64 [ %89, %92 ], [ 0, %16 ] %100 = phi i32 [ %57, %92 ], [ -1, %16 ] %101 = phi i32 [ %95, %92 ], [ 0, %16 ] %102 = icmp eq %struct.trace_entry* %97, null br label %103 %104 = phi i32 [ %100, %96 ], [ %57, %83 ] br label %55 %56 = phi i32 [ %57, %60 ], [ %104, %103 ] %57 = call i32 @cpumask_next(i32 %56, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @tracing_buffer_mask, i64 0, i64 0)) #79 %58 = load i32, i32* @nr_cpu_ids, align 4 %59 = icmp ult i32 %57, %58 br i1 %59, label %60, label %105 %61 = call zeroext i1 @ring_buffer_empty_cpu(%struct.trace_buffer* %10, i32 %57) #78 br i1 %61, label %55, label %62 %63 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %17, align 8 %64 = icmp eq %struct.ring_buffer_iter** %63, null br i1 %64, label %74, label %65 %66 = sext i32 %57 to i64 %67 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %63, i64 %66 %68 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %67, align 8 %69 = icmp eq %struct.ring_buffer_iter* %68, null br i1 %69, label %74, label %70 %75 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %76 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %75, i64 0, i32 1 %77 = load %struct.trace_buffer*, %struct.trace_buffer** %76, align 8 %78 = call %struct.ring_buffer_event* @ring_buffer_peek(%struct.trace_buffer* %77, i32 %57, i64* nonnull %6, i64* nonnull %5) #78 br label %79 %80 = phi %struct.ring_buffer_event* [ %71, %70 ], [ %78, %74 ] %81 = icmp eq %struct.ring_buffer_event* %80, null br i1 %81, label %82, label %84 %85 = call i32 @ring_buffer_event_length(%struct.ring_buffer_event* nonnull %80) #78 store i32 %85, i32* %18, align 4 %86 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %80) #78 ------------- Use: =BAD PATH= Call Stack: 0 __find_next_entry 1 s_next.11331 ------------- Path:  Function:s_next.11331 %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = load i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.trace_iterator* %7 = load i64, i64* %2, align 8 %8 = getelementptr inbounds i8, i8* %5, i64 8432 %9 = bitcast i8* %8 to i32* %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12, !prof !4, !misexpect !5 %15 = phi i64 [ %7, %3 ], [ %13, %12 ] %16 = add i64 %15, 1 store i64 %16, i64* %2, align 8 %17 = getelementptr inbounds i8, i8* %5, i64 8464 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = shl i64 %7, 32 %21 = ashr exact i64 %20, 32 %22 = icmp sgt i64 %19, %21 br i1 %22, label %103, label %23 %24 = icmp slt i64 %19, 0 br i1 %24, label %25, label %57 %26 = getelementptr inbounds i8, i8* %5, i64 8440 %27 = bitcast i8* %26 to i32* %28 = getelementptr inbounds i8, i8* %5, i64 8424 %29 = bitcast i8* %28 to i64* %30 = getelementptr inbounds i8, i8* %5, i64 8448 %31 = bitcast i8* %30 to i64* %32 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %6, i32* %27, i64* %29, i64* %31) #78 %33 = getelementptr inbounds i8, i8* %5, i64 8416 %34 = bitcast i8* %33 to %struct.trace_entry** store %struct.trace_entry* %32, %struct.trace_entry** %34, align 8 %35 = icmp eq %struct.trace_entry* %32, null br i1 %35, label %98, label %36 %37 = getelementptr inbounds i8, i8* %5, i64 72 %38 = bitcast i8* %37 to %struct.ring_buffer_iter*** %39 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %38, align 8 %40 = icmp eq %struct.ring_buffer_iter** %39, null br i1 %40, label %41, label %44 %45 = load i32, i32* %27, align 8 %46 = sext i32 %45 to i64 %47 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %39, i64 %46 %48 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %47, align 8 %49 = load i64, i64* %18, align 8 %50 = add i64 %49, 1 store i64 %50, i64* %18, align 8 %51 = icmp eq %struct.ring_buffer_iter* %48, null br i1 %51, label %57, label %52 tail call void @ring_buffer_iter_advance(%struct.ring_buffer_iter* nonnull %48) #78 %53 = load %struct.trace_entry*, %struct.trace_entry** %34, align 8 %54 = icmp eq %struct.trace_entry* %53, null %55 = icmp eq i8* %5, null %56 = or i1 %54, %55 br i1 %56, label %98, label %59 %60 = getelementptr inbounds i8, i8* %5, i64 8440 %61 = bitcast i8* %60 to i32* %62 = getelementptr inbounds i8, i8* %5, i64 8424 %63 = bitcast i8* %62 to i64* %64 = getelementptr inbounds i8, i8* %5, i64 8448 %65 = bitcast i8* %64 to i64* %66 = getelementptr inbounds i8, i8* %5, i64 8416 %67 = bitcast i8* %66 to %struct.trace_entry** %68 = getelementptr inbounds i8, i8* %5, i64 72 %69 = bitcast i8* %68 to %struct.ring_buffer_iter*** %70 = icmp eq i8* %5, null %71 = load i64, i64* %18, align 8 %72 = icmp slt i64 %71, %21 br i1 %72, label %77, label %98 %78 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %6, i32* %61, i64* %63, i64* %65) #78 Function:__find_next_entry %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %8 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %9 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %8, i64 0, i32 1 %10 = load %struct.trace_buffer*, %struct.trace_buffer** %9, align 8 %11 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 4 %13 = load i32, i32* %12, align 8 %14 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %15 = icmp sgt i32 %13, -1 br i1 %15, label %19, label %16 %17 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 6 %18 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 20 br label %96 %97 = phi %struct.trace_entry* [ %93, %92 ], [ null, %16 ] %98 = phi i64 [ %94, %92 ], [ 0, %16 ] %99 = phi i64 [ %89, %92 ], [ 0, %16 ] %100 = phi i32 [ %57, %92 ], [ -1, %16 ] %101 = phi i32 [ %95, %92 ], [ 0, %16 ] %102 = icmp eq %struct.trace_entry* %97, null br label %103 %104 = phi i32 [ %100, %96 ], [ %57, %83 ] br label %55 %56 = phi i32 [ %57, %60 ], [ %104, %103 ] %57 = call i32 @cpumask_next(i32 %56, %struct.cpumask* getelementptr inbounds ([1 x %struct.cpumask], [1 x %struct.cpumask]* @tracing_buffer_mask, i64 0, i64 0)) #79 %58 = load i32, i32* @nr_cpu_ids, align 4 %59 = icmp ult i32 %57, %58 br i1 %59, label %60, label %105 %61 = call zeroext i1 @ring_buffer_empty_cpu(%struct.trace_buffer* %10, i32 %57) #78 br i1 %61, label %55, label %62 %63 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %17, align 8 %64 = icmp eq %struct.ring_buffer_iter** %63, null br i1 %64, label %74, label %65 %66 = sext i32 %57 to i64 %67 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %63, i64 %66 %68 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %67, align 8 %69 = icmp eq %struct.ring_buffer_iter* %68, null br i1 %69, label %74, label %70 %75 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %76 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %75, i64 0, i32 1 %77 = load %struct.trace_buffer*, %struct.trace_buffer** %76, align 8 %78 = call %struct.ring_buffer_event* @ring_buffer_peek(%struct.trace_buffer* %77, i32 %57, i64* nonnull %6, i64* nonnull %5) #78 br label %79 %80 = phi %struct.ring_buffer_event* [ %71, %70 ], [ %78, %74 ] %81 = icmp eq %struct.ring_buffer_event* %80, null br i1 %81, label %82, label %84 %85 = call i32 @ring_buffer_event_length(%struct.ring_buffer_event* nonnull %80) #78 store i32 %85, i32* %18, align 4 %86 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %80) #78 ------------- Use: =BAD PATH= Call Stack: 0 __find_next_entry 1 trace_find_next_entry 2 trace_print_lat_context 3 print_trace_line 4 s_show.11332 ------------- Path:  Function:s_show.11332 %3 = bitcast i8* %1 to %struct.trace_iterator* %4 = getelementptr inbounds i8, i8* %1, i64 8416 %5 = bitcast i8* %4 to %struct.trace_entry** %6 = load %struct.trace_entry*, %struct.trace_entry** %5, align 8 %7 = icmp eq %struct.trace_entry* %6, null br i1 %7, label %8, label %36 %37 = getelementptr inbounds i8, i8* %1, i64 8432 %38 = bitcast i8* %37 to i32* %39 = load i32, i32* %38, align 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %45, label %41 %46 = tail call i32 @print_trace_line(%struct.trace_iterator* %3) #79 Function:print_trace_line %2 = alloca i8, align 1 %3 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 0 %4 = load %struct.trace_array*, %struct.trace_array** %3, align 8 %5 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %4, i64 0, i32 14 %6 = load i32, i32* %5, align 8 %7 = zext i32 %6 to i64 %8 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 18 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %28, label %11 %29 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 1 %30 = load %struct.tracer*, %struct.tracer** %29, align 8 %31 = icmp eq %struct.tracer* %30, null br i1 %31, label %39, label %32 %33 = getelementptr inbounds %struct.tracer, %struct.tracer* %30, i64 0, i32 13 %34 = load i32 (%struct.trace_iterator*)*, i32 (%struct.trace_iterator*)** %33, align 8 %35 = icmp eq i32 (%struct.trace_iterator*)* %34, null br i1 %35, label %39, label %36 %37 = tail call i32 %34(%struct.trace_iterator* %0) #78 %38 = icmp eq i32 %37, 2 br i1 %38, label %39, label %285 %40 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 17 %41 = load %struct.trace_entry*, %struct.trace_entry** %40, align 8 %42 = getelementptr inbounds %struct.trace_entry, %struct.trace_entry* %41, i64 0, i32 0 %43 = load i16, i16* %42, align 4 %44 = icmp ne i16 %43, 14 %45 = and i64 %7, 4352 %46 = icmp ne i64 %45, 4352 %47 = or i1 %46, %44 br i1 %47, label %50, label %48 %51 = icmp ne i16 %43, 6 %52 = or i1 %46, %51 br i1 %52, label %55, label %53 %56 = icmp ne i16 %43, 5 %57 = or i1 %46, %56 br i1 %57, label %60, label %58 %61 = and i64 %7, 64 %62 = icmp eq i64 %61, 0 br i1 %62, label %99, label %63 %100 = and i64 %7, 32 %101 = icmp eq i64 %100, 0 br i1 %101, label %152, label %102 %153 = and i64 %7, 16 %154 = icmp eq i64 %153, 0 %155 = load %struct.trace_array*, %struct.trace_array** %3, align 8 %156 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 16 %157 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %155, i64 0, i32 14 %158 = load i32, i32* %157, align 8 br i1 %154, label %200, label %159 %201 = and i32 %158, 7 %202 = and i32 %158, 512 %203 = icmp eq i32 %202, 0 br i1 %203, label %241, label %204 %205 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 7 %206 = load i64, i64* %205, align 8 %207 = and i64 %206, 2 %208 = icmp eq i64 %207, 0 br i1 %208, label %241, label %209 %210 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 14, i64 0 %211 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 21 %212 = load i32, i32* %211, align 8 %213 = zext i32 %212 to i64 %214 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %210, i64 0, i32 0, i64 0 %215 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %214, i64 %213) #6, !srcloc !4 %216 = and i8 %215, 1 %217 = icmp eq i8 %216, 0 br i1 %217, label %218, label %241 %219 = load i32, i32* %211, align 8 %220 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %221 = load %struct.array_buffer*, %struct.array_buffer** %220, align 8 %222 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %221, i64 0, i32 2 %223 = bitcast %struct.trace_array_cpu** %222 to i64* %224 = load i64, i64* %223, align 8 %225 = sext i32 %219 to i64 %226 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %225 %227 = load i64, i64* %226, align 8 %228 = add i64 %227, %224 %229 = inttoptr i64 %228 to %struct.trace_array_cpu* %230 = getelementptr inbounds %struct.trace_array_cpu, %struct.trace_array_cpu* %229, i64 0, i32 10 %231 = load i64, i64* %230, align 8 %232 = icmp eq i64 %231, 0 br i1 %232, label %233, label %241 %234 = zext i32 %219 to i64 %235 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %210, i64 0, i32 0, i64 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %235, i64 %234) #6, !srcloc !5 %236 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 24 %237 = load i64, i64* %236, align 8 %238 = icmp sgt i64 %237, 1 br i1 %238, label %239, label %241 %240 = load i32, i32* %211, align 8 tail call void (%struct.trace_seq*, i8*, ...) @trace_seq_printf(%struct.trace_seq* %156, i8* getelementptr inbounds ([34 x i8], [34 x i8]* @.str.90.11324, i64 0, i64 0), i32 %240) #78 br label %241 %242 = load i16, i16* %42, align 4 %243 = zext i16 %242 to i32 %244 = tail call %struct.trace_event* bitcast (%struct.trace_event.106070* (i32)* @ftrace_find_event to %struct.trace_event* (i32)*)(i32 %243) #78 %245 = load i32, i32* %157, align 8 %246 = and i32 %245, 8192 %247 = icmp eq i32 %246, 0 br i1 %247, label %257, label %248 %249 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 7 %250 = load i64, i64* %249, align 8 %251 = and i64 %250, 1 %252 = icmp eq i64 %251, 0 br i1 %252, label %255, label %253 %254 = tail call i32 bitcast (i32 (%struct.trace_iterator.106068*)* @trace_print_lat_context to i32 (%struct.trace_iterator*)*)(%struct.trace_iterator* %0) #78 Function:trace_print_lat_context %2 = alloca [16 x i8], align 16 %3 = alloca i64, align 8 %4 = alloca [16 x i8], align 16 %5 = getelementptr inbounds %struct.trace_iterator.106068, %struct.trace_iterator.106068* %0, i64 0, i32 0 %6 = load %struct.trace_array.106063*, %struct.trace_array.106063** %5, align 8 %7 = getelementptr inbounds %struct.trace_iterator.106068, %struct.trace_iterator.106068* %0, i64 0, i32 16 %8 = getelementptr inbounds %struct.trace_array.106063, %struct.trace_array.106063* %6, i64 0, i32 14 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 8 %11 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %12 = call %struct.trace_entry* bitcast (%struct.trace_entry* (%struct.trace_iterator*, i32*, i64*)* @trace_find_next_entry to %struct.trace_entry* (%struct.trace_iterator.106068*, i32*, i64*)*)(%struct.trace_iterator.106068* %0, i32* null, i64* nonnull %3) #78 Function:trace_find_next_entry %4 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 20 %5 = load i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, getelementptr inbounds ([128 x i8], [128 x i8]* @static_temp_buf, i64 0, i64 0) %9 = icmp sgt i32 %5, 128 %10 = and i1 %9, %8 br i1 %10, label %47, label %11 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 17 %13 = load %struct.trace_entry*, %struct.trace_entry** %12, align 8 %14 = icmp eq %struct.trace_entry* %13, null %15 = bitcast i8* %7 to %struct.trace_entry* %16 = icmp eq %struct.trace_entry* %13, %15 %17 = or i1 %14, %16 br i1 %17, label %45, label %18 %46 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %0, i32* %1, i64* null, i64* %2) #79 Function:__find_next_entry %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %8 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %9 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %8, i64 0, i32 1 %10 = load %struct.trace_buffer*, %struct.trace_buffer** %9, align 8 %11 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 4 %13 = load i32, i32* %12, align 8 %14 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %15 = icmp sgt i32 %13, -1 br i1 %15, label %19, label %16 %20 = tail call zeroext i1 @ring_buffer_empty_cpu(%struct.trace_buffer* %10, i32 %13) #78 br i1 %20, label %114, label %21 %22 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 6 %23 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %22, align 8 %24 = icmp eq %struct.ring_buffer_iter** %23, null br i1 %24, label %36, label %25 %26 = zext i32 %13 to i64 %27 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %23, i64 %26 %28 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %27, align 8 %29 = icmp eq %struct.ring_buffer_iter* %28, null br i1 %29, label %36, label %30 %37 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %38 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %37, i64 0, i32 1 %39 = load %struct.trace_buffer*, %struct.trace_buffer** %38, align 8 %40 = tail call %struct.ring_buffer_event* @ring_buffer_peek(%struct.trace_buffer* %39, i32 %13, i64* %3, i64* %2) #78 br label %41 %42 = phi %struct.ring_buffer_event* [ %31, %33 ], [ %31, %30 ], [ %40, %36 ] %43 = icmp eq %struct.ring_buffer_event* %42, null br i1 %43, label %49, label %44 %45 = tail call i32 @ring_buffer_event_length(%struct.ring_buffer_event* nonnull %42) #78 %46 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 20 store i32 %45, i32* %46, align 4 %47 = tail call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 __find_next_entry 1 s_next.11331 ------------- Path:  Function:s_next.11331 %4 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %5 = load i8*, i8** %4, align 8 %6 = bitcast i8* %5 to %struct.trace_iterator* %7 = load i64, i64* %2, align 8 %8 = getelementptr inbounds i8, i8* %5, i64 8432 %9 = bitcast i8* %8 to i32* %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12, !prof !4, !misexpect !5 %15 = phi i64 [ %7, %3 ], [ %13, %12 ] %16 = add i64 %15, 1 store i64 %16, i64* %2, align 8 %17 = getelementptr inbounds i8, i8* %5, i64 8464 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = shl i64 %7, 32 %21 = ashr exact i64 %20, 32 %22 = icmp sgt i64 %19, %21 br i1 %22, label %103, label %23 %24 = icmp slt i64 %19, 0 br i1 %24, label %25, label %57 %26 = getelementptr inbounds i8, i8* %5, i64 8440 %27 = bitcast i8* %26 to i32* %28 = getelementptr inbounds i8, i8* %5, i64 8424 %29 = bitcast i8* %28 to i64* %30 = getelementptr inbounds i8, i8* %5, i64 8448 %31 = bitcast i8* %30 to i64* %32 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %6, i32* %27, i64* %29, i64* %31) #78 %33 = getelementptr inbounds i8, i8* %5, i64 8416 %34 = bitcast i8* %33 to %struct.trace_entry** store %struct.trace_entry* %32, %struct.trace_entry** %34, align 8 %35 = icmp eq %struct.trace_entry* %32, null br i1 %35, label %98, label %36 %37 = getelementptr inbounds i8, i8* %5, i64 72 %38 = bitcast i8* %37 to %struct.ring_buffer_iter*** %39 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %38, align 8 %40 = icmp eq %struct.ring_buffer_iter** %39, null br i1 %40, label %41, label %44 %45 = load i32, i32* %27, align 8 %46 = sext i32 %45 to i64 %47 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %39, i64 %46 %48 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %47, align 8 %49 = load i64, i64* %18, align 8 %50 = add i64 %49, 1 store i64 %50, i64* %18, align 8 %51 = icmp eq %struct.ring_buffer_iter* %48, null br i1 %51, label %57, label %52 tail call void @ring_buffer_iter_advance(%struct.ring_buffer_iter* nonnull %48) #78 %53 = load %struct.trace_entry*, %struct.trace_entry** %34, align 8 %54 = icmp eq %struct.trace_entry* %53, null %55 = icmp eq i8* %5, null %56 = or i1 %54, %55 br i1 %56, label %98, label %59 %60 = getelementptr inbounds i8, i8* %5, i64 8440 %61 = bitcast i8* %60 to i32* %62 = getelementptr inbounds i8, i8* %5, i64 8424 %63 = bitcast i8* %62 to i64* %64 = getelementptr inbounds i8, i8* %5, i64 8448 %65 = bitcast i8* %64 to i64* %66 = getelementptr inbounds i8, i8* %5, i64 8416 %67 = bitcast i8* %66 to %struct.trace_entry** %68 = getelementptr inbounds i8, i8* %5, i64 72 %69 = bitcast i8* %68 to %struct.ring_buffer_iter*** %70 = icmp eq i8* %5, null %71 = load i64, i64* %18, align 8 %72 = icmp slt i64 %71, %21 br i1 %72, label %77, label %98 %78 = tail call fastcc %struct.trace_entry* @__find_next_entry(%struct.trace_iterator* %6, i32* %61, i64* %63, i64* %65) #78 Function:__find_next_entry %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 2 %8 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %9 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %8, i64 0, i32 1 %10 = load %struct.trace_buffer*, %struct.trace_buffer** %9, align 8 %11 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %12 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 4 %13 = load i32, i32* %12, align 8 %14 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %15 = icmp sgt i32 %13, -1 br i1 %15, label %19, label %16 %20 = tail call zeroext i1 @ring_buffer_empty_cpu(%struct.trace_buffer* %10, i32 %13) #78 br i1 %20, label %114, label %21 %22 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 6 %23 = load %struct.ring_buffer_iter**, %struct.ring_buffer_iter*** %22, align 8 %24 = icmp eq %struct.ring_buffer_iter** %23, null br i1 %24, label %36, label %25 %26 = zext i32 %13 to i64 %27 = getelementptr %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %23, i64 %26 %28 = load %struct.ring_buffer_iter*, %struct.ring_buffer_iter** %27, align 8 %29 = icmp eq %struct.ring_buffer_iter* %28, null br i1 %29, label %36, label %30 %37 = load %struct.array_buffer*, %struct.array_buffer** %7, align 8 %38 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %37, i64 0, i32 1 %39 = load %struct.trace_buffer*, %struct.trace_buffer** %38, align 8 %40 = tail call %struct.ring_buffer_event* @ring_buffer_peek(%struct.trace_buffer* %39, i32 %13, i64* %3, i64* %2) #78 br label %41 %42 = phi %struct.ring_buffer_event* [ %31, %33 ], [ %31, %30 ], [ %40, %36 ] %43 = icmp eq %struct.ring_buffer_event* %42, null br i1 %43, label %49, label %44 %45 = tail call i32 @ring_buffer_event_length(%struct.ring_buffer_event* nonnull %42) #78 %46 = getelementptr inbounds %struct.trace_iterator, %struct.trace_iterator* %0, i64 0, i32 20 store i32 %45, i32* %46, align 4 %47 = tail call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %42) #78 ------------- Good: 908 Bad: 4 Ignored: 1805 Check Use of Function:is_ucounts_overlimit Check Use of Function:do_split Check Use of Function:cfg80211_abandon_assoc Check Use of Function:ring_buffer_lock_reserve Use: =BAD PATH= Call Stack: 0 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %159 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 14 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %159, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = trunc i64 %17 to i32 %19 = add nuw nsw i64 %17, 18 %20 = icmp ult i64 %17, 9 %21 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %22 = load %struct.trace_buffer*, %struct.trace_buffer** %21, align 8 %23 = select i1 %20, i64 27, i64 %19 %24 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %25 = load i64, i64* %5, align 8 %26 = lshr i64 %25, 9 %27 = trunc i64 %26 to i32 %28 = and i32 %27, 1 %29 = xor i32 %28, 1 %30 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %31 = and i32 %30, 2147483647 %32 = zext i32 %31 to i64 %33 = and i64 %32, 15728640 %34 = icmp eq i64 %33, 0 %35 = or i32 %29, 64 %36 = select i1 %34, i32 %29, i32 %35 %37 = and i64 %32, 983040 %38 = icmp eq i64 %37, 0 %39 = or i32 %36, 8 %40 = select i1 %38, i32 %36, i32 %39 %41 = lshr i32 %30, 4 %42 = and i32 %41, 16 %43 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %44 = inttoptr i64 %43 to %struct.task_struct* %45 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 0, i32 0 %46 = load volatile i64, i64* %45, align 8 %47 = lshr i64 %46, 1 %48 = trunc i64 %47 to i32 %49 = and i32 %48, 4 %50 = or i32 %49, %42 %51 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %52 = and i32 %40, 65535 %53 = or i32 %50, %52 %54 = and i32 %30, 255 %55 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %44, i64 0, i32 32 %56 = load i16, i16* %55, align 8 %57 = zext i16 %56 to i32 %58 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.trace_buffer* %22, i64 %23) #78 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %112 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 14 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %112, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = add nuw nsw i64 %20, 12 %22 = icmp ult i64 %20, 13 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.trace_buffer*, %struct.trace_buffer** %23, align 8 %25 = select i1 %22, i64 25, i64 %21 %26 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %27 = load i64, i64* %5, align 8 %28 = lshr i64 %27, 9 %29 = trunc i64 %28 to i32 %30 = and i32 %29, 1 %31 = xor i32 %30, 1 %32 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %33 = and i32 %32, 2147483647 %34 = zext i32 %33 to i64 %35 = and i64 %34, 15728640 %36 = icmp eq i64 %35, 0 %37 = or i32 %31, 64 %38 = select i1 %36, i32 %31, i32 %37 %39 = and i64 %34, 983040 %40 = icmp eq i64 %39, 0 %41 = or i32 %38, 8 %42 = select i1 %40, i32 %38, i32 %41 %43 = lshr i32 %32, 4 %44 = and i32 %43, 16 %45 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct* %47 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %46, i64 0, i32 0, i32 0 %48 = load volatile i64, i64* %47, align 8 %49 = lshr i64 %48, 1 %50 = trunc i64 %49 to i32 %51 = and i32 %50, 4 %52 = or i32 %51, %44 %53 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %54 = and i32 %42, 65535 %55 = or i32 %52, %54 %56 = and i32 %32, 255 %57 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %46, i64 0, i32 32 %58 = load i16, i16* %57, align 8 %59 = zext i16 %58 to i32 %60 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.trace_buffer* %24, i64 %25) #78 ------------- Good: 1724 Bad: 2 Ignored: 2021 Check Use of Function:hugetlbfs_create Check Use of Function:anon_inode_getfd Use: =BAD PATH= Call Stack: 0 pidfd_create 1 __se_sys_pidfd_open 2 __ia32_sys_pidfd_open ------------- Path:  Function:__ia32_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %4, i64 %7) #78 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -2049 %6 = icmp ne i32 %5, 0 %7 = icmp slt i32 %3, 1 %8 = or i1 %7, %6 br i1 %8, label %34, label %9 %10 = tail call %struct.pid* @find_get_pid(i32 %3) #78 %11 = icmp eq %struct.pid* %10, null br i1 %11, label %34, label %12 %13 = tail call i32 @pidfd_create(%struct.pid* nonnull %10, i32 %4) #78 Function:pidfd_create %3 = icmp eq %struct.pid* %0, null br i1 %3, label %43, label %4 %5 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 3, i64 1, i32 0 %6 = load volatile %struct.hlist_node*, %struct.hlist_node** %5, align 8 %7 = icmp ne %struct.hlist_node* %6, null %8 = and i32 %1, -526339 %9 = icmp eq i32 %8, 0 %10 = and i1 %9, %7 br i1 %10, label %11, label %43 %12 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 0 %13 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 0, i32 0, i32 0 %14 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 1, i32* %13) #6, !srcloc !4 %15 = icmp eq i32 %14, 0 br i1 %15, label %20, label %16, !prof !5, !misexpect !6 %17 = add i32 %14, 1 %18 = or i32 %17, %14 %19 = icmp sgt i32 %18, -1 br i1 %19, label %22, label %20, !prof !7, !misexpect !6 %21 = phi i32 [ 2, %11 ], [ 1, %16 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %12, i32 %21) #78 br label %22 %23 = bitcast %struct.pid* %0 to i8* %24 = or i32 %1, 524290 %25 = tail call i32 @anon_inode_getfd(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.5975, i64 0, i64 0), %struct.file_operations* nonnull @pidfd_fops, i8* nonnull %23, i32 %24) #78 ------------- Use: =BAD PATH= Call Stack: 0 pidfd_create 1 __se_sys_pidfd_open 2 __x64_sys_pidfd_open ------------- Path:  Function:__x64_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %3, i64 %5) #78 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = and i32 %4, -2049 %6 = icmp ne i32 %5, 0 %7 = icmp slt i32 %3, 1 %8 = or i1 %7, %6 br i1 %8, label %34, label %9 %10 = tail call %struct.pid* @find_get_pid(i32 %3) #78 %11 = icmp eq %struct.pid* %10, null br i1 %11, label %34, label %12 %13 = tail call i32 @pidfd_create(%struct.pid* nonnull %10, i32 %4) #78 Function:pidfd_create %3 = icmp eq %struct.pid* %0, null br i1 %3, label %43, label %4 %5 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 3, i64 1, i32 0 %6 = load volatile %struct.hlist_node*, %struct.hlist_node** %5, align 8 %7 = icmp ne %struct.hlist_node* %6, null %8 = and i32 %1, -526339 %9 = icmp eq i32 %8, 0 %10 = and i1 %9, %7 br i1 %10, label %11, label %43 %12 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 0 %13 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 0, i32 0, i32 0 %14 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %13, i32 1, i32* %13) #6, !srcloc !4 %15 = icmp eq i32 %14, 0 br i1 %15, label %20, label %16, !prof !5, !misexpect !6 %17 = add i32 %14, 1 %18 = or i32 %17, %14 %19 = icmp sgt i32 %18, -1 br i1 %19, label %22, label %20, !prof !7, !misexpect !6 %21 = phi i32 [ 2, %11 ], [ 1, %16 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %12, i32 %21) #78 br label %22 %23 = bitcast %struct.pid* %0 to i8* %24 = or i32 %1, 524290 %25 = tail call i32 @anon_inode_getfd(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.5975, i64 0, i64 0), %struct.file_operations* nonnull @pidfd_fops, i8* nonnull %23, i32 %24) #78 ------------- Good: 6 Bad: 2 Ignored: 0 Check Use of Function:security_task_setscheduler Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __se_compat_sys_sched_setaffinity 2 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_setaffinity(i64 %4, i64 %7, i64 %10) #78 Function:__se_compat_sys_sched_setaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = inttoptr i64 %2 to i32* %8 = bitcast [1 x %struct.cpumask]* %4 to i8* %9 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %9, align 8 %10 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %11 = icmp ult i32 %6, 8 br i1 %11, label %12, label %16 store i64 0, i64* %9, align 8 %13 = shl i64 %1, 3 %14 = and i64 %13, 4294967288 %15 = add nuw nsw i64 %14, 31 br label %16 %17 = phi i64 [ %15, %12 ], [ 95, %3 ] %18 = lshr i64 %17, 3 %19 = and i64 %18, 2305843009213693948 %20 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %21 = add i64 %19, %2 %22 = icmp ult i64 %21, %19 %23 = icmp ugt i64 %21, %20 %24 = or i1 %22, %23 br i1 %24, label %59, label %25, !prof !5, !misexpect !6 %26 = lshr i64 %17, 5 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br label %27 %28 = phi i64* [ %9, %25 ], [ %45, %39 ] %29 = phi i32* [ %7, %25 ], [ %40, %39 ] %30 = phi i64 [ %26, %25 ], [ %46, %39 ] %31 = icmp ugt i64 %30, 1 br i1 %31, label %32, label %47 %48 = icmp eq i64 %30, 0 br i1 %48, label %55, label %49 %50 = bitcast i32* %29 to %struct.__large_struct* %51 = callbr i32 asm "\0A1:\09movl $1,$0\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long 3 \0A .popsection\0A", "=r,*m,X,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %50, i8* blockaddress(@__se_compat_sys_sched_setaffinity, %54)) #4 to label %52 [label %54], !srcloc !11 %53 = zext i32 %51 to i64 store i64 %53, i64* %28, align 8 br label %55 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %56 = call i64 @sched_setaffinity(i32 %5, %struct.cpumask* nonnull %10) #78 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !7 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !8, !misexpect !9 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !10, !misexpect !9 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #78 br label %24 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 85 %33 = load %struct.cred*, %struct.cred** %32, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 84 %35 = load volatile %struct.cred*, %struct.cred** %34, align 8 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %50, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %51 %52 = tail call i32 @security_task_setscheduler(%struct.task_struct* nonnull %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 %14 = icmp ult i32 %11, 8 store i64 0, i64* %13, align 8 %15 = select i1 %14, i64 %7, i64 8 %16 = inttoptr i64 %10 to i8* %17 = call i64 @_copy_from_user(i8* nonnull %12, i8* %16, i64 %15) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %25 %20 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %21 = trunc i64 %4 to i32 %22 = call i64 @sched_setaffinity(i32 %21, %struct.cpumask* nonnull %20) #78 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !7 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !8, !misexpect !9 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !10, !misexpect !9 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #78 br label %24 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 85 %33 = load %struct.cred*, %struct.cred** %32, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 84 %35 = load volatile %struct.cred*, %struct.cred** %34, align 8 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %50, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %51 %52 = tail call i32 @security_task_setscheduler(%struct.task_struct* nonnull %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %13, align 8 %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %15 = icmp ult i32 %11, 8 br i1 %15, label %16, label %18 store i64 0, i64* %13, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %16 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #78 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %14) #78 Function:sched_setaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 3 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 0, i32 0, i32 0 %16 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 1, i32* %15) #6, !srcloc !7 %17 = icmp eq i32 %16, 0 br i1 %17, label %22, label %18, !prof !8, !misexpect !9 %19 = add i32 %16, 1 %20 = or i32 %19, %16 %21 = icmp sgt i32 %20, -1 br i1 %21, label %24, label %22, !prof !10, !misexpect !9 %23 = phi i32 [ 2, %13 ], [ 1, %18 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %14, i32 %23) #78 br label %24 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 4 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 67108864 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %56 %30 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %31 = inttoptr i64 %30 to %struct.task_struct* %32 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %31, i64 0, i32 85 %33 = load %struct.cred*, %struct.cred** %32, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 84 %35 = load volatile %struct.cred*, %struct.cred** %34, align 8 %36 = getelementptr inbounds %struct.cred, %struct.cred* %33, i64 0, i32 5, i32 0 %37 = load i32, i32* %36, align 4 %38 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %37, %39 br i1 %40, label %50, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %51 %52 = tail call i32 @security_task_setscheduler(%struct.task_struct* nonnull %10) #78 ------------- Good: 3 Bad: 3 Ignored: 1 Check Use of Function:acpi_exception Check Use of Function:cfg80211_del_sta_sinfo Check Use of Function:tcf_chain_tp_delete_empty Check Use of Function:ext4_orphan_add Check Use of Function:nla_strscpy Check Use of Function:acpi_cppc_processor_exit Check Use of Function:__tcf_block_put Check Use of Function:drm_modeset_lock_all_ctx Check Use of Function:acpi_initialize_objects Check Use of Function:tcf_proto_lookup_ops Check Use of Function:io_put_sq_data Check Use of Function:tcf_fill_node Check Use of Function:__tcf_chain_get Check Use of Function:hpet_ioctl Check Use of Function:rdev_add_virtual_intf Check Use of Function:ieee80211_color_change_finalize Check Use of Function:drm_atomic_state_alloc Check Use of Function:ext4_xattr_security_get Check Use of Function:fs_context_for_mount Check Use of Function:cfg80211_radar_event Check Use of Function:copy_net_ns Check Use of Function:sockfs_xattr_get Check Use of Function:ext4_xattr_user_get Check Use of Function:ieee80211_txq_remove_vlan Check Use of Function:kernfs_fop_read_iter Check Use of Function:security_inode_getsecurity Check Use of Function:__ext4_mark_inode_dirty Check Use of Function:__dquot_free_space Check Use of Function:security_inode_getxattr Check Use of Function:ieee80211_alloc_led_names Check Use of Function:__vfs_setxattr_noperm Check Use of Function:security_inode_setxattr Check Use of Function:drv_channel_switch Check Use of Function:rfkill_set_block Check Use of Function:ieee80211_led_exit Check Use of Function:acpi_update_all_gpes Check Use of Function:_dev_warn Use: =BAD PATH= Call Stack: 0 pcmcia_replace_cis 1 pccard_store_cis ------------- Path:  Function:pccard_store_cis %7 = tail call i32 @security_locked_down(i32 10) #78 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -9, i32 1, i32 1 %13 = bitcast %struct.list_head** %12 to %struct.pcmcia_socket.661782* %14 = icmp ne i64 %4, 0 %15 = icmp ugt i64 %5, 511 %16 = or i1 %14, %15 br i1 %16, label %26, label %17 %18 = getelementptr inbounds %struct.pcmcia_socket.661782, %struct.pcmcia_socket.661782* %13, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 8 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %23 = tail call i32 @pcmcia_replace_cis(%struct.pcmcia_socket.661782* %13, i8* %3, i64 %5) #79 Function:pcmcia_replace_cis %4 = icmp ugt i64 %2, 512 br i1 %4, label %5, label %7 %6 = getelementptr inbounds %struct.pcmcia_socket.661782, %struct.pcmcia_socket.661782* %0, i64 0, i32 42 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %6, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.1.53344, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 stable_pages_required_show ------------- Path:  Function:stable_pages_required_show %4 = load i1, i1* @stable_pages_required_show.__print_once, align 1 br i1 %4, label %6, label %5 store i1 true, i1* @stable_pages_required_show.__print_once, align 1 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %0, i8* getelementptr inbounds ([102 x i8], [102 x i8]* @.str.8.13686, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 reset_method_store ------------- Path:  Function:reset_method_store %5 = alloca i8*, align 8 %6 = alloca [7 x i8], align 1 %7 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %8 = bitcast %struct.irq_domain** %7 to %struct.pci_dev.318968* %9 = bitcast i8** %5 to i8* store i8* null, i8** %5, align 8 %10 = getelementptr inbounds [7 x i8], [7 x i8]* %6, i64 0, i64 0 %11 = tail call zeroext i1 @sysfs_streq(i8* %2, i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.14.29396, i64 0, i64 0)) #78 br i1 %11, label %12, label %17 %13 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 253 %14 = bitcast %struct.irq_domain** %13 to i8* store i8 0, i8* %14, align 8 %15 = getelementptr inbounds %struct.irq_domain*, %struct.irq_domain** %7, i64 25 %16 = bitcast %struct.irq_domain** %15 to %struct.device* tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %16, i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.81.29397, i64 0, i64 0)) #79 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_read 2 vpd_read ------------- Path:  Function:vpd_read %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.323246* %9 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_read(%struct.pci_dev.323246* %8, i64 %4, i64 %5, i8* %3) #78 Function:pci_vpd_read %5 = alloca i32, align 4 %6 = add i64 %2, %1 %7 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.323246* %0) #78 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.323246* %0, i64 %18, i64 1, i8* nonnull %11) #78 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.323235*, %struct.pci_bus.323235** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.323246* bitcast (%struct.pci_dev.318968* (%struct.pci_bus.318970*, i32)* @pci_get_slot to %struct.pci_dev.323246* (%struct.pci_bus.323235*, i32)*)(%struct.pci_bus.323235* %47, i32 %49) #78 %51 = icmp eq %struct.pci_dev.323246* %50, null br i1 %51, label %59, label %52 %60 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %60, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.29724, i64 0, i64 0), i64 %42) #79 ------------- Use: =BAD PATH= Call Stack: 0 pci_vpd_available 1 pci_vpd_write 2 vpd_write ------------- Path:  Function:vpd_write %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.323246* %9 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %8, i64 0, i32 52 %10 = load i16, i16* %9, align 2 %11 = and i16 %10, 256 %12 = icmp eq i16 %11, 0 br i1 %12, label %24, label %13 %25 = tail call fastcc i64 @pci_vpd_write(%struct.pci_dev.323246* %8, i64 %4, i64 %5, i8* %3) #78 Function:pci_vpd_write %5 = add i64 %2, %1 %6 = tail call fastcc zeroext i1 @pci_vpd_available(%struct.pci_dev.323246* %0) #78 Function:pci_vpd_available %2 = alloca [3 x i8], align 1 %3 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 2 %4 = load i8, i8* %3, align 4 %5 = icmp eq i8 %4, 0 br i1 %5, label %107, label %6 %7 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 62, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %107 %11 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 0 store i32 32768, i32* %7, align 8 %12 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 52 %13 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 1 %14 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 6 %15 = getelementptr inbounds [3 x i8], [3 x i8]* %2, i64 0, i64 1 %16 = bitcast i8* %15 to i16* br label %17 %18 = phi i64 [ 0, %10 ], [ %80, %79 ] %19 = load i16, i16* %12, align 2 %20 = and i16 %19, 256 %21 = icmp eq i16 %20, 0 br i1 %21, label %30, label %22 %31 = call fastcc i64 @pci_vpd_read(%struct.pci_dev.323246* %0, i64 %18, i64 1, i8* nonnull %11) #78 br label %32 %33 = phi i64 [ %29, %28 ], [ %31, %30 ] %34 = icmp eq i64 %33, 1 br i1 %34, label %35, label %102 %36 = icmp eq i64 %18, 0 %37 = load i8, i8* %11, align 1 br i1 %36, label %38, label %39 %40 = icmp sgt i8 %37, -1 br i1 %40, label %69, label %41 %42 = add i64 %18, 1 %43 = load i16, i16* %12, align 2 %44 = and i16 %43, 256 %45 = icmp eq i16 %44, 0 br i1 %45, label %54, label %46 %47 = load %struct.pci_bus.323235*, %struct.pci_bus.323235** %13, align 8 %48 = load i32, i32* %14, align 8 %49 = and i32 %48, 248 %50 = tail call %struct.pci_dev.323246* bitcast (%struct.pci_dev.318968* (%struct.pci_bus.318970*, i32)* @pci_get_slot to %struct.pci_dev.323246* (%struct.pci_bus.323235*, i32)*)(%struct.pci_bus.323235* %47, i32 %49) #78 %51 = icmp eq %struct.pci_dev.323246* %50, null br i1 %51, label %59, label %52 %60 = getelementptr inbounds %struct.pci_dev.323246, %struct.pci_dev.323246* %0, i64 0, i32 46 tail call void (%struct.device*, i8*, ...) @_dev_warn(%struct.device* %60, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.3.29724, i64 0, i64 0), i64 %42) #79 ------------- Good: 1370 Bad: 5 Ignored: 1152 Check Use of Function:__netlink_dump_start Check Use of Function:posix_acl_xattr_get Check Use of Function:igmp6_late_cleanup Check Use of Function:i915_gem_driver_remove Check Use of Function:wiphy_unregister Check Use of Function:_dev_alert Check Use of Function:rate_control_deinitialize Check Use of Function:cancel_work_sync Use: =BAD PATH= Call Stack: 0 __pm_runtime_barrier 1 pm_runtime_barrier 2 pci_config_pm_runtime_get 3 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -4, i32 6 %8 = bitcast %struct.qspinlock* %7 to %struct.pci_dev.318968* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %7, i64 232, i32 0, i32 0, i32 0 %16 = load i32, i32* %15, align 8 %17 = sext i32 %16 to i64 %18 = icmp slt i64 %17, %4 br i1 %18, label %122, label %19 %20 = add i64 %5, %4 %21 = icmp ugt i64 %20, %17 %22 = trunc i64 %4 to i32 %23 = sub i32 %16, %22 %24 = zext i32 %23 to i64 %25 = select i1 %21, i32 %23, i32 %9 %26 = select i1 %21, i64 %24, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.318968* %8) #78 Function:pci_config_pm_runtime_get %2 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46 %3 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = icmp eq %struct.device* %4, null br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !4 %10 = tail call i32 @pm_runtime_barrier(%struct.device* %2) #78 Function:pm_runtime_barrier %2 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #78 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, 16 %8 = icmp eq i16 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ 1, %13 ], [ 0, %9 ], [ 0, %1 ] tail call fastcc void @__pm_runtime_barrier(%struct.device* %0) #79 Function:__pm_runtime_barrier %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %9, label %6 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %11 = load i16, i16* %10, align 8 %12 = and i16 %11, 16 %13 = icmp eq i16 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %15, align 8 %16 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = bitcast %struct.spinlock* %16 to i8* store volatile i8 0, i8* %17, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 10 %19 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %18) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pm_runtime_barrier 1 pm_runtime_barrier 2 pci_config_pm_runtime_get 3 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* @PDE_DATA(%struct.inode* %6) #78 %8 = bitcast i8* %7 to %struct.pci_dev.327444* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 928 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = icmp sgt i32 %13, %10 br i1 %19, label %20, label %124 %21 = sext i32 %13 to i64 %22 = icmp ugt i64 %21, %2 %23 = select i1 %22, i64 %2, i64 %21 %24 = shl i64 %9, 32 %25 = ashr exact i64 %24, 32 %26 = add i64 %23, %25 %27 = icmp ugt i64 %26, %21 %28 = sub i32 %13, %10 %29 = sext i32 %28 to i64 %30 = select i1 %27, i64 %29, i64 %23 %31 = trunc i64 %30 to i32 %32 = shl i64 %30, 32 %33 = ashr exact i64 %32, 32 %34 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %35 = ptrtoint i8* %1 to i64 %36 = add i64 %33, %35 %37 = icmp ult i64 %36, %33 %38 = icmp ugt i64 %36, %34 %39 = or i1 %37, %38 br i1 %39, label %124, label %40, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.pci_dev.318968*)* @pci_config_pm_runtime_get to void (%struct.pci_dev.327444*)*)(%struct.pci_dev.327444* %8) #78 Function:pci_config_pm_runtime_get %2 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46 %3 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46, i32 1 %4 = load %struct.device*, %struct.device** %3, align 8 %5 = icmp eq %struct.device* %4, null br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.pci_dev.318968, %struct.pci_dev.318968* %0, i64 0, i32 46, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !4 %10 = tail call i32 @pm_runtime_barrier(%struct.device* %2) #78 Function:pm_runtime_barrier %2 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %2, i32* %2) #6, !srcloc !4 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #78 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %6 = load i16, i16* %5, align 8 %7 = and i16 %6, 16 %8 = icmp eq i16 %7, 0 br i1 %8, label %15, label %9 %16 = phi i32 [ 1, %13 ], [ 0, %9 ], [ 0, %1 ] tail call fastcc void @__pm_runtime_barrier(%struct.device* %0) #79 Function:__pm_runtime_barrier %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 9 %4 = load i64, i64* %3, align 8 %5 = icmp eq i64 %4, 0 br i1 %5, label %9, label %6 %10 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 15 %11 = load i16, i16* %10, align 8 %12 = and i16 %11, 16 %13 = icmp eq i16 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 17 store i32 0, i32* %15, align 8 %16 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = bitcast %struct.spinlock* %16 to i8* store volatile i8 0, i8* %17, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 11, i32 10 %19 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %18) #78 ------------- Use: =BAD PATH= Call Stack: 0 intel_fbc_reset_underrun 1 i915_fifo_underrun_reset_write ------------- Path:  Function:i915_fifo_underrun_reset_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_i915_private.438758** %8 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %7, align 8 store i8 0, i8* %5, align 1 %9 = call i32 @kstrtobool_from_user(i8* %1, i64 %2, i8* nonnull %5) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i8, i8* %5, align 1, !range !4 %15 = icmp eq i8 %14, 0 br i1 %15, label %77, label %16 %17 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %8, i64 0, i32 0, i32 30, i32 20 %18 = bitcast %struct.list_head* %17 to i8** %19 = load i8*, i8** %18, align 8 %20 = bitcast i8* %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %72, label %22 %23 = icmp eq %struct.drm_i915_private.438758* %8, null %24 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %8, i64 0, i32 0, i32 2 br label %25 %26 = phi i8* [ %19, %22 ], [ %69, %67 ] %27 = getelementptr i8, i8* %26, i64 -16 %28 = bitcast i8* %27 to %struct.intel_crtc.438595* %29 = getelementptr i8, i8* %26, i64 24 %30 = bitcast i8* %29 to %struct.drm_modeset_lock* %31 = call i32 @drm_modeset_lock_single_interruptible(%struct.drm_modeset_lock* %30) #78 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = getelementptr i8, i8* %26, i64 824 %37 = bitcast i8* %36 to %struct.intel_crtc_state.438591** %38 = load %struct.intel_crtc_state.438591*, %struct.intel_crtc_state.438591** %37, align 8 %39 = getelementptr inbounds %struct.intel_crtc_state.438591, %struct.intel_crtc_state.438591* %38, i64 0, i32 0, i32 19 %40 = load %struct.drm_crtc_commit.382328*, %struct.drm_crtc_commit.382328** %39, align 8 %41 = icmp eq %struct.drm_crtc_commit.382328* %40, null br i1 %41, label %50, label %42 %51 = getelementptr inbounds %struct.intel_crtc_state.438591, %struct.intel_crtc_state.438591* %38, i64 0, i32 1, i32 0 %52 = load i8, i8* %51, align 8, !range !4 %53 = icmp eq i8 %52, 0 br i1 %53, label %67, label %54 call void @drm_modeset_unlock(%struct.drm_modeset_lock* %30) #78 %68 = bitcast i8* %26 to i8** %69 = load i8*, i8** %68, align 8 %70 = bitcast i8* %69 to %struct.list_head* %71 = icmp eq %struct.list_head* %17, %70 br i1 %71, label %72, label %25 %73 = call i32 bitcast (i32 (%struct.drm_i915_private.429396*)* @intel_fbc_reset_underrun to i32 (%struct.drm_i915_private.438758*)*)(%struct.drm_i915_private.438758* %8) #78 Function:intel_fbc_reset_underrun %2 = getelementptr inbounds %struct.drm_i915_private.429396, %struct.drm_i915_private.429396* %0, i64 0, i32 32, i32 12 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_buffer_cancel_work 1 tty_port_put 2 con_cleanup ------------- Path:  Function:con_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %3 = bitcast i8** %2 to %struct.vc_data.366878** %4 = load %struct.vc_data.366878*, %struct.vc_data.366878** %3, align 8 %5 = getelementptr inbounds %struct.vc_data.366878, %struct.vc_data.366878* %4, i64 0, i32 0 tail call void bitcast (void (%struct.tty_port.361680*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %5) #78 Function:tty_port_put %2 = icmp eq %struct.tty_port.361680* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.361680* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.361677** %20 = load %struct.tty_struct.361677*, %struct.tty_struct.361677** %19, align 8 %21 = icmp eq %struct.tty_struct.361677* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #78 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.361264*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.361680*)*)(%struct.tty_port.361680* %17) #78 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.361264, %struct.tty_port.361264* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_buffer_cancel_work 1 tty_port_put 2 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.361680*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #78 Function:tty_port_put %2 = icmp eq %struct.tty_port.361680* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.361680* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.361677** %20 = load %struct.tty_struct.361677*, %struct.tty_struct.361677** %19, align 8 %21 = icmp eq %struct.tty_struct.361677* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #78 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.361264*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.361680*)*)(%struct.tty_port.361680* %17) #78 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.361264, %struct.tty_port.361264* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_buffer_cancel_work 1 tty_port_put 2 pty_cleanup ------------- Path:  Function:pty_cleanup %2 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 37 %3 = load %struct.tty_port*, %struct.tty_port** %2, align 8 tail call void bitcast (void (%struct.tty_port.361680*)* @tty_port_put to void (%struct.tty_port*)*)(%struct.tty_port* %3) #78 Function:tty_port_put %2 = icmp eq %struct.tty_port.361680* %0, null br i1 %2, label %42, label %3 %4 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 19 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -85 %16 = bitcast %struct.qspinlock* %15 to i8* %17 = bitcast %struct.qspinlock* %15 to %struct.tty_port.361680* %18 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -49 %19 = bitcast %struct.qspinlock* %18 to %struct.tty_struct.361677** %20 = load %struct.tty_struct.361677*, %struct.tty_struct.361677** %19, align 8 %21 = icmp eq %struct.tty_struct.361677* %20, null br i1 %21, label %23, label %22, !prof !5, !misexpect !6 %24 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -5 %25 = bitcast %struct.qspinlock* %24 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %30, label %28 %29 = ptrtoint i8* %26 to i64 tail call void @free_pages(i64 %29, i32 0) #78 br label %30 %31 = tail call zeroext i1 bitcast (i1 (%struct.tty_port.361264*)* @tty_buffer_cancel_work to i1 (%struct.tty_port.361680*)*)(%struct.tty_port.361680* %17) #78 Function:tty_buffer_cancel_work %2 = getelementptr inbounds %struct.tty_port.361264, %struct.tty_port.361264* %0, i64 0, i32 0, i32 1 %3 = tail call zeroext i1 @cancel_work_sync(%struct.work_struct* %2) #78 ------------- Good: 142 Bad: 6 Ignored: 110 Check Use of Function:xt_compat_init_offsets Check Use of Function:ieee80211_bss_info_change_notify Check Use of Function:ext4_es_find_extent_range Check Use of Function:cancel_delayed_work_sync Use: =BAD PATH= Call Stack: 0 rpc_destroy_wait_queue 1 nfs4_free_client ------------- Path:  Function:nfs4_free_client %2 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 3 %3 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 3) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %7, label %6 tail call void bitcast (void (%struct.nfs_client.238973*)* @nfs4_kill_renewd to void (%struct.nfs_client.247351*)*)(%struct.nfs_client.247351* %0) #78 br label %7 %8 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 31 %9 = load %struct.nfs4_minor_version_ops.247360*, %struct.nfs4_minor_version_ops.247360** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_minor_version_ops.247360, %struct.nfs4_minor_version_ops.247360* %9, i64 0, i32 3 %11 = bitcast {}** %10 to void (%struct.nfs_client.247351*)** %12 = load void (%struct.nfs_client.247351*)*, void (%struct.nfs_client.247351*)** %11, align 8 tail call void %12(%struct.nfs_client.247351* %0) #78 %13 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 1) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %22, label %16 %17 = load %struct.nfs4_minor_version_ops.247360*, %struct.nfs4_minor_version_ops.247360** %8, align 8 %18 = getelementptr inbounds %struct.nfs4_minor_version_ops.247360, %struct.nfs4_minor_version_ops.247360* %17, i64 0, i32 0 %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 43 %21 = load %struct.net*, %struct.net** %20, align 8 tail call void @nfs_callback_down(i32 %19, %struct.net* %21) #78 br label %22 %23 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 2) #6, !srcloc !4 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %27, label %26 %28 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 27 tail call void @rpc_destroy_wait_queue(%struct.rpc_wait_queue* %28) #78 Function:rpc_destroy_wait_queue %2 = getelementptr inbounds %struct.rpc_wait_queue, %struct.rpc_wait_queue* %0, i64 0, i32 6, i32 2 %3 = tail call zeroext i1 @cancel_delayed_work_sync(%struct.delayed_work* %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_kill_renewd 1 nfs4_free_client ------------- Path:  Function:nfs4_free_client %2 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 3 %3 = tail call i8 asm sideeffect " btrq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 3) #6, !srcloc !4 %4 = and i8 %3, 1 %5 = icmp eq i8 %4, 0 br i1 %5, label %7, label %6 tail call void bitcast (void (%struct.nfs_client.238973*)* @nfs4_kill_renewd to void (%struct.nfs_client.247351*)*)(%struct.nfs_client.247351* %0) #78 Function:nfs4_kill_renewd %2 = getelementptr inbounds %struct.nfs_client.238973, %struct.nfs_client.238973* %0, i64 0, i32 26 %3 = tail call zeroext i1 bitcast (i1 (%struct.delayed_work*)* @cancel_delayed_work_sync to i1 (%struct.delayed_work.117245*)*)(%struct.delayed_work.117245* %2) #78 ------------- Good: 109 Bad: 2 Ignored: 71 Check Use of Function:rdev_del_virtual_intf Check Use of Function:hpet_compat_ioctl Check Use of Function:nl80211_send_iface Check Use of Function:vt_do_kbkeycode_ioctl Check Use of Function:cfg80211_register_wdev Check Use of Function:fc_drop_locked Check Use of Function:netlink_unicast Check Use of Function:put_fs_context Use: =BAD PATH= Call Stack: 0 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.158414*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #78 ------------- Good: 19 Bad: 1 Ignored: 2 Check Use of Function:fl_release Check Use of Function:cfg80211_iftype_allowed Check Use of Function:regulatory_propagate_dfs_state Check Use of Function:e1000_free_desc_rings Check Use of Function:dma_free_attrs Check Use of Function:vfs_truncate Check Use of Function:ext4_es_remove_extent Check Use of Function:drv_remove_interface Check Use of Function:cpufreq_register_notifier Check Use of Function:ieee80211_stop_device Check Use of Function:ieee80211_roc_purge Check Use of Function:cfg80211_sched_scan_stopped_locked Check Use of Function:ieee80211_offchannel_return Check Use of Function:napi_enable Check Use of Function:ieee80211_del_virtual_monitor Check Use of Function:cgroup_leave_frozen Check Use of Function:nl80211_parse_mon_options Check Use of Function:ieee80211_sta_tear_down_BA_sessions Check Use of Function:ieee80211_request_sched_scan_stop Check Use of Function:ieee80211_add_virtual_monitor Check Use of Function:flush_workqueue Use: =BAD PATH= Call Stack: 0 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %28, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -952 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %18 = bitcast i8* %12 to i8** %19 = load i8*, i8** %18, align 8 %20 = icmp eq i8* %19, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %20, label %28, label %11 %29 = phi %struct.mddev* [ null, %21 ], [ %25, %24 ], [ null, %2 ], [ null, %17 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %30 = icmp eq %struct.mddev* %29, null br i1 %30, label %140, label %31 %32 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 11 %33 = load %struct.gendisk.296190*, %struct.gendisk.296190** %32, align 8 %34 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 16 %35 = load %struct.gendisk.296190*, %struct.gendisk.296190** %34, align 8 %36 = icmp eq %struct.gendisk.296190* %33, %35 br i1 %36, label %82, label %37 %38 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 61 %39 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %38, %struct.spinlock* nonnull @all_mddevs_lock) #78 %40 = icmp eq i32 %39, 0 br i1 %40, label %75, label %41 %76 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 75, i32 0, i32 0 %77 = load volatile i64, i64* %76, align 8 %78 = and i64 %77, 1 %79 = icmp eq i64 %78, 0 br i1 %79, label %140, label %80 %81 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %81) #78 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl 1 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.296192* %0, i32 %1, i32 %2, i64 %8) #78 Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.uid_gid_extent, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1050 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 16 %29 = load %struct.gendisk.296190*, %struct.gendisk.296190** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %378 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %331 i32 2344, label %331 i32 2338, label %348 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %332 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %333 %334 = phi %struct.list_head* [ %332, %331 ], [ %336, %338 ] %335 = getelementptr %struct.list_head, %struct.list_head* %334, i64 0, i32 0 %336 = load volatile %struct.list_head*, %struct.list_head** %335, align 8 %337 = icmp eq %struct.list_head* %336, %332 br i1 %337, label %346, label %338 %339 = getelementptr inbounds %struct.list_head, %struct.list_head* %336, i64 17 %340 = bitcast %struct.list_head* %339 to i64* %341 = load volatile i64, i64* %340, align 8 %342 = and i64 %341, 1 %343 = icmp eq i64 %342, 0 br i1 %343, label %333, label %344 %345 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %345) #78 ------------- Use: =BAD PATH= Call Stack: 0 md_ioctl ------------- Path:  Function:md_ioctl %5 = alloca [32 x i8], align 16 %6 = alloca %struct.gnet_stats_queue, align 4 %7 = alloca %struct.mdu_array_info_s, align 4 %8 = alloca %struct.uid_gid_extent, align 4 %9 = alloca %struct.wait_queue_entry, align 8 %10 = alloca %struct.mdu_array_info_s, align 4 %11 = alloca %struct.gnet_stats_queue, align 4 %12 = alloca %struct.wait_queue_entry, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = inttoptr i64 %3 to i8* switch i32 %2, label %1050 [ i32 -2146694896, label %19 i32 -2146170606, label %27 i32 -2142762735, label %27 i32 2338, label %15 i32 2344, label %15 i32 2345, label %15 i32 2354, label %15 i32 2355, label %15 i32 2356, label %15 i32 2357, label %15 i32 1074006315, label %15 i32 1074530608, label %15 i32 1075054881, label %15 i32 1078462755, label %15 i32 -1879045867, label %15 ] %28 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %0, i64 0, i32 16 %29 = load %struct.gendisk.296190*, %struct.gendisk.296190** %28, align 8 %30 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %29, i64 0, i32 10 %31 = bitcast i8** %30 to %struct.mddev** %32 = load %struct.mddev*, %struct.mddev** %31, align 8 %33 = icmp eq %struct.mddev* %32, null br i1 %33, label %34, label %35 switch i32 %2, label %378 [ i32 -2142762735, label %36 i32 -2146170606, label %177 i32 2345, label %263 i32 -1879045867, label %301 i32 1075054881, label %331 i32 2344, label %331 i32 2338, label %348 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %332 = getelementptr inbounds %struct.mddev, %struct.mddev* %32, i64 0, i32 4 br label %333 %334 = phi %struct.list_head* [ %332, %331 ], [ %336, %338 ] %335 = getelementptr %struct.list_head, %struct.list_head* %334, i64 0, i32 0 %336 = load volatile %struct.list_head*, %struct.list_head** %335, align 8 %337 = icmp eq %struct.list_head* %336, %332 br i1 %337, label %346, label %338 %339 = getelementptr inbounds %struct.list_head, %struct.list_head* %336, i64 17 %340 = bitcast %struct.list_head* %339 to i64* %341 = load volatile i64, i64* %340, align 8 %342 = and i64 %341, 1 %343 = icmp eq i64 %342, 0 br i1 %343, label %333, label %344 %345 = load %struct.workqueue_struct*, %struct.workqueue_struct** @md_rdev_misc_wq, align 8 tail call void @flush_workqueue(%struct.workqueue_struct* %345) #78 ------------- Good: 50 Bad: 3 Ignored: 28 Check Use of Function:ieee80211_stop_queues_by_reason Check Use of Function:timens_on_fork Check Use of Function:vfat_revalidate Check Use of Function:bmap Check Use of Function:ieee80211_hw_config Check Use of Function:ieee80211_flush_queues Check Use of Function:vfs_create Check Use of Function:proc_ns_dir_lookup Check Use of Function:ieee80211_wake_vif_queues Check Use of Function:stream_open Use: =BAD PATH= Call Stack: 0 snd_seq_open ------------- Path:  Function:snd_seq_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 snd_timer_user_open ------------- Path:  Function:snd_timer_user_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_open ------------- Path:  Function:snd_ctl_open %3 = tail call i32 @stream_open(%struct.inode* %0, %struct.file* %1) #78 ------------- Good: 6 Bad: 3 Ignored: 3 Check Use of Function:ieee80211_check_queues Check Use of Function:acpi_lock_hp_context Check Use of Function:ieee80211_set_mon_options Check Use of Function:ieee80211_send_4addr_nullfunc Check Use of Function:__SCT__tp_func_drv_return_void Check Use of Function:ieee80211_check_fast_rx_iface Check Use of Function:ieee80211_sta_get_rates Check Use of Function:tg3_write_indirect_reg32 Check Use of Function:netif_tx_wake_queue Check Use of Function:ieee80211_calculate_rx_timestamp Check Use of Function:__ieee80211_tx_skb_tid_band Check Use of Function:autofs_dir_unlink Check Use of Function:cfg80211_rx_mgmt_khz Check Use of Function:__ieee80211_recalc_txpower Check Use of Function:__ext4_fc_track_create Check Use of Function:drm_vblank_put Check Use of Function:sta_info_destroy_addr Check Use of Function:ieee80211_sta_cap_rx_bw Check Use of Function:__ieee80211_rx_h_amsdu Check Use of Function:tasklet_setup Check Use of Function:cfg80211_rx_unexpected_4addr_frame Check Use of Function:iommu_set_root_entry Check Use of Function:__usecs_to_jiffies Check Use of Function:ieee80211_queue_work Check Use of Function:__netdev_alloc_skb Check Use of Function:sysfs_notify Check Use of Function:ieee80211_release_reorder_frame Check Use of Function:ieee80211_sta_cur_vht_bw Check Use of Function:ieee80211_deliver_skb Check Use of Function:cfg80211_put_bss Check Use of Function:skb_copy_bits Use: =BAD PATH= Call Stack: 0 ip6_multipath_l3_keys 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %103 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %10, i64 0, i32 0, i32 1 store i16 3, i16* %103, align 2 %104 = icmp eq %struct.sk_buff.902664* %2, null br i1 %104, label %141, label %105 %106 = bitcast %struct.flow_keys* %12 to i8* %107 = icmp eq %struct.flow_keys* %3, null br i1 %107, label %108, label %110 %111 = phi %struct.flow_keys* [ %3, %105 ], [ %12, %108 ] %112 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %111, i64 0, i32 0, i32 1 %113 = load i16, i16* %112, align 2 %114 = icmp eq i16 %113, 2 br i1 %114, label %115, label %122 %123 = icmp eq i16 %113, 3 store i16 3, i16* %103, align 2 br i1 %123, label %124, label %139 call fastcc void @ip6_multipath_l3_keys(%struct.sk_buff.902664* nonnull %2, %struct.flow_keys* nonnull %10, %struct.flow_keys* nonnull %111) #78 Function:ip6_multipath_l3_keys %4 = alloca %struct.ipv6hdr, align 4 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 40 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 35 %9 = load i16, i16* %8, align 4 %10 = zext i16 %9 to i64 %11 = getelementptr i8, i8* %7, i64 %10 %12 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %4, i64 0, i32 0 %13 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %14 = getelementptr inbounds i8, i8* %11, i64 6 %15 = load i8, i8* %14, align 2 %16 = icmp eq i8 %15, 58 br i1 %16, label %17, label %80, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 34 %19 = load i16, i16* %18, align 2 %20 = zext i16 %19 to i64 %21 = getelementptr i8, i8* %7, i64 %20 %22 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 41 %23 = bitcast i8** %22 to i64* %24 = load i64, i64* %23, align 8 %25 = ptrtoint i8* %21 to i64 %26 = sub i64 %25, %24 %27 = trunc i64 %26 to i32 %28 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 6 %29 = load i32, i32* %28, align 8 %30 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 7 %31 = load i32, i32* %30, align 4 %32 = sub i32 %29, %31 %33 = sub i32 %32, %27 %34 = icmp slt i32 %33, 8 br i1 %34, label %35, label %40, !prof !4, !misexpect !5 %36 = icmp eq %struct.sk_buff.902664* %0, null br i1 %36, label %80, label %37 %38 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.902664*, i32, i8*, i32)*)(%struct.sk_buff.902664* nonnull %0, i32 %27, i8* nonnull %13, i32 8) #78 %39 = icmp sgt i32 %38, -1 br i1 %39, label %46, label %80 %47 = phi i8* [ %44, %40 ], [ %13, %37 ] %48 = load i8, i8* %47, align 4 %49 = zext i8 %48 to i32 %50 = add nsw i32 %49, -1 %51 = icmp ult i32 %50, 4 br i1 %51, label %52, label %80 %53 = load i8*, i8** %6, align 8 %54 = load i16, i16* %18, align 2 %55 = zext i16 %54 to i64 %56 = getelementptr i8, i8* %53, i64 %55 %57 = load i64, i64* %23, align 8 %58 = ptrtoint i8* %56 to i64 %59 = sub i64 %58, %57 %60 = trunc i64 %59 to i32 %61 = add i32 %60, 8 %62 = load i32, i32* %28, align 8 %63 = load i32, i32* %30, align 4 %64 = sub i32 %62, %63 %65 = sub i32 %64, %61 %66 = icmp slt i32 %65, 40 br i1 %66, label %67, label %72, !prof !4, !misexpect !5 %68 = icmp eq %struct.sk_buff.902664* %0, null br i1 %68, label %80, label %69 %70 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.902664*, i32, i8*, i32)*)(%struct.sk_buff.902664* nonnull %0, i32 %61, i8* nonnull %12, i32 40) #78 ------------- Use: =BAD PATH= Call Stack: 0 ip6_multipath_l3_keys 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %103 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %10, i64 0, i32 0, i32 1 store i16 3, i16* %103, align 2 %104 = icmp eq %struct.sk_buff.902664* %2, null br i1 %104, label %141, label %105 %106 = bitcast %struct.flow_keys* %12 to i8* %107 = icmp eq %struct.flow_keys* %3, null br i1 %107, label %108, label %110 %111 = phi %struct.flow_keys* [ %3, %105 ], [ %12, %108 ] %112 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %111, i64 0, i32 0, i32 1 %113 = load i16, i16* %112, align 2 %114 = icmp eq i16 %113, 2 br i1 %114, label %115, label %122 %123 = icmp eq i16 %113, 3 store i16 3, i16* %103, align 2 br i1 %123, label %124, label %139 call fastcc void @ip6_multipath_l3_keys(%struct.sk_buff.902664* nonnull %2, %struct.flow_keys* nonnull %10, %struct.flow_keys* nonnull %111) #78 Function:ip6_multipath_l3_keys %4 = alloca %struct.ipv6hdr, align 4 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 40 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 35 %9 = load i16, i16* %8, align 4 %10 = zext i16 %9 to i64 %11 = getelementptr i8, i8* %7, i64 %10 %12 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %4, i64 0, i32 0 %13 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %14 = getelementptr inbounds i8, i8* %11, i64 6 %15 = load i8, i8* %14, align 2 %16 = icmp eq i8 %15, 58 br i1 %16, label %17, label %80, !prof !4, !misexpect !5 %18 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 34 %19 = load i16, i16* %18, align 2 %20 = zext i16 %19 to i64 %21 = getelementptr i8, i8* %7, i64 %20 %22 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 41 %23 = bitcast i8** %22 to i64* %24 = load i64, i64* %23, align 8 %25 = ptrtoint i8* %21 to i64 %26 = sub i64 %25, %24 %27 = trunc i64 %26 to i32 %28 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 6 %29 = load i32, i32* %28, align 8 %30 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 7 %31 = load i32, i32* %30, align 4 %32 = sub i32 %29, %31 %33 = sub i32 %32, %27 %34 = icmp slt i32 %33, 8 br i1 %34, label %35, label %40, !prof !4, !misexpect !5 %36 = icmp eq %struct.sk_buff.902664* %0, null br i1 %36, label %80, label %37 %38 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.902664*, i32, i8*, i32)*)(%struct.sk_buff.902664* nonnull %0, i32 %27, i8* nonnull %13, i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 __icmp_send 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %63) #78 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.837070*, %struct.net_device.837070** %78, align 8 %80 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %79, i64 0, i32 109, i32 0 %81 = load %struct.net.836644*, %struct.net.836644** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.836644* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.836958* %0, i32* null) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @rcu_read_unlock_strict() #78 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void @__icmp_send(%struct.sk_buff.836958* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #78 Function:__icmp_send %6 = alloca %struct.inetpeer_addr, align 4 %7 = alloca %struct.flowi4, align 8 %8 = alloca %struct.flowi4, align 8 %9 = alloca %struct.icmp_bxm, align 8 %10 = alloca %struct.rtable.836556*, align 8 %11 = alloca %struct.ipcm_cookie, align 8 %12 = alloca %struct.flowi4, align 8 %13 = alloca i8, align 1 %14 = bitcast %struct.icmp_bxm* %9 to i8* %15 = bitcast %struct.rtable.836556** %10 to i8* %16 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 4, i32 0, i32 0 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, -2 %19 = inttoptr i64 %18 to %struct.rtable.836556* store %struct.rtable.836556* %19, %struct.rtable.836556** %10, align 8 %20 = bitcast %struct.ipcm_cookie* %11 to i8* %21 = bitcast %struct.flowi4* %12 to i8* %22 = icmp eq i64 %18, 0 br i1 %22, label %505, label %23 %24 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %19, i64 0, i32 0, i32 0 %25 = load %struct.net_device.837070*, %struct.net_device.837070** %24, align 8 %26 = icmp eq %struct.net_device.837070* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = icmp eq %struct.net_device.837070* %29, null br i1 %30, label %505, label %31 %32 = phi %struct.net_device.837070* [ %25, %23 ], [ %29, %27 ] %33 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %32, i64 0, i32 109, i32 0 %34 = load %struct.net.836644*, %struct.net.836644** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %36 = load i8*, i8** %35, align 8 %37 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %38 = load i16, i16* %37, align 4 %39 = zext i16 %38 to i64 %40 = getelementptr i8, i8* %36, i64 %39 %41 = icmp ult i8* %40, %36 br i1 %41, label %505, label %42 %43 = getelementptr i8, i8* %40, i64 20 %44 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 38 %45 = load i32, i32* %44, align 8 %46 = zext i32 %45 to i64 %47 = getelementptr i8, i8* %36, i64 %46 %48 = icmp ugt i8* %43, %47 br i1 %48, label %505, label %49 %50 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, 7 %53 = icmp eq i16 %52, 0 br i1 %53, label %54, label %505 %55 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %19, i64 0, i32 2 %56 = load i32, i32* %55, align 4 %57 = and i32 %56, 805306368 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %505 %60 = getelementptr inbounds i8, i8* %40, i64 6 %61 = bitcast i8* %60 to i16* %62 = load i16, i16* %61, align 2 %63 = and i16 %62, -225 %64 = icmp eq i16 %63, 0 br i1 %64, label %65, label %505 %66 = zext i32 %1 to i64 %67 = lshr i64 516353, %66 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 br i1 %69, label %70, label %115 %71 = getelementptr inbounds i8, i8* %40, i64 9 %72 = load i8, i8* %71, align 1 %73 = icmp eq i8 %72, 1 br i1 %73, label %74, label %115 store i8 0, i8* %13, align 1 %75 = load i8, i8* %40, align 4 %76 = shl i8 %75, 2 %77 = and i8 %76, 60 %78 = zext i8 %77 to i64 %79 = getelementptr i8, i8* %40, i64 %78 %80 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %81 = bitcast i8** %80 to i64* %82 = load i64, i64* %81, align 8 %83 = ptrtoint i8* %79 to i64 %84 = sub i64 %83, %82 %85 = trunc i64 %84 to i32 %86 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp slt i32 %91, 1 br i1 %92, label %93, label %98, !prof !4, !misexpect !5 %94 = icmp eq %struct.sk_buff.836958* %0, null br i1 %94, label %113, label %95 %96 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.836958*, i32, i8*, i32)*)(%struct.sk_buff.836958* nonnull %0, i32 %85, i8* nonnull %13, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 eth_type_trans 1 bpf_prog_run_generic_xdp 2 netif_receive_generic_xdp 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 tcp_recvmsg 10 inet6_recvmsg 11 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 %84 = call fastcc i32 @netif_receive_generic_xdp(%struct.sk_buff.763154* %77, %struct.xdp_buff.763021* nonnull %6, %struct.bpf_prog.762827* nonnull %81) #78 Function:netif_receive_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 18 %5 = load i16, i16* %4, align 2 %6 = and i16 %5, 8192 %7 = icmp eq i16 %6, 0 br i1 %7, label %8, label %100 %9 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 12 %10 = load i8, i8* %9, align 2 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %29, label %13 %14 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %15 = load i8*, i8** %14, align 8 %16 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr i8, i8* %15, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %29, label %25 %26 = ptrtoint i8* %15 to i64 %27 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %28 = load i32, i32* %27, align 4 br label %47 %48 = phi i32 [ %31, %33 ], [ %28, %25 ], [ 0, %37 ] %49 = phi i64 [ %36, %33 ], [ %26, %25 ], [ %43, %37 ] %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %51 = bitcast i8** %50 to i64* %52 = load i64, i64* %51, align 8 %53 = sub i64 %52, %49 %54 = trunc i64 %53 to i32 %55 = sub i32 256, %54 %56 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %57 = load i32, i32* %56, align 8 %58 = add i32 %48, %57 %59 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %60 = load i32, i32* %59, align 4 %61 = sub i32 %58, %60 %62 = icmp sgt i32 %55, 0 %63 = sub i32 319, %54 %64 = and i32 %63, -64 %65 = select i1 %62, i32 %64, i32 0 %66 = icmp sgt i32 %61, 0 %67 = add i32 %61, 128 %68 = select i1 %66, i32 %67, i32 0 %69 = tail call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i32, i32)* @pskb_expand_head to i32 (%struct.sk_buff.763154*, i32, i32, i32)*)(%struct.sk_buff.763154* %0, i32 %65, i32 %68, i32 2592) #78 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %98 %72 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %73 = load i32, i32* %72, align 4 %74 = icmp eq i32 %73, 0 br i1 %74, label %78, label %75 %76 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %0, i32 %73) #78 %77 = icmp eq i8* %76, null br i1 %77, label %98, label %78 %79 = tail call i32 @bpf_prog_run_generic_xdp(%struct.sk_buff.763154* %0, %struct.xdp_buff.763021* %1, %struct.bpf_prog.762827* %2) #79 Function:bpf_prog_run_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 36 %10 = load i16, i16* %9, align 2 %11 = zext i16 %10 to i64 %12 = getelementptr i8, i8* %8, i64 %11 %13 = ptrtoint i8* %12 to i64 %14 = sub i64 %6, %13 %15 = trunc i64 %14 to i32 %16 = inttoptr i64 %6 to i8* %17 = bitcast i8** %7 to i64* %18 = ptrtoint i8* %8 to i64 %19 = sub i64 %6, %18 %20 = and i64 %19, 4294967295 %21 = sub nsw i64 0, %20 %22 = getelementptr i8, i8* %16, i64 %21 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = getelementptr i8, i8* %8, i64 %25 %27 = ptrtoint i8* %26 to i64 %28 = ptrtoint i8* %22 to i64 %29 = sub i64 %27, %28 %30 = trunc i64 %29 to i32 %31 = add i32 %30, 320 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %33 = load %struct.net_device.763141*, %struct.net_device.763141** %32, align 8 %34 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %33, i64 0, i32 72 %35 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %34, align 16 %36 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 10 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %55, label %39 %56 = phi %struct.netdev_rx_queue.763090* [ %54, %52 ], [ %35, %3 ], [ %35, %45 ], [ %35, %50 ] %57 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %56, i64 0, i32 0 %58 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 6 store i32 %31, i32* %58, align 8 %59 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 4 store %struct.xdp_rxq_info.763019* %57, %struct.xdp_rxq_info.763019** %59, align 8 %60 = load i64, i64* %5, align 8 %61 = load i64, i64* %17, align 8 %62 = sub i64 %60, %14 %63 = sub i64 %62, %61 %64 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %67 = load i32, i32* %66, align 4 %68 = add i32 %65, %15 %69 = sub i32 %68, %67 %70 = shl i64 %63, 32 %71 = ashr exact i64 %70, 32 %72 = getelementptr i8, i8* %22, i64 %71 %73 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 3 store i8* %22, i8** %73, align 8 %74 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 0 store i8* %72, i8** %74, align 8 %75 = sext i32 %69 to i64 %76 = getelementptr i8, i8* %72, i64 %75 %77 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 1 store i8* %76, i8** %77, align 8 %78 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 2 store i8* %72, i8** %78, align 8 %79 = bitcast i8** %77 to i64* %80 = ptrtoint i8* %76 to i64 %81 = load %struct.net_device.763141*, %struct.net_device.763141** %32, align 8 %82 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %81, i64 0, i32 71 %83 = bitcast i8** %82 to i64** %84 = load i64*, i64** %83, align 8 %85 = bitcast i8* %72 to i64* %86 = load i64, i64* %85, align 8 %87 = load i64, i64* %84, align 8 %88 = xor i64 %87, %86 %89 = and i64 %88, 281474976710655 %90 = icmp eq i64 %89, 0 %91 = and i64 %86, 1 %92 = icmp ne i64 %91, 0 %93 = getelementptr inbounds i8, i8* %72, i64 12 %94 = bitcast i8* %93 to i16* %95 = load i16, i16* %94, align 1 %96 = bitcast %struct.xdp_buff.763021* %1 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_prog_run_generic_xdp, %97)) #6 to label %111 [label %97], !srcloc !8 %112 = getelementptr inbounds %struct.bpf_prog.762827, %struct.bpf_prog.762827* %2, i64 0, i32 13, i64 0 %113 = getelementptr inbounds %struct.bpf_prog.762827, %struct.bpf_prog.762827* %2, i64 0, i32 9 %114 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %113, align 8 %115 = tail call i32 %114(i8* %96, %struct.bpf_insn* %112) #78 br label %116 %117 = phi i32 [ %102, %97 ], [ %115, %111 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_master_redirect_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_prog_run_generic_xdp, %118)) #6 to label %119 [label %118], !srcloc !8 br label %119 %120 = phi i1 [ true, %118 ], [ false, %116 ] %121 = icmp eq i32 %117, 3 %122 = and i1 %121, %120 br i1 %122, label %123, label %138 %139 = phi i32 [ %137, %136 ], [ 3, %131 ], [ %117, %119 ], [ 3, %123 ] %140 = bitcast %struct.xdp_buff.763021* %1 to i64* %141 = load i64, i64* %140, align 8 %142 = ptrtoint i8* %72 to i64 %143 = sub i64 %141, %142 %144 = trunc i64 %143 to i32 %145 = icmp eq i32 %144, 0 br i1 %145, label %176, label %146 %177 = load i64, i64* %79, align 8 %178 = sub i64 %177, %80 %179 = trunc i64 %178 to i32 %180 = icmp eq i32 %179, 0 br i1 %180, label %193, label %181 %194 = bitcast %struct.xdp_buff.763021* %1 to %struct.ethhdr** %195 = load %struct.ethhdr*, %struct.ethhdr** %194, align 8 %196 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %195, i64 0, i32 2 %197 = load i16, i16* %196, align 1 %198 = icmp eq i16 %95, %197 %199 = load %struct.net_device.763141*, %struct.net_device.763141** %32, align 8 br i1 %198, label %200, label %215 %216 = load i8*, i8** %4, align 8 %217 = getelementptr i8, i8* %216, i64 -14 store i8* %217, i8** %4, align 8 %218 = load i32, i32* %64, align 8 %219 = add i32 %218, 14 store i32 %219, i32* %64, align 8 %220 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %221 = load i16, i16* %220, align 8 %222 = and i16 %221, -8 store i16 %222, i16* %220, align 8 %223 = tail call zeroext i16 bitcast (i16 (%struct.sk_buff.780962*, %struct.net_device.780949*)* @eth_type_trans to i16 (%struct.sk_buff.763154*, %struct.net_device.763141*)*)(%struct.sk_buff.763154* %0, %struct.net_device.763141* %199) #78 Function:eth_type_trans %3 = alloca i16, align 2 %4 = bitcast i16* %3 to i8* store i16 0, i16* %3, align 2 %5 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.780949* %1, %struct.net_device.780949** %5, align 8 %6 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 41 %7 = bitcast i8** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 40 %10 = bitcast i8** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = sub i64 %8, %11 %13 = trunc i64 %12 to i16 %14 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 36 store i16 %13, i16* %14, align 2 %15 = inttoptr i64 %8 to %struct.ethhdr* %16 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = icmp ult i32 %17, 14 %19 = inttoptr i64 %8 to i8* br i1 %18, label %28, label %20, !prof !4, !misexpect !5 %29 = phi i32 [ %17, %2 ], [ %21, %26 ] %30 = phi i8* [ %19, %2 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.net_device.780949, %struct.net_device.780949* %1, i64 0, i32 71 %32 = bitcast i8** %31 to i64** %33 = load i64*, i64** %32, align 8 %34 = inttoptr i64 %8 to i64* %35 = load i64, i64* %34, align 8 %36 = load i64, i64* %33, align 8 %37 = xor i64 %36, %35 %38 = and i64 %37, 281474976710655 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %40, !prof !7, !misexpect !5 %41 = and i64 %35, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %57, label %43, !prof !7, !misexpect !5 %44 = getelementptr inbounds %struct.net_device.780949, %struct.net_device.780949* %1, i64 0, i32 83, i64 0 %45 = bitcast i8* %44 to i64* %46 = load i64, i64* %45, align 8 %47 = xor i64 %46, %35 %48 = and i64 %47, 281474976710655 %49 = icmp eq i64 %48, 0 %50 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, -8 br i1 %49, label %53, label %55 %54 = or i16 %52, 1 br label %62 %63 = phi i16* [ %58, %57 ], [ %50, %55 ], [ %50, %53 ] %64 = phi i16 [ %61, %57 ], [ %56, %55 ], [ %54, %53 ] store i16 %64, i16* %63, align 8 br label %65 %66 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %15, i64 0, i32 2 %67 = load i16, i16* %66, align 1 %68 = and i16 %67, 254 %69 = icmp ugt i16 %68, 5 br i1 %69, label %88, label %70, !prof !7, !misexpect !8 %71 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 7 %72 = load i32, i32* %71, align 4 %73 = sub i32 %29, %72 %74 = icmp sgt i32 %73, 1 br i1 %74, label %80, label %75, !prof !7, !misexpect !8 %76 = icmp eq %struct.sk_buff.780962* %0, null br i1 %76, label %87, label %77 %78 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.780962*, i32, i8*, i32)*)(%struct.sk_buff.780962* nonnull %0, i32 0, i8* nonnull %4, i32 2) #78 ------------- Use: =BAD PATH= Call Stack: 0 eth_type_trans 1 bpf_prog_run_generic_xdp 2 netif_receive_generic_xdp 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 %84 = call fastcc i32 @netif_receive_generic_xdp(%struct.sk_buff.763154* %77, %struct.xdp_buff.763021* nonnull %6, %struct.bpf_prog.762827* nonnull %81) #78 Function:netif_receive_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 18 %5 = load i16, i16* %4, align 2 %6 = and i16 %5, 8192 %7 = icmp eq i16 %6, 0 br i1 %7, label %8, label %100 %9 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 12 %10 = load i8, i8* %9, align 2 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %29, label %13 %14 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %15 = load i8*, i8** %14, align 8 %16 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr i8, i8* %15, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %29, label %25 %26 = ptrtoint i8* %15 to i64 %27 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %28 = load i32, i32* %27, align 4 br label %47 %48 = phi i32 [ %31, %33 ], [ %28, %25 ], [ 0, %37 ] %49 = phi i64 [ %36, %33 ], [ %26, %25 ], [ %43, %37 ] %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %51 = bitcast i8** %50 to i64* %52 = load i64, i64* %51, align 8 %53 = sub i64 %52, %49 %54 = trunc i64 %53 to i32 %55 = sub i32 256, %54 %56 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %57 = load i32, i32* %56, align 8 %58 = add i32 %48, %57 %59 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %60 = load i32, i32* %59, align 4 %61 = sub i32 %58, %60 %62 = icmp sgt i32 %55, 0 %63 = sub i32 319, %54 %64 = and i32 %63, -64 %65 = select i1 %62, i32 %64, i32 0 %66 = icmp sgt i32 %61, 0 %67 = add i32 %61, 128 %68 = select i1 %66, i32 %67, i32 0 %69 = tail call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i32, i32)* @pskb_expand_head to i32 (%struct.sk_buff.763154*, i32, i32, i32)*)(%struct.sk_buff.763154* %0, i32 %65, i32 %68, i32 2592) #78 %70 = icmp eq i32 %69, 0 br i1 %70, label %71, label %98 %72 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %73 = load i32, i32* %72, align 4 %74 = icmp eq i32 %73, 0 br i1 %74, label %78, label %75 %76 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %0, i32 %73) #78 %77 = icmp eq i8* %76, null br i1 %77, label %98, label %78 %79 = tail call i32 @bpf_prog_run_generic_xdp(%struct.sk_buff.763154* %0, %struct.xdp_buff.763021* %1, %struct.bpf_prog.762827* %2) #79 Function:bpf_prog_run_generic_xdp %4 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 36 %10 = load i16, i16* %9, align 2 %11 = zext i16 %10 to i64 %12 = getelementptr i8, i8* %8, i64 %11 %13 = ptrtoint i8* %12 to i64 %14 = sub i64 %6, %13 %15 = trunc i64 %14 to i32 %16 = inttoptr i64 %6 to i8* %17 = bitcast i8** %7 to i64* %18 = ptrtoint i8* %8 to i64 %19 = sub i64 %6, %18 %20 = and i64 %19, 4294967295 %21 = sub nsw i64 0, %20 %22 = getelementptr i8, i8* %16, i64 %21 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = getelementptr i8, i8* %8, i64 %25 %27 = ptrtoint i8* %26 to i64 %28 = ptrtoint i8* %22 to i64 %29 = sub i64 %27, %28 %30 = trunc i64 %29 to i32 %31 = add i32 %30, 320 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %33 = load %struct.net_device.763141*, %struct.net_device.763141** %32, align 8 %34 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %33, i64 0, i32 72 %35 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %34, align 16 %36 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 10 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %55, label %39 %56 = phi %struct.netdev_rx_queue.763090* [ %54, %52 ], [ %35, %3 ], [ %35, %45 ], [ %35, %50 ] %57 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %56, i64 0, i32 0 %58 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 6 store i32 %31, i32* %58, align 8 %59 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 4 store %struct.xdp_rxq_info.763019* %57, %struct.xdp_rxq_info.763019** %59, align 8 %60 = load i64, i64* %5, align 8 %61 = load i64, i64* %17, align 8 %62 = sub i64 %60, %14 %63 = sub i64 %62, %61 %64 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %67 = load i32, i32* %66, align 4 %68 = add i32 %65, %15 %69 = sub i32 %68, %67 %70 = shl i64 %63, 32 %71 = ashr exact i64 %70, 32 %72 = getelementptr i8, i8* %22, i64 %71 %73 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 3 store i8* %22, i8** %73, align 8 %74 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 0 store i8* %72, i8** %74, align 8 %75 = sext i32 %69 to i64 %76 = getelementptr i8, i8* %72, i64 %75 %77 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 1 store i8* %76, i8** %77, align 8 %78 = getelementptr inbounds %struct.xdp_buff.763021, %struct.xdp_buff.763021* %1, i64 0, i32 2 store i8* %72, i8** %78, align 8 %79 = bitcast i8** %77 to i64* %80 = ptrtoint i8* %76 to i64 %81 = load %struct.net_device.763141*, %struct.net_device.763141** %32, align 8 %82 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %81, i64 0, i32 71 %83 = bitcast i8** %82 to i64** %84 = load i64*, i64** %83, align 8 %85 = bitcast i8* %72 to i64* %86 = load i64, i64* %85, align 8 %87 = load i64, i64* %84, align 8 %88 = xor i64 %87, %86 %89 = and i64 %88, 281474976710655 %90 = icmp eq i64 %89, 0 %91 = and i64 %86, 1 %92 = icmp ne i64 %91, 0 %93 = getelementptr inbounds i8, i8* %72, i64 12 %94 = bitcast i8* %93 to i16* %95 = load i16, i16* %94, align 1 %96 = bitcast %struct.xdp_buff.763021* %1 to i8* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_stats_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_prog_run_generic_xdp, %97)) #6 to label %111 [label %97], !srcloc !8 %112 = getelementptr inbounds %struct.bpf_prog.762827, %struct.bpf_prog.762827* %2, i64 0, i32 13, i64 0 %113 = getelementptr inbounds %struct.bpf_prog.762827, %struct.bpf_prog.762827* %2, i64 0, i32 9 %114 = load i32 (i8*, %struct.bpf_insn*)*, i32 (i8*, %struct.bpf_insn*)** %113, align 8 %115 = tail call i32 %114(i8* %96, %struct.bpf_insn* %112) #78 br label %116 %117 = phi i32 [ %102, %97 ], [ %115, %111 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @bpf_master_redirect_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@bpf_prog_run_generic_xdp, %118)) #6 to label %119 [label %118], !srcloc !8 br label %119 %120 = phi i1 [ true, %118 ], [ false, %116 ] %121 = icmp eq i32 %117, 3 %122 = and i1 %121, %120 br i1 %122, label %123, label %138 %139 = phi i32 [ %137, %136 ], [ 3, %131 ], [ %117, %119 ], [ 3, %123 ] %140 = bitcast %struct.xdp_buff.763021* %1 to i64* %141 = load i64, i64* %140, align 8 %142 = ptrtoint i8* %72 to i64 %143 = sub i64 %141, %142 %144 = trunc i64 %143 to i32 %145 = icmp eq i32 %144, 0 br i1 %145, label %176, label %146 %177 = load i64, i64* %79, align 8 %178 = sub i64 %177, %80 %179 = trunc i64 %178 to i32 %180 = icmp eq i32 %179, 0 br i1 %180, label %193, label %181 %194 = bitcast %struct.xdp_buff.763021* %1 to %struct.ethhdr** %195 = load %struct.ethhdr*, %struct.ethhdr** %194, align 8 %196 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %195, i64 0, i32 2 %197 = load i16, i16* %196, align 1 %198 = icmp eq i16 %95, %197 %199 = load %struct.net_device.763141*, %struct.net_device.763141** %32, align 8 br i1 %198, label %200, label %215 %216 = load i8*, i8** %4, align 8 %217 = getelementptr i8, i8* %216, i64 -14 store i8* %217, i8** %4, align 8 %218 = load i32, i32* %64, align 8 %219 = add i32 %218, 14 store i32 %219, i32* %64, align 8 %220 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %221 = load i16, i16* %220, align 8 %222 = and i16 %221, -8 store i16 %222, i16* %220, align 8 %223 = tail call zeroext i16 bitcast (i16 (%struct.sk_buff.780962*, %struct.net_device.780949*)* @eth_type_trans to i16 (%struct.sk_buff.763154*, %struct.net_device.763141*)*)(%struct.sk_buff.763154* %0, %struct.net_device.763141* %199) #78 Function:eth_type_trans %3 = alloca i16, align 2 %4 = bitcast i16* %3 to i8* store i16 0, i16* %3, align 2 %5 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.780949* %1, %struct.net_device.780949** %5, align 8 %6 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 41 %7 = bitcast i8** %6 to i64* %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 40 %10 = bitcast i8** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = sub i64 %8, %11 %13 = trunc i64 %12 to i16 %14 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 36 store i16 %13, i16* %14, align 2 %15 = inttoptr i64 %8 to %struct.ethhdr* %16 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = icmp ult i32 %17, 14 %19 = inttoptr i64 %8 to i8* br i1 %18, label %28, label %20, !prof !4, !misexpect !5 %29 = phi i32 [ %17, %2 ], [ %21, %26 ] %30 = phi i8* [ %19, %2 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.net_device.780949, %struct.net_device.780949* %1, i64 0, i32 71 %32 = bitcast i8** %31 to i64** %33 = load i64*, i64** %32, align 8 %34 = inttoptr i64 %8 to i64* %35 = load i64, i64* %34, align 8 %36 = load i64, i64* %33, align 8 %37 = xor i64 %36, %35 %38 = and i64 %37, 281474976710655 %39 = icmp eq i64 %38, 0 br i1 %39, label %65, label %40, !prof !7, !misexpect !5 %41 = and i64 %35, 1 %42 = icmp eq i64 %41, 0 br i1 %42, label %57, label %43, !prof !7, !misexpect !5 %44 = getelementptr inbounds %struct.net_device.780949, %struct.net_device.780949* %1, i64 0, i32 83, i64 0 %45 = bitcast i8* %44 to i64* %46 = load i64, i64* %45, align 8 %47 = xor i64 %46, %35 %48 = and i64 %47, 281474976710655 %49 = icmp eq i64 %48, 0 %50 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, -8 br i1 %49, label %53, label %55 %54 = or i16 %52, 1 br label %62 %63 = phi i16* [ %58, %57 ], [ %50, %55 ], [ %50, %53 ] %64 = phi i16 [ %61, %57 ], [ %56, %55 ], [ %54, %53 ] store i16 %64, i16* %63, align 8 br label %65 %66 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %15, i64 0, i32 2 %67 = load i16, i16* %66, align 1 %68 = and i16 %67, 254 %69 = icmp ugt i16 %68, 5 br i1 %69, label %88, label %70, !prof !7, !misexpect !8 %71 = getelementptr inbounds %struct.sk_buff.780962, %struct.sk_buff.780962* %0, i64 0, i32 7 %72 = load i32, i32* %71, align 4 %73 = sub i32 %29, %72 %74 = icmp sgt i32 %73, 1 br i1 %74, label %80, label %75, !prof !7, !misexpect !8 %76 = icmp eq %struct.sk_buff.780962* %0, null br i1 %76, label %87, label %77 %78 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.780962*, i32, i8*, i32)*)(%struct.sk_buff.780962* nonnull %0, i32 0, i8* nonnull %4, i32 2) #78 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #78 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #78 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #78 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 48 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #78 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #78 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 48 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.763154*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #78 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.763154* %0, %struct.net_device.763141* null) #78 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.763141*, %struct.net_device.763141** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %42 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 34 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, -1 br i1 %44, label %140, label %45 %46 = getelementptr inbounds i8, i8* %32, i64 6 %47 = bitcast i8* %46 to i16* %48 = load i16, i16* %47, align 2 %49 = zext i16 %43 to i64 %50 = getelementptr i8, i8* %29, i64 %49 %51 = load i16, i16* %15, align 2 %52 = zext i16 %51 to i64 %53 = ptrtoint i8* %50 to i64 %54 = sub nsw i64 %49, %52 %55 = trunc i64 %54 to i32 %56 = getelementptr inbounds i8, i8* %32, i64 24 %57 = bitcast i8* %56 to i32* %58 = load i32, i32* %57, align 8 %59 = and i32 %58, 17 %60 = icmp eq i32 %59, 0 br i1 %60, label %93, label %61, !prof !8, !misexpect !9 %62 = bitcast %struct.tcphdr* %3 to i8* %63 = load i64, i64* %8, align 8 %64 = sub i64 %53, %63 %65 = trunc i64 %64 to i32 %66 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %67 = load i32, i32* %66, align 4 %68 = sub i32 %34, %67 %69 = sub i32 %68, %65 %70 = icmp slt i32 %69, 20 br i1 %70, label %71, label %76, !prof !8, !misexpect !9 %72 = icmp eq %struct.sk_buff.763154* %0, null br i1 %72, label %91, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.763154*, i32, i8*, i32)*)(%struct.sk_buff.763154* nonnull %0, i32 %65, i8* nonnull %62, i32 20) #78 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #78 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #78 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #78 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 48 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #78 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #78 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 48 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.763154*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #78 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.763154* %0, %struct.net_device.763141* null) #78 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.763141*, %struct.net_device.763141** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %42 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 34 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, -1 br i1 %44, label %140, label %45 %46 = getelementptr inbounds i8, i8* %32, i64 6 %47 = bitcast i8* %46 to i16* %48 = load i16, i16* %47, align 2 %49 = zext i16 %43 to i64 %50 = getelementptr i8, i8* %29, i64 %49 %51 = load i16, i16* %15, align 2 %52 = zext i16 %51 to i64 %53 = ptrtoint i8* %50 to i64 %54 = sub nsw i64 %49, %52 %55 = trunc i64 %54 to i32 %56 = getelementptr inbounds i8, i8* %32, i64 24 %57 = bitcast i8* %56 to i32* %58 = load i32, i32* %57, align 8 %59 = and i32 %58, 17 %60 = icmp eq i32 %59, 0 br i1 %60, label %93, label %61, !prof !8, !misexpect !9 %94 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %95 = load i64, i64* %8, align 8 %96 = sub i64 %53, %95 %97 = trunc i64 %96 to i32 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %34, %99 %101 = sub i32 %100, %97 %102 = icmp slt i32 %101, 8 br i1 %102, label %108, label %103, !prof !8, !misexpect !9 %109 = icmp eq %struct.sk_buff.763154* %0, null br i1 %109, label %114, label %110 %111 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.763154*, i32, i8*, i32)*)(%struct.sk_buff.763154* nonnull %0, i32 %97, i8* nonnull %94, i32 8) #78 ------------- Use: =BAD PATH= Call Stack: 0 icmp6_send 1 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %94 = icmp eq %struct.sk_buff.763154* %0, null br i1 %94, label %103, label %95 %96 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.763154*, i32, i8*, i32)*)(%struct.sk_buff.763154* nonnull %0, i32 %85, i8* nonnull %13, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 icmp6_send 1 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 store i8 0, i8* %12, align 1 %178 = load i32, i32* %164, align 8 %179 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %180 = load i32, i32* %179, align 4 %181 = sub i32 %178, %172 %182 = sub i32 %181, %180 %183 = icmp sgt i32 %182, 0 br i1 %183, label %189, label %184, !prof !4, !misexpect !5 %185 = icmp eq %struct.sk_buff.763154* %0, null br i1 %185, label %200, label %186 %187 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.763154*, i32, i8*, i32)*)(%struct.sk_buff.763154* nonnull %0, i32 %172, i8* nonnull %12, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %319 = load i32, i32* %22, align 4 %320 = sub i32 %319, %312 %321 = icmp slt i32 %320, 20 br i1 %321, label %322, label %326, !prof !4, !misexpect !9 br i1 %75, label %386, label %323 %324 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %291, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %319 = load i32, i32* %22, align 4 %320 = sub i32 %319, %312 %321 = icmp slt i32 %320, 20 br i1 %321, label %322, label %326, !prof !4, !misexpect !9 br i1 %75, label %386, label %323 %324 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %291, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %319 = load i32, i32* %22, align 4 %320 = sub i32 %319, %312 %321 = icmp slt i32 %320, 20 br i1 %321, label %322, label %326, !prof !4, !misexpect !9 br i1 %75, label %386, label %323 %324 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %291, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %319 = load i32, i32* %22, align 4 %320 = sub i32 %319, %312 %321 = icmp slt i32 %320, 20 br i1 %321, label %322, label %326, !prof !4, !misexpect !9 br i1 %75, label %386, label %323 %324 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %291, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %319 = load i32, i32* %22, align 4 %320 = sub i32 %319, %312 %321 = icmp slt i32 %320, 20 br i1 %321, label %322, label %326, !prof !4, !misexpect !9 br i1 %75, label %386, label %323 %324 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %291, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %319 = load i32, i32* %22, align 4 %320 = sub i32 %319, %312 %321 = icmp slt i32 %320, 20 br i1 %321, label %322, label %326, !prof !4, !misexpect !9 br i1 %75, label %386, label %323 %324 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %291, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %319 = load i32, i32* %22, align 4 %320 = sub i32 %319, %312 %321 = icmp slt i32 %320, 20 br i1 %321, label %322, label %326, !prof !4, !misexpect !9 br i1 %75, label %386, label %323 %324 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %291, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %319 = load i32, i32* %22, align 4 %320 = sub i32 %319, %312 %321 = icmp slt i32 %320, 20 br i1 %321, label %322, label %326, !prof !4, !misexpect !9 br i1 %75, label %386, label %323 %324 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %291, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %319 = load i32, i32* %22, align 4 %320 = sub i32 %319, %312 %321 = icmp slt i32 %320, 20 br i1 %321, label %322, label %326, !prof !4, !misexpect !9 br i1 %75, label %386, label %323 %324 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %291, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %391 = load i32, i32* %22, align 4 %392 = sub i32 %391, %312 %393 = icmp slt i32 %392, 40 br i1 %393, label %394, label %398, !prof !4, !misexpect !9 br i1 %75, label %455, label %395 %396 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %285, i32 40) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %391 = load i32, i32* %22, align 4 %392 = sub i32 %391, %312 %393 = icmp slt i32 %392, 40 br i1 %393, label %394, label %398, !prof !4, !misexpect !9 br i1 %75, label %455, label %395 %396 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %285, i32 40) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %391 = load i32, i32* %22, align 4 %392 = sub i32 %391, %312 %393 = icmp slt i32 %392, 40 br i1 %393, label %394, label %398, !prof !4, !misexpect !9 br i1 %75, label %455, label %395 %396 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %285, i32 40) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %391 = load i32, i32* %22, align 4 %392 = sub i32 %391, %312 %393 = icmp slt i32 %392, 40 br i1 %393, label %394, label %398, !prof !4, !misexpect !9 br i1 %75, label %455, label %395 %396 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %285, i32 40) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %391 = load i32, i32* %22, align 4 %392 = sub i32 %391, %312 %393 = icmp slt i32 %392, 40 br i1 %393, label %394, label %398, !prof !4, !misexpect !9 br i1 %75, label %455, label %395 %396 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %285, i32 40) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %391 = load i32, i32* %22, align 4 %392 = sub i32 %391, %312 %393 = icmp slt i32 %392, 40 br i1 %393, label %394, label %398, !prof !4, !misexpect !9 br i1 %75, label %455, label %395 %396 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %285, i32 40) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %391 = load i32, i32* %22, align 4 %392 = sub i32 %391, %312 %393 = icmp slt i32 %392, 40 br i1 %393, label %394, label %398, !prof !4, !misexpect !9 br i1 %75, label %455, label %395 %396 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %285, i32 40) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %391 = load i32, i32* %22, align 4 %392 = sub i32 %391, %312 %393 = icmp slt i32 %392, 40 br i1 %393, label %394, label %398, !prof !4, !misexpect !9 br i1 %75, label %455, label %395 %396 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %285, i32 40) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %391 = load i32, i32* %22, align 4 %392 = sub i32 %391, %312 %393 = icmp slt i32 %392, 40 br i1 %393, label %394, label %398, !prof !4, !misexpect !9 br i1 %75, label %455, label %395 %396 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %285, i32 40) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i32 0, i32* %27, align 4 %460 = icmp eq i32 %317, 28 %461 = and i1 %281, %460 br i1 %461, label %462, label %466 %463 = load i16, i16* %282, align 2 %464 = and i16 %463, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %466, label %485 %467 = load i32, i32* %22, align 4 %468 = sub i32 %467, %312 %469 = icmp slt i32 %468, 4 br i1 %469, label %470, label %474, !prof !4, !misexpect !9 br i1 %75, label %537, label %471 %472 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %280, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i32 0, i32* %27, align 4 %460 = icmp eq i32 %317, 28 %461 = and i1 %281, %460 br i1 %461, label %462, label %466 %463 = load i16, i16* %282, align 2 %464 = and i16 %463, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %466, label %485 %467 = load i32, i32* %22, align 4 %468 = sub i32 %467, %312 %469 = icmp slt i32 %468, 4 br i1 %469, label %470, label %474, !prof !4, !misexpect !9 br i1 %75, label %537, label %471 %472 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %280, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i32 0, i32* %27, align 4 %460 = icmp eq i32 %317, 28 %461 = and i1 %281, %460 br i1 %461, label %462, label %466 %463 = load i16, i16* %282, align 2 %464 = and i16 %463, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %466, label %485 %467 = load i32, i32* %22, align 4 %468 = sub i32 %467, %312 %469 = icmp slt i32 %468, 4 br i1 %469, label %470, label %474, !prof !4, !misexpect !9 br i1 %75, label %537, label %471 %472 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %280, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i32 0, i32* %27, align 4 %460 = icmp eq i32 %317, 28 %461 = and i1 %281, %460 br i1 %461, label %462, label %466 %463 = load i16, i16* %282, align 2 %464 = and i16 %463, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %466, label %485 %467 = load i32, i32* %22, align 4 %468 = sub i32 %467, %312 %469 = icmp slt i32 %468, 4 br i1 %469, label %470, label %474, !prof !4, !misexpect !9 br i1 %75, label %537, label %471 %472 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %280, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i32 0, i32* %27, align 4 %460 = icmp eq i32 %317, 28 %461 = and i1 %281, %460 br i1 %461, label %462, label %466 %463 = load i16, i16* %282, align 2 %464 = and i16 %463, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %466, label %485 %467 = load i32, i32* %22, align 4 %468 = sub i32 %467, %312 %469 = icmp slt i32 %468, 4 br i1 %469, label %470, label %474, !prof !4, !misexpect !9 br i1 %75, label %537, label %471 %472 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %280, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i32 0, i32* %27, align 4 %460 = icmp eq i32 %317, 28 %461 = and i1 %281, %460 br i1 %461, label %462, label %466 %463 = load i16, i16* %282, align 2 %464 = and i16 %463, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %466, label %485 %467 = load i32, i32* %22, align 4 %468 = sub i32 %467, %312 %469 = icmp slt i32 %468, 4 br i1 %469, label %470, label %474, !prof !4, !misexpect !9 br i1 %75, label %537, label %471 %472 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %280, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i32 0, i32* %27, align 4 %460 = icmp eq i32 %317, 28 %461 = and i1 %281, %460 br i1 %461, label %462, label %466 %463 = load i16, i16* %282, align 2 %464 = and i16 %463, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %466, label %485 %467 = load i32, i32* %22, align 4 %468 = sub i32 %467, %312 %469 = icmp slt i32 %468, 4 br i1 %469, label %470, label %474, !prof !4, !misexpect !9 br i1 %75, label %537, label %471 %472 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %280, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i32 0, i32* %27, align 4 %460 = icmp eq i32 %317, 28 %461 = and i1 %281, %460 br i1 %461, label %462, label %466 %463 = load i16, i16* %282, align 2 %464 = and i16 %463, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %466, label %485 %467 = load i32, i32* %22, align 4 %468 = sub i32 %467, %312 %469 = icmp slt i32 %468, 4 br i1 %469, label %470, label %474, !prof !4, !misexpect !9 br i1 %75, label %537, label %471 %472 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %280, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i32 0, i32* %27, align 4 %460 = icmp eq i32 %317, 28 %461 = and i1 %281, %460 br i1 %461, label %462, label %466 %463 = load i16, i16* %282, align 2 %464 = and i16 %463, 1 %465 = icmp eq i16 %464, 0 br i1 %465, label %466, label %485 %467 = load i32, i32* %22, align 4 %468 = sub i32 %467, %312 %469 = icmp slt i32 %468, 4 br i1 %469, label %470, label %474, !prof !4, !misexpect !9 br i1 %75, label %537, label %471 %472 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %280, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %567 = load i32, i32* %22, align 4 %568 = sub i32 %567, %312 %569 = icmp slt i32 %568, 16 br i1 %569, label %570, label %574, !prof !4, !misexpect !9 br i1 %75, label %599, label %571 %572 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %274, i32 16) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %602 = load i32, i32* %22, align 4 store i32 0, i32* %271, align 4 %603 = load i32, i32* %245, align 4 %604 = and i32 %603, 8192 %605 = icmp eq i32 %604, 0 br i1 %605, label %606, label %611 %612 = icmp sgt i32 %316, 6 br i1 %612, label %669, label %613 %614 = sub i32 %602, %312 %615 = icmp slt i32 %614, 4 br i1 %615, label %616, label %622, !prof !4, !misexpect !9 br i1 %75, label %669, label %617 %618 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %270, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %602 = load i32, i32* %22, align 4 store i32 0, i32* %271, align 4 %603 = load i32, i32* %245, align 4 %604 = and i32 %603, 8192 %605 = icmp eq i32 %604, 0 br i1 %605, label %606, label %611 %612 = icmp sgt i32 %316, 6 br i1 %612, label %669, label %613 %614 = sub i32 %602, %312 %615 = icmp slt i32 %614, 4 br i1 %615, label %616, label %622, !prof !4, !misexpect !9 br i1 %75, label %669, label %617 %618 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %270, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %602 = load i32, i32* %22, align 4 store i32 0, i32* %271, align 4 %603 = load i32, i32* %245, align 4 %604 = and i32 %603, 8192 %605 = icmp eq i32 %604, 0 br i1 %605, label %606, label %611 %612 = icmp sgt i32 %316, 6 br i1 %612, label %669, label %613 %614 = sub i32 %602, %312 %615 = icmp slt i32 %614, 4 br i1 %615, label %616, label %622, !prof !4, !misexpect !9 br i1 %75, label %669, label %617 %618 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %270, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %602 = load i32, i32* %22, align 4 store i32 0, i32* %271, align 4 %603 = load i32, i32* %245, align 4 %604 = and i32 %603, 8192 %605 = icmp eq i32 %604, 0 br i1 %605, label %606, label %611 %612 = icmp sgt i32 %316, 6 br i1 %612, label %669, label %613 %614 = sub i32 %602, %312 %615 = icmp slt i32 %614, 4 br i1 %615, label %616, label %622, !prof !4, !misexpect !9 br i1 %75, label %669, label %617 %618 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %270, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %602 = load i32, i32* %22, align 4 store i32 0, i32* %271, align 4 %603 = load i32, i32* %245, align 4 %604 = and i32 %603, 8192 %605 = icmp eq i32 %604, 0 br i1 %605, label %606, label %611 %612 = icmp sgt i32 %316, 6 br i1 %612, label %669, label %613 %614 = sub i32 %602, %312 %615 = icmp slt i32 %614, 4 br i1 %615, label %616, label %622, !prof !4, !misexpect !9 br i1 %75, label %669, label %617 %618 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %270, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %602 = load i32, i32* %22, align 4 store i32 0, i32* %271, align 4 %603 = load i32, i32* %245, align 4 %604 = and i32 %603, 8192 %605 = icmp eq i32 %604, 0 br i1 %605, label %606, label %611 %612 = icmp sgt i32 %316, 6 br i1 %612, label %669, label %613 %614 = sub i32 %602, %312 %615 = icmp slt i32 %614, 4 br i1 %615, label %616, label %622, !prof !4, !misexpect !9 br i1 %75, label %669, label %617 %618 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %270, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %602 = load i32, i32* %22, align 4 store i32 0, i32* %271, align 4 %603 = load i32, i32* %245, align 4 %604 = and i32 %603, 8192 %605 = icmp eq i32 %604, 0 br i1 %605, label %606, label %611 %612 = icmp sgt i32 %316, 6 br i1 %612, label %669, label %613 %614 = sub i32 %602, %312 %615 = icmp slt i32 %614, 4 br i1 %615, label %616, label %622, !prof !4, !misexpect !9 br i1 %75, label %669, label %617 %618 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %270, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %602 = load i32, i32* %22, align 4 store i32 0, i32* %271, align 4 %603 = load i32, i32* %245, align 4 %604 = and i32 %603, 8192 %605 = icmp eq i32 %604, 0 br i1 %605, label %606, label %611 %612 = icmp sgt i32 %316, 6 br i1 %612, label %669, label %613 %614 = sub i32 %602, %312 %615 = icmp slt i32 %614, 4 br i1 %615, label %616, label %622, !prof !4, !misexpect !9 br i1 %75, label %669, label %617 %618 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %270, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %602 = load i32, i32* %22, align 4 store i32 0, i32* %271, align 4 %603 = load i32, i32* %245, align 4 %604 = and i32 %603, 8192 %605 = icmp eq i32 %604, 0 br i1 %605, label %606, label %611 %612 = icmp sgt i32 %316, 6 br i1 %612, label %669, label %613 %614 = sub i32 %602, %312 %615 = icmp slt i32 %614, 4 br i1 %615, label %616, label %622, !prof !4, !misexpect !9 br i1 %75, label %669, label %617 %618 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %270, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 br i1 %75, label %767, label %689 %690 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %268, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 br i1 %75, label %767, label %689 %690 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %268, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 br i1 %75, label %767, label %689 %690 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %268, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 br i1 %75, label %767, label %689 %690 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %268, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 br i1 %75, label %767, label %689 %690 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %268, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 br i1 %75, label %767, label %689 %690 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %268, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 br i1 %75, label %767, label %689 %690 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %268, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 br i1 %75, label %767, label %689 %690 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %268, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 br i1 %75, label %767, label %689 %690 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %268, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 %693 = sext i32 %312 to i64 %694 = getelementptr i8, i8* %66, i64 %693 %695 = icmp eq i8* %694, null br i1 %695, label %767, label %696 %697 = phi i8* [ %694, %692 ], [ %268, %689 ] %698 = bitcast i8* %697 to i16* %699 = load i16, i16* %698, align 2 %700 = icmp eq i16 %699, 256 br i1 %700, label %701, label %767 %702 = getelementptr inbounds i8, i8* %697, i64 2 %703 = bitcast i8* %702 to i16* %704 = load i16, i16* %703, align 2 %705 = icmp eq i16 %704, 8 br i1 %705, label %706, label %767 %707 = getelementptr inbounds i8, i8* %697, i64 4 %708 = load i8, i8* %707, align 2 %709 = icmp eq i8 %708, 6 br i1 %709, label %710, label %767 %711 = getelementptr inbounds i8, i8* %697, i64 5 %712 = load i8, i8* %711, align 1 %713 = icmp eq i8 %712, 4 br i1 %713, label %714, label %767 %715 = getelementptr inbounds i8, i8* %697, i64 6 %716 = bitcast i8* %715 to i16* %717 = load i16, i16* %716, align 2 switch i16 %717, label %767 [ i16 512, label %718 i16 256, label %718 ] %719 = add i32 %312, 8 %720 = sub i32 %681, %719 %721 = icmp slt i32 %720, 20 br i1 %721, label %722, label %726, !prof !4, !misexpect !9 br i1 %75, label %767, label %723 %724 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %719, i8* nonnull %267, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 %693 = sext i32 %312 to i64 %694 = getelementptr i8, i8* %66, i64 %693 %695 = icmp eq i8* %694, null br i1 %695, label %767, label %696 %697 = phi i8* [ %694, %692 ], [ %268, %689 ] %698 = bitcast i8* %697 to i16* %699 = load i16, i16* %698, align 2 %700 = icmp eq i16 %699, 256 br i1 %700, label %701, label %767 %702 = getelementptr inbounds i8, i8* %697, i64 2 %703 = bitcast i8* %702 to i16* %704 = load i16, i16* %703, align 2 %705 = icmp eq i16 %704, 8 br i1 %705, label %706, label %767 %707 = getelementptr inbounds i8, i8* %697, i64 4 %708 = load i8, i8* %707, align 2 %709 = icmp eq i8 %708, 6 br i1 %709, label %710, label %767 %711 = getelementptr inbounds i8, i8* %697, i64 5 %712 = load i8, i8* %711, align 1 %713 = icmp eq i8 %712, 4 br i1 %713, label %714, label %767 %715 = getelementptr inbounds i8, i8* %697, i64 6 %716 = bitcast i8* %715 to i16* %717 = load i16, i16* %716, align 2 switch i16 %717, label %767 [ i16 512, label %718 i16 256, label %718 ] %719 = add i32 %312, 8 %720 = sub i32 %681, %719 %721 = icmp slt i32 %720, 20 br i1 %721, label %722, label %726, !prof !4, !misexpect !9 br i1 %75, label %767, label %723 %724 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %719, i8* nonnull %267, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 %693 = sext i32 %312 to i64 %694 = getelementptr i8, i8* %66, i64 %693 %695 = icmp eq i8* %694, null br i1 %695, label %767, label %696 %697 = phi i8* [ %694, %692 ], [ %268, %689 ] %698 = bitcast i8* %697 to i16* %699 = load i16, i16* %698, align 2 %700 = icmp eq i16 %699, 256 br i1 %700, label %701, label %767 %702 = getelementptr inbounds i8, i8* %697, i64 2 %703 = bitcast i8* %702 to i16* %704 = load i16, i16* %703, align 2 %705 = icmp eq i16 %704, 8 br i1 %705, label %706, label %767 %707 = getelementptr inbounds i8, i8* %697, i64 4 %708 = load i8, i8* %707, align 2 %709 = icmp eq i8 %708, 6 br i1 %709, label %710, label %767 %711 = getelementptr inbounds i8, i8* %697, i64 5 %712 = load i8, i8* %711, align 1 %713 = icmp eq i8 %712, 4 br i1 %713, label %714, label %767 %715 = getelementptr inbounds i8, i8* %697, i64 6 %716 = bitcast i8* %715 to i16* %717 = load i16, i16* %716, align 2 switch i16 %717, label %767 [ i16 512, label %718 i16 256, label %718 ] %719 = add i32 %312, 8 %720 = sub i32 %681, %719 %721 = icmp slt i32 %720, 20 br i1 %721, label %722, label %726, !prof !4, !misexpect !9 br i1 %75, label %767, label %723 %724 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %719, i8* nonnull %267, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 %693 = sext i32 %312 to i64 %694 = getelementptr i8, i8* %66, i64 %693 %695 = icmp eq i8* %694, null br i1 %695, label %767, label %696 %697 = phi i8* [ %694, %692 ], [ %268, %689 ] %698 = bitcast i8* %697 to i16* %699 = load i16, i16* %698, align 2 %700 = icmp eq i16 %699, 256 br i1 %700, label %701, label %767 %702 = getelementptr inbounds i8, i8* %697, i64 2 %703 = bitcast i8* %702 to i16* %704 = load i16, i16* %703, align 2 %705 = icmp eq i16 %704, 8 br i1 %705, label %706, label %767 %707 = getelementptr inbounds i8, i8* %697, i64 4 %708 = load i8, i8* %707, align 2 %709 = icmp eq i8 %708, 6 br i1 %709, label %710, label %767 %711 = getelementptr inbounds i8, i8* %697, i64 5 %712 = load i8, i8* %711, align 1 %713 = icmp eq i8 %712, 4 br i1 %713, label %714, label %767 %715 = getelementptr inbounds i8, i8* %697, i64 6 %716 = bitcast i8* %715 to i16* %717 = load i16, i16* %716, align 2 switch i16 %717, label %767 [ i16 512, label %718 i16 256, label %718 ] %719 = add i32 %312, 8 %720 = sub i32 %681, %719 %721 = icmp slt i32 %720, 20 br i1 %721, label %722, label %726, !prof !4, !misexpect !9 br i1 %75, label %767, label %723 %724 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %719, i8* nonnull %267, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 %693 = sext i32 %312 to i64 %694 = getelementptr i8, i8* %66, i64 %693 %695 = icmp eq i8* %694, null br i1 %695, label %767, label %696 %697 = phi i8* [ %694, %692 ], [ %268, %689 ] %698 = bitcast i8* %697 to i16* %699 = load i16, i16* %698, align 2 %700 = icmp eq i16 %699, 256 br i1 %700, label %701, label %767 %702 = getelementptr inbounds i8, i8* %697, i64 2 %703 = bitcast i8* %702 to i16* %704 = load i16, i16* %703, align 2 %705 = icmp eq i16 %704, 8 br i1 %705, label %706, label %767 %707 = getelementptr inbounds i8, i8* %697, i64 4 %708 = load i8, i8* %707, align 2 %709 = icmp eq i8 %708, 6 br i1 %709, label %710, label %767 %711 = getelementptr inbounds i8, i8* %697, i64 5 %712 = load i8, i8* %711, align 1 %713 = icmp eq i8 %712, 4 br i1 %713, label %714, label %767 %715 = getelementptr inbounds i8, i8* %697, i64 6 %716 = bitcast i8* %715 to i16* %717 = load i16, i16* %716, align 2 switch i16 %717, label %767 [ i16 512, label %718 i16 256, label %718 ] %719 = add i32 %312, 8 %720 = sub i32 %681, %719 %721 = icmp slt i32 %720, 20 br i1 %721, label %722, label %726, !prof !4, !misexpect !9 br i1 %75, label %767, label %723 %724 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %719, i8* nonnull %267, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 %693 = sext i32 %312 to i64 %694 = getelementptr i8, i8* %66, i64 %693 %695 = icmp eq i8* %694, null br i1 %695, label %767, label %696 %697 = phi i8* [ %694, %692 ], [ %268, %689 ] %698 = bitcast i8* %697 to i16* %699 = load i16, i16* %698, align 2 %700 = icmp eq i16 %699, 256 br i1 %700, label %701, label %767 %702 = getelementptr inbounds i8, i8* %697, i64 2 %703 = bitcast i8* %702 to i16* %704 = load i16, i16* %703, align 2 %705 = icmp eq i16 %704, 8 br i1 %705, label %706, label %767 %707 = getelementptr inbounds i8, i8* %697, i64 4 %708 = load i8, i8* %707, align 2 %709 = icmp eq i8 %708, 6 br i1 %709, label %710, label %767 %711 = getelementptr inbounds i8, i8* %697, i64 5 %712 = load i8, i8* %711, align 1 %713 = icmp eq i8 %712, 4 br i1 %713, label %714, label %767 %715 = getelementptr inbounds i8, i8* %697, i64 6 %716 = bitcast i8* %715 to i16* %717 = load i16, i16* %716, align 2 switch i16 %717, label %767 [ i16 512, label %718 i16 256, label %718 ] %719 = add i32 %312, 8 %720 = sub i32 %681, %719 %721 = icmp slt i32 %720, 20 br i1 %721, label %722, label %726, !prof !4, !misexpect !9 br i1 %75, label %767, label %723 %724 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %719, i8* nonnull %267, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 %693 = sext i32 %312 to i64 %694 = getelementptr i8, i8* %66, i64 %693 %695 = icmp eq i8* %694, null br i1 %695, label %767, label %696 %697 = phi i8* [ %694, %692 ], [ %268, %689 ] %698 = bitcast i8* %697 to i16* %699 = load i16, i16* %698, align 2 %700 = icmp eq i16 %699, 256 br i1 %700, label %701, label %767 %702 = getelementptr inbounds i8, i8* %697, i64 2 %703 = bitcast i8* %702 to i16* %704 = load i16, i16* %703, align 2 %705 = icmp eq i16 %704, 8 br i1 %705, label %706, label %767 %707 = getelementptr inbounds i8, i8* %697, i64 4 %708 = load i8, i8* %707, align 2 %709 = icmp eq i8 %708, 6 br i1 %709, label %710, label %767 %711 = getelementptr inbounds i8, i8* %697, i64 5 %712 = load i8, i8* %711, align 1 %713 = icmp eq i8 %712, 4 br i1 %713, label %714, label %767 %715 = getelementptr inbounds i8, i8* %697, i64 6 %716 = bitcast i8* %715 to i16* %717 = load i16, i16* %716, align 2 switch i16 %717, label %767 [ i16 512, label %718 i16 256, label %718 ] %719 = add i32 %312, 8 %720 = sub i32 %681, %719 %721 = icmp slt i32 %720, 20 br i1 %721, label %722, label %726, !prof !4, !misexpect !9 br i1 %75, label %767, label %723 %724 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %719, i8* nonnull %267, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 %693 = sext i32 %312 to i64 %694 = getelementptr i8, i8* %66, i64 %693 %695 = icmp eq i8* %694, null br i1 %695, label %767, label %696 %697 = phi i8* [ %694, %692 ], [ %268, %689 ] %698 = bitcast i8* %697 to i16* %699 = load i16, i16* %698, align 2 %700 = icmp eq i16 %699, 256 br i1 %700, label %701, label %767 %702 = getelementptr inbounds i8, i8* %697, i64 2 %703 = bitcast i8* %702 to i16* %704 = load i16, i16* %703, align 2 %705 = icmp eq i16 %704, 8 br i1 %705, label %706, label %767 %707 = getelementptr inbounds i8, i8* %697, i64 4 %708 = load i8, i8* %707, align 2 %709 = icmp eq i8 %708, 6 br i1 %709, label %710, label %767 %711 = getelementptr inbounds i8, i8* %697, i64 5 %712 = load i8, i8* %711, align 1 %713 = icmp eq i8 %712, 4 br i1 %713, label %714, label %767 %715 = getelementptr inbounds i8, i8* %697, i64 6 %716 = bitcast i8* %715 to i16* %717 = load i16, i16* %716, align 2 switch i16 %717, label %767 [ i16 512, label %718 i16 256, label %718 ] %719 = add i32 %312, 8 %720 = sub i32 %681, %719 %721 = icmp slt i32 %720, 20 br i1 %721, label %722, label %726, !prof !4, !misexpect !9 br i1 %75, label %767, label %723 %724 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %719, i8* nonnull %267, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %681 = load i32, i32* %22, align 4 store i64 0, i64* %13, align 8 %682 = load i32, i32* %245, align 4 %683 = and i32 %682, 512 %684 = icmp eq i32 %683, 0 br i1 %684, label %767, label %685 %686 = sub i32 %681, %312 %687 = icmp slt i32 %686, 8 br i1 %687, label %688, label %692, !prof !4, !misexpect !9 %693 = sext i32 %312 to i64 %694 = getelementptr i8, i8* %66, i64 %693 %695 = icmp eq i8* %694, null br i1 %695, label %767, label %696 %697 = phi i8* [ %694, %692 ], [ %268, %689 ] %698 = bitcast i8* %697 to i16* %699 = load i16, i16* %698, align 2 %700 = icmp eq i16 %699, 256 br i1 %700, label %701, label %767 %702 = getelementptr inbounds i8, i8* %697, i64 2 %703 = bitcast i8* %702 to i16* %704 = load i16, i16* %703, align 2 %705 = icmp eq i16 %704, 8 br i1 %705, label %706, label %767 %707 = getelementptr inbounds i8, i8* %697, i64 4 %708 = load i8, i8* %707, align 2 %709 = icmp eq i8 %708, 6 br i1 %709, label %710, label %767 %711 = getelementptr inbounds i8, i8* %697, i64 5 %712 = load i8, i8* %711, align 1 %713 = icmp eq i8 %712, 4 br i1 %713, label %714, label %767 %715 = getelementptr inbounds i8, i8* %697, i64 6 %716 = bitcast i8* %715 to i16* %717 = load i16, i16* %716, align 2 switch i16 %717, label %767 [ i16 512, label %718 i16 256, label %718 ] %719 = add i32 %312, 8 %720 = sub i32 %681, %719 %721 = icmp slt i32 %720, 20 br i1 %721, label %722, label %726, !prof !4, !misexpect !9 br i1 %75, label %767, label %723 %724 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %719, i8* nonnull %267, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i64 0, i64* %28, align 8 %543 = load i32, i32* %22, align 4 %544 = sub i32 %543, %312 %545 = icmp slt i32 %544, 8 br i1 %545, label %546, label %550, !prof !4, !misexpect !9 br i1 %75, label %562, label %547 %548 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %279, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i64 0, i64* %28, align 8 %543 = load i32, i32* %22, align 4 %544 = sub i32 %543, %312 %545 = icmp slt i32 %544, 8 br i1 %545, label %546, label %550, !prof !4, !misexpect !9 br i1 %75, label %562, label %547 %548 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %279, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i64 0, i64* %28, align 8 %543 = load i32, i32* %22, align 4 %544 = sub i32 %543, %312 %545 = icmp slt i32 %544, 8 br i1 %545, label %546, label %550, !prof !4, !misexpect !9 br i1 %75, label %562, label %547 %548 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %279, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i64 0, i64* %28, align 8 %543 = load i32, i32* %22, align 4 %544 = sub i32 %543, %312 %545 = icmp slt i32 %544, 8 br i1 %545, label %546, label %550, !prof !4, !misexpect !9 br i1 %75, label %562, label %547 %548 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %279, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i64 0, i64* %28, align 8 %543 = load i32, i32* %22, align 4 %544 = sub i32 %543, %312 %545 = icmp slt i32 %544, 8 br i1 %545, label %546, label %550, !prof !4, !misexpect !9 br i1 %75, label %562, label %547 %548 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %279, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i64 0, i64* %28, align 8 %543 = load i32, i32* %22, align 4 %544 = sub i32 %543, %312 %545 = icmp slt i32 %544, 8 br i1 %545, label %546, label %550, !prof !4, !misexpect !9 br i1 %75, label %562, label %547 %548 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %279, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i64 0, i64* %28, align 8 %543 = load i32, i32* %22, align 4 %544 = sub i32 %543, %312 %545 = icmp slt i32 %544, 8 br i1 %545, label %546, label %550, !prof !4, !misexpect !9 br i1 %75, label %562, label %547 %548 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %279, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i64 0, i64* %28, align 8 %543 = load i32, i32* %22, align 4 %544 = sub i32 %543, %312 %545 = icmp slt i32 %544, 8 br i1 %545, label %546, label %550, !prof !4, !misexpect !9 br i1 %75, label %562, label %547 %548 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %279, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] store i64 0, i64* %28, align 8 %543 = load i32, i32* %22, align 4 %544 = sub i32 %543, %312 %545 = icmp slt i32 %544, 8 br i1 %545, label %546, label %550, !prof !4, !misexpect !9 br i1 %75, label %562, label %547 %548 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %279, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %770 = load i32, i32* %22, align 4 %771 = sub i32 %770, %312 %772 = icmp slt i32 %771, 24 br i1 %772, label %773, label %777, !prof !4, !misexpect !9 br i1 %75, label %796, label %774 %775 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %261, i32 24) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %770 = load i32, i32* %22, align 4 %771 = sub i32 %770, %312 %772 = icmp slt i32 %771, 24 br i1 %772, label %773, label %777, !prof !4, !misexpect !9 br i1 %75, label %796, label %774 %775 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %261, i32 24) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %770 = load i32, i32* %22, align 4 %771 = sub i32 %770, %312 %772 = icmp slt i32 %771, 24 br i1 %772, label %773, label %777, !prof !4, !misexpect !9 br i1 %75, label %796, label %774 %775 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %261, i32 24) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %770 = load i32, i32* %22, align 4 %771 = sub i32 %770, %312 %772 = icmp slt i32 %771, 24 br i1 %772, label %773, label %777, !prof !4, !misexpect !9 br i1 %75, label %796, label %774 %775 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %261, i32 24) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %770 = load i32, i32* %22, align 4 %771 = sub i32 %770, %312 %772 = icmp slt i32 %771, 24 br i1 %772, label %773, label %777, !prof !4, !misexpect !9 br i1 %75, label %796, label %774 %775 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %261, i32 24) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %770 = load i32, i32* %22, align 4 %771 = sub i32 %770, %312 %772 = icmp slt i32 %771, 24 br i1 %772, label %773, label %777, !prof !4, !misexpect !9 br i1 %75, label %796, label %774 %775 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %261, i32 24) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %770 = load i32, i32* %22, align 4 %771 = sub i32 %770, %312 %772 = icmp slt i32 %771, 24 br i1 %772, label %773, label %777, !prof !4, !misexpect !9 br i1 %75, label %796, label %774 %775 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %261, i32 24) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %770 = load i32, i32* %22, align 4 %771 = sub i32 %770, %312 %772 = icmp slt i32 %771, 24 br i1 %772, label %773, label %777, !prof !4, !misexpect !9 br i1 %75, label %796, label %774 %775 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %261, i32 24) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %770 = load i32, i32* %22, align 4 %771 = sub i32 %770, %312 %772 = icmp slt i32 %771, 24 br i1 %772, label %773, label %777, !prof !4, !misexpect !9 br i1 %75, label %796, label %774 %775 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %261, i32 24) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %894, i8* nonnull %301, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %894, i8* nonnull %301, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %894, i8* nonnull %301, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %894, i8* nonnull %301, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %894, i8* nonnull %301, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %894, i8* nonnull %301, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %894, i8* nonnull %301, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %894, i8* nonnull %301, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 br i1 %75, label %920, label %899 %900 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %894, i8* nonnull %301, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 %1104 = sext i32 %842 to i64 %1105 = getelementptr i8, i8* %66, i64 %1104 %1106 = icmp eq i8* %1105, null br i1 %1106, label %1126, label %1107 %1108 = phi i8* [ %1105, %1103 ], [ %296, %1100 ] %1109 = load i8, i8* %1108, align 4 store i8 %1109, i8* %1096, align 2 %1110 = getelementptr inbounds i8, i8* %1108, i64 1 %1111 = load i8, i8* %1110, align 1 %1112 = getelementptr inbounds i8, i8* %1096, i64 1 store i8 %1111, i8* %1112, align 1 %1113 = load i8, i8* %1108, align 4 switch i8 %1113, label %1123 [ i8 8, label %1114 i8 0, label %1114 i8 13, label %1114 i8 14, label %1114 i8 -128, label %1114 i8 -127, label %1114 ] %1124 = getelementptr inbounds i8, i8* %1096, i64 2 %1125 = bitcast i8* %1124 to i16* store i16 0, i16* %1125, align 2 br label %1126 br label %1127 %1128 = phi i16 [ %841, %840 ], [ %841, %1087 ], [ 18312, %1057 ], [ -8826, %1054 ], [ 8, %1051 ], [ %841, %1047 ], [ %841, %1015 ], [ %989, %988 ], [ %841, %1088 ], [ %841, %1126 ] %1129 = phi i32 [ %842, %840 ], [ %842, %1087 ], [ %842, %1057 ], [ %842, %1054 ], [ %842, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %842, %1088 ], [ %842, %1126 ] %1130 = phi i8 [ %844, %840 ], [ 6, %1087 ], [ -119, %1057 ], [ 41, %1054 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ %844, %1088 ], [ %844, %1126 ] %1131 = phi i32 [ 4, %840 ], [ 4, %1087 ], [ 2, %1057 ], [ %266, %1054 ], [ %266, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 4, %1088 ], [ 4, %1126 ] %1132 = load i32, i32* %263, align 4 %1133 = and i32 %1132, 1 %1134 = icmp eq i32 %1133, 0 br i1 %1134, label %1135, label %1182 %1136 = load i32, i32* %22, align 4 %1137 = load i32, i32* %245, align 4 %1138 = and i32 %1137, 16 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1140, label %1143 %1141 = and i32 %1137, 32 %1142 = icmp eq i32 %1141, 0 br i1 %1142, label %1182, label %1143 %1144 = phi i64 [ 5, %1140 ], [ 4, %1135 ] %1145 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1144 %1146 = load i16, i16* %1145, align 2 %1147 = zext i16 %1146 to i64 %1148 = getelementptr i8, i8* %3, i64 %1147 switch i8 %1130, label %1150 [ i8 6, label %1151 i8 17, label %1151 i8 33, label %1151 i8 50, label %1151 i8 -124, label %1151 i8 -120, label %1151 i8 51, label %1149 ] br label %1151 %1152 = phi i1 [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1149 ], [ false, %1150 ] %1153 = phi i32 [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 4, %1149 ], [ -22, %1150 ] br i1 %305, label %1154, label %1159 %1155 = load i8*, i8** %306, align 8 %1156 = load i32, i32* %307, align 8 %1157 = load i32, i32* %308, align 4 %1158 = sub i32 %1156, %1157 br label %1159 %1160 = phi i8* [ %66, %1151 ], [ %1155, %1154 ] %1161 = phi i32 [ %1136, %1151 ], [ %1158, %1154 ] br i1 %1152, label %1162, label %1179 store i32 0, i32* %21, align 4 %1163 = add i32 %1153, %1129 %1164 = sub i32 %1161, %1163 %1165 = icmp slt i32 %1164, 4 br i1 %1165, label %1166, label %1170, !prof !4, !misexpect !9 br i1 %75, label %1174, label %1167 %1168 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %1163, i8* nonnull %309, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 %1104 = sext i32 %842 to i64 %1105 = getelementptr i8, i8* %66, i64 %1104 %1106 = icmp eq i8* %1105, null br i1 %1106, label %1126, label %1107 %1108 = phi i8* [ %1105, %1103 ], [ %296, %1100 ] %1109 = load i8, i8* %1108, align 4 store i8 %1109, i8* %1096, align 2 %1110 = getelementptr inbounds i8, i8* %1108, i64 1 %1111 = load i8, i8* %1110, align 1 %1112 = getelementptr inbounds i8, i8* %1096, i64 1 store i8 %1111, i8* %1112, align 1 %1113 = load i8, i8* %1108, align 4 switch i8 %1113, label %1123 [ i8 8, label %1114 i8 0, label %1114 i8 13, label %1114 i8 14, label %1114 i8 -128, label %1114 i8 -127, label %1114 ] %1124 = getelementptr inbounds i8, i8* %1096, i64 2 %1125 = bitcast i8* %1124 to i16* store i16 0, i16* %1125, align 2 br label %1126 br label %1127 %1128 = phi i16 [ %841, %840 ], [ %841, %1087 ], [ 18312, %1057 ], [ -8826, %1054 ], [ 8, %1051 ], [ %841, %1047 ], [ %841, %1015 ], [ %989, %988 ], [ %841, %1088 ], [ %841, %1126 ] %1129 = phi i32 [ %842, %840 ], [ %842, %1087 ], [ %842, %1057 ], [ %842, %1054 ], [ %842, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %842, %1088 ], [ %842, %1126 ] %1130 = phi i8 [ %844, %840 ], [ 6, %1087 ], [ -119, %1057 ], [ 41, %1054 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ %844, %1088 ], [ %844, %1126 ] %1131 = phi i32 [ 4, %840 ], [ 4, %1087 ], [ 2, %1057 ], [ %266, %1054 ], [ %266, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 4, %1088 ], [ 4, %1126 ] %1132 = load i32, i32* %263, align 4 %1133 = and i32 %1132, 1 %1134 = icmp eq i32 %1133, 0 br i1 %1134, label %1135, label %1182 %1136 = load i32, i32* %22, align 4 %1137 = load i32, i32* %245, align 4 %1138 = and i32 %1137, 16 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1140, label %1143 %1141 = and i32 %1137, 32 %1142 = icmp eq i32 %1141, 0 br i1 %1142, label %1182, label %1143 %1144 = phi i64 [ 5, %1140 ], [ 4, %1135 ] %1145 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1144 %1146 = load i16, i16* %1145, align 2 %1147 = zext i16 %1146 to i64 %1148 = getelementptr i8, i8* %3, i64 %1147 switch i8 %1130, label %1150 [ i8 6, label %1151 i8 17, label %1151 i8 33, label %1151 i8 50, label %1151 i8 -124, label %1151 i8 -120, label %1151 i8 51, label %1149 ] br label %1151 %1152 = phi i1 [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1149 ], [ false, %1150 ] %1153 = phi i32 [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 4, %1149 ], [ -22, %1150 ] br i1 %305, label %1154, label %1159 %1155 = load i8*, i8** %306, align 8 %1156 = load i32, i32* %307, align 8 %1157 = load i32, i32* %308, align 4 %1158 = sub i32 %1156, %1157 br label %1159 %1160 = phi i8* [ %66, %1151 ], [ %1155, %1154 ] %1161 = phi i32 [ %1136, %1151 ], [ %1158, %1154 ] br i1 %1152, label %1162, label %1179 store i32 0, i32* %21, align 4 %1163 = add i32 %1153, %1129 %1164 = sub i32 %1161, %1163 %1165 = icmp slt i32 %1164, 4 br i1 %1165, label %1166, label %1170, !prof !4, !misexpect !9 br i1 %75, label %1174, label %1167 %1168 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %1163, i8* nonnull %309, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 %1104 = sext i32 %842 to i64 %1105 = getelementptr i8, i8* %66, i64 %1104 %1106 = icmp eq i8* %1105, null br i1 %1106, label %1126, label %1107 %1108 = phi i8* [ %1105, %1103 ], [ %296, %1100 ] %1109 = load i8, i8* %1108, align 4 store i8 %1109, i8* %1096, align 2 %1110 = getelementptr inbounds i8, i8* %1108, i64 1 %1111 = load i8, i8* %1110, align 1 %1112 = getelementptr inbounds i8, i8* %1096, i64 1 store i8 %1111, i8* %1112, align 1 %1113 = load i8, i8* %1108, align 4 switch i8 %1113, label %1123 [ i8 8, label %1114 i8 0, label %1114 i8 13, label %1114 i8 14, label %1114 i8 -128, label %1114 i8 -127, label %1114 ] %1124 = getelementptr inbounds i8, i8* %1096, i64 2 %1125 = bitcast i8* %1124 to i16* store i16 0, i16* %1125, align 2 br label %1126 br label %1127 %1128 = phi i16 [ %841, %840 ], [ %841, %1087 ], [ 18312, %1057 ], [ -8826, %1054 ], [ 8, %1051 ], [ %841, %1047 ], [ %841, %1015 ], [ %989, %988 ], [ %841, %1088 ], [ %841, %1126 ] %1129 = phi i32 [ %842, %840 ], [ %842, %1087 ], [ %842, %1057 ], [ %842, %1054 ], [ %842, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %842, %1088 ], [ %842, %1126 ] %1130 = phi i8 [ %844, %840 ], [ 6, %1087 ], [ -119, %1057 ], [ 41, %1054 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ %844, %1088 ], [ %844, %1126 ] %1131 = phi i32 [ 4, %840 ], [ 4, %1087 ], [ 2, %1057 ], [ %266, %1054 ], [ %266, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 4, %1088 ], [ 4, %1126 ] %1132 = load i32, i32* %263, align 4 %1133 = and i32 %1132, 1 %1134 = icmp eq i32 %1133, 0 br i1 %1134, label %1135, label %1182 %1136 = load i32, i32* %22, align 4 %1137 = load i32, i32* %245, align 4 %1138 = and i32 %1137, 16 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1140, label %1143 %1141 = and i32 %1137, 32 %1142 = icmp eq i32 %1141, 0 br i1 %1142, label %1182, label %1143 %1144 = phi i64 [ 5, %1140 ], [ 4, %1135 ] %1145 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1144 %1146 = load i16, i16* %1145, align 2 %1147 = zext i16 %1146 to i64 %1148 = getelementptr i8, i8* %3, i64 %1147 switch i8 %1130, label %1150 [ i8 6, label %1151 i8 17, label %1151 i8 33, label %1151 i8 50, label %1151 i8 -124, label %1151 i8 -120, label %1151 i8 51, label %1149 ] br label %1151 %1152 = phi i1 [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1149 ], [ false, %1150 ] %1153 = phi i32 [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 4, %1149 ], [ -22, %1150 ] br i1 %305, label %1154, label %1159 %1155 = load i8*, i8** %306, align 8 %1156 = load i32, i32* %307, align 8 %1157 = load i32, i32* %308, align 4 %1158 = sub i32 %1156, %1157 br label %1159 %1160 = phi i8* [ %66, %1151 ], [ %1155, %1154 ] %1161 = phi i32 [ %1136, %1151 ], [ %1158, %1154 ] br i1 %1152, label %1162, label %1179 store i32 0, i32* %21, align 4 %1163 = add i32 %1153, %1129 %1164 = sub i32 %1161, %1163 %1165 = icmp slt i32 %1164, 4 br i1 %1165, label %1166, label %1170, !prof !4, !misexpect !9 br i1 %75, label %1174, label %1167 %1168 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %1163, i8* nonnull %309, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 %1104 = sext i32 %842 to i64 %1105 = getelementptr i8, i8* %66, i64 %1104 %1106 = icmp eq i8* %1105, null br i1 %1106, label %1126, label %1107 %1108 = phi i8* [ %1105, %1103 ], [ %296, %1100 ] %1109 = load i8, i8* %1108, align 4 store i8 %1109, i8* %1096, align 2 %1110 = getelementptr inbounds i8, i8* %1108, i64 1 %1111 = load i8, i8* %1110, align 1 %1112 = getelementptr inbounds i8, i8* %1096, i64 1 store i8 %1111, i8* %1112, align 1 %1113 = load i8, i8* %1108, align 4 switch i8 %1113, label %1123 [ i8 8, label %1114 i8 0, label %1114 i8 13, label %1114 i8 14, label %1114 i8 -128, label %1114 i8 -127, label %1114 ] %1124 = getelementptr inbounds i8, i8* %1096, i64 2 %1125 = bitcast i8* %1124 to i16* store i16 0, i16* %1125, align 2 br label %1126 br label %1127 %1128 = phi i16 [ %841, %840 ], [ %841, %1087 ], [ 18312, %1057 ], [ -8826, %1054 ], [ 8, %1051 ], [ %841, %1047 ], [ %841, %1015 ], [ %989, %988 ], [ %841, %1088 ], [ %841, %1126 ] %1129 = phi i32 [ %842, %840 ], [ %842, %1087 ], [ %842, %1057 ], [ %842, %1054 ], [ %842, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %842, %1088 ], [ %842, %1126 ] %1130 = phi i8 [ %844, %840 ], [ 6, %1087 ], [ -119, %1057 ], [ 41, %1054 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ %844, %1088 ], [ %844, %1126 ] %1131 = phi i32 [ 4, %840 ], [ 4, %1087 ], [ 2, %1057 ], [ %266, %1054 ], [ %266, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 4, %1088 ], [ 4, %1126 ] %1132 = load i32, i32* %263, align 4 %1133 = and i32 %1132, 1 %1134 = icmp eq i32 %1133, 0 br i1 %1134, label %1135, label %1182 %1136 = load i32, i32* %22, align 4 %1137 = load i32, i32* %245, align 4 %1138 = and i32 %1137, 16 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1140, label %1143 %1141 = and i32 %1137, 32 %1142 = icmp eq i32 %1141, 0 br i1 %1142, label %1182, label %1143 %1144 = phi i64 [ 5, %1140 ], [ 4, %1135 ] %1145 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1144 %1146 = load i16, i16* %1145, align 2 %1147 = zext i16 %1146 to i64 %1148 = getelementptr i8, i8* %3, i64 %1147 switch i8 %1130, label %1150 [ i8 6, label %1151 i8 17, label %1151 i8 33, label %1151 i8 50, label %1151 i8 -124, label %1151 i8 -120, label %1151 i8 51, label %1149 ] br label %1151 %1152 = phi i1 [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1149 ], [ false, %1150 ] %1153 = phi i32 [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 4, %1149 ], [ -22, %1150 ] br i1 %305, label %1154, label %1159 %1155 = load i8*, i8** %306, align 8 %1156 = load i32, i32* %307, align 8 %1157 = load i32, i32* %308, align 4 %1158 = sub i32 %1156, %1157 br label %1159 %1160 = phi i8* [ %66, %1151 ], [ %1155, %1154 ] %1161 = phi i32 [ %1136, %1151 ], [ %1158, %1154 ] br i1 %1152, label %1162, label %1179 store i32 0, i32* %21, align 4 %1163 = add i32 %1153, %1129 %1164 = sub i32 %1161, %1163 %1165 = icmp slt i32 %1164, 4 br i1 %1165, label %1166, label %1170, !prof !4, !misexpect !9 br i1 %75, label %1174, label %1167 %1168 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %1163, i8* nonnull %309, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 %1104 = sext i32 %842 to i64 %1105 = getelementptr i8, i8* %66, i64 %1104 %1106 = icmp eq i8* %1105, null br i1 %1106, label %1126, label %1107 %1108 = phi i8* [ %1105, %1103 ], [ %296, %1100 ] %1109 = load i8, i8* %1108, align 4 store i8 %1109, i8* %1096, align 2 %1110 = getelementptr inbounds i8, i8* %1108, i64 1 %1111 = load i8, i8* %1110, align 1 %1112 = getelementptr inbounds i8, i8* %1096, i64 1 store i8 %1111, i8* %1112, align 1 %1113 = load i8, i8* %1108, align 4 switch i8 %1113, label %1123 [ i8 8, label %1114 i8 0, label %1114 i8 13, label %1114 i8 14, label %1114 i8 -128, label %1114 i8 -127, label %1114 ] %1124 = getelementptr inbounds i8, i8* %1096, i64 2 %1125 = bitcast i8* %1124 to i16* store i16 0, i16* %1125, align 2 br label %1126 br label %1127 %1128 = phi i16 [ %841, %840 ], [ %841, %1087 ], [ 18312, %1057 ], [ -8826, %1054 ], [ 8, %1051 ], [ %841, %1047 ], [ %841, %1015 ], [ %989, %988 ], [ %841, %1088 ], [ %841, %1126 ] %1129 = phi i32 [ %842, %840 ], [ %842, %1087 ], [ %842, %1057 ], [ %842, %1054 ], [ %842, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %842, %1088 ], [ %842, %1126 ] %1130 = phi i8 [ %844, %840 ], [ 6, %1087 ], [ -119, %1057 ], [ 41, %1054 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ %844, %1088 ], [ %844, %1126 ] %1131 = phi i32 [ 4, %840 ], [ 4, %1087 ], [ 2, %1057 ], [ %266, %1054 ], [ %266, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 4, %1088 ], [ 4, %1126 ] %1132 = load i32, i32* %263, align 4 %1133 = and i32 %1132, 1 %1134 = icmp eq i32 %1133, 0 br i1 %1134, label %1135, label %1182 %1136 = load i32, i32* %22, align 4 %1137 = load i32, i32* %245, align 4 %1138 = and i32 %1137, 16 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1140, label %1143 %1141 = and i32 %1137, 32 %1142 = icmp eq i32 %1141, 0 br i1 %1142, label %1182, label %1143 %1144 = phi i64 [ 5, %1140 ], [ 4, %1135 ] %1145 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1144 %1146 = load i16, i16* %1145, align 2 %1147 = zext i16 %1146 to i64 %1148 = getelementptr i8, i8* %3, i64 %1147 switch i8 %1130, label %1150 [ i8 6, label %1151 i8 17, label %1151 i8 33, label %1151 i8 50, label %1151 i8 -124, label %1151 i8 -120, label %1151 i8 51, label %1149 ] br label %1151 %1152 = phi i1 [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1149 ], [ false, %1150 ] %1153 = phi i32 [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 4, %1149 ], [ -22, %1150 ] br i1 %305, label %1154, label %1159 %1155 = load i8*, i8** %306, align 8 %1156 = load i32, i32* %307, align 8 %1157 = load i32, i32* %308, align 4 %1158 = sub i32 %1156, %1157 br label %1159 %1160 = phi i8* [ %66, %1151 ], [ %1155, %1154 ] %1161 = phi i32 [ %1136, %1151 ], [ %1158, %1154 ] br i1 %1152, label %1162, label %1179 store i32 0, i32* %21, align 4 %1163 = add i32 %1153, %1129 %1164 = sub i32 %1161, %1163 %1165 = icmp slt i32 %1164, 4 br i1 %1165, label %1166, label %1170, !prof !4, !misexpect !9 br i1 %75, label %1174, label %1167 %1168 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %1163, i8* nonnull %309, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 %1104 = sext i32 %842 to i64 %1105 = getelementptr i8, i8* %66, i64 %1104 %1106 = icmp eq i8* %1105, null br i1 %1106, label %1126, label %1107 %1108 = phi i8* [ %1105, %1103 ], [ %296, %1100 ] %1109 = load i8, i8* %1108, align 4 store i8 %1109, i8* %1096, align 2 %1110 = getelementptr inbounds i8, i8* %1108, i64 1 %1111 = load i8, i8* %1110, align 1 %1112 = getelementptr inbounds i8, i8* %1096, i64 1 store i8 %1111, i8* %1112, align 1 %1113 = load i8, i8* %1108, align 4 switch i8 %1113, label %1123 [ i8 8, label %1114 i8 0, label %1114 i8 13, label %1114 i8 14, label %1114 i8 -128, label %1114 i8 -127, label %1114 ] %1124 = getelementptr inbounds i8, i8* %1096, i64 2 %1125 = bitcast i8* %1124 to i16* store i16 0, i16* %1125, align 2 br label %1126 br label %1127 %1128 = phi i16 [ %841, %840 ], [ %841, %1087 ], [ 18312, %1057 ], [ -8826, %1054 ], [ 8, %1051 ], [ %841, %1047 ], [ %841, %1015 ], [ %989, %988 ], [ %841, %1088 ], [ %841, %1126 ] %1129 = phi i32 [ %842, %840 ], [ %842, %1087 ], [ %842, %1057 ], [ %842, %1054 ], [ %842, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %842, %1088 ], [ %842, %1126 ] %1130 = phi i8 [ %844, %840 ], [ 6, %1087 ], [ -119, %1057 ], [ 41, %1054 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ %844, %1088 ], [ %844, %1126 ] %1131 = phi i32 [ 4, %840 ], [ 4, %1087 ], [ 2, %1057 ], [ %266, %1054 ], [ %266, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 4, %1088 ], [ 4, %1126 ] %1132 = load i32, i32* %263, align 4 %1133 = and i32 %1132, 1 %1134 = icmp eq i32 %1133, 0 br i1 %1134, label %1135, label %1182 %1136 = load i32, i32* %22, align 4 %1137 = load i32, i32* %245, align 4 %1138 = and i32 %1137, 16 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1140, label %1143 %1141 = and i32 %1137, 32 %1142 = icmp eq i32 %1141, 0 br i1 %1142, label %1182, label %1143 %1144 = phi i64 [ 5, %1140 ], [ 4, %1135 ] %1145 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1144 %1146 = load i16, i16* %1145, align 2 %1147 = zext i16 %1146 to i64 %1148 = getelementptr i8, i8* %3, i64 %1147 switch i8 %1130, label %1150 [ i8 6, label %1151 i8 17, label %1151 i8 33, label %1151 i8 50, label %1151 i8 -124, label %1151 i8 -120, label %1151 i8 51, label %1149 ] br label %1151 %1152 = phi i1 [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1149 ], [ false, %1150 ] %1153 = phi i32 [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 4, %1149 ], [ -22, %1150 ] br i1 %305, label %1154, label %1159 %1155 = load i8*, i8** %306, align 8 %1156 = load i32, i32* %307, align 8 %1157 = load i32, i32* %308, align 4 %1158 = sub i32 %1156, %1157 br label %1159 %1160 = phi i8* [ %66, %1151 ], [ %1155, %1154 ] %1161 = phi i32 [ %1136, %1151 ], [ %1158, %1154 ] br i1 %1152, label %1162, label %1179 store i32 0, i32* %21, align 4 %1163 = add i32 %1153, %1129 %1164 = sub i32 %1161, %1163 %1165 = icmp slt i32 %1164, 4 br i1 %1165, label %1166, label %1170, !prof !4, !misexpect !9 br i1 %75, label %1174, label %1167 %1168 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %1163, i8* nonnull %309, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 %1104 = sext i32 %842 to i64 %1105 = getelementptr i8, i8* %66, i64 %1104 %1106 = icmp eq i8* %1105, null br i1 %1106, label %1126, label %1107 %1108 = phi i8* [ %1105, %1103 ], [ %296, %1100 ] %1109 = load i8, i8* %1108, align 4 store i8 %1109, i8* %1096, align 2 %1110 = getelementptr inbounds i8, i8* %1108, i64 1 %1111 = load i8, i8* %1110, align 1 %1112 = getelementptr inbounds i8, i8* %1096, i64 1 store i8 %1111, i8* %1112, align 1 %1113 = load i8, i8* %1108, align 4 switch i8 %1113, label %1123 [ i8 8, label %1114 i8 0, label %1114 i8 13, label %1114 i8 14, label %1114 i8 -128, label %1114 i8 -127, label %1114 ] %1124 = getelementptr inbounds i8, i8* %1096, i64 2 %1125 = bitcast i8* %1124 to i16* store i16 0, i16* %1125, align 2 br label %1126 br label %1127 %1128 = phi i16 [ %841, %840 ], [ %841, %1087 ], [ 18312, %1057 ], [ -8826, %1054 ], [ 8, %1051 ], [ %841, %1047 ], [ %841, %1015 ], [ %989, %988 ], [ %841, %1088 ], [ %841, %1126 ] %1129 = phi i32 [ %842, %840 ], [ %842, %1087 ], [ %842, %1057 ], [ %842, %1054 ], [ %842, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %842, %1088 ], [ %842, %1126 ] %1130 = phi i8 [ %844, %840 ], [ 6, %1087 ], [ -119, %1057 ], [ 41, %1054 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ %844, %1088 ], [ %844, %1126 ] %1131 = phi i32 [ 4, %840 ], [ 4, %1087 ], [ 2, %1057 ], [ %266, %1054 ], [ %266, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 4, %1088 ], [ 4, %1126 ] %1132 = load i32, i32* %263, align 4 %1133 = and i32 %1132, 1 %1134 = icmp eq i32 %1133, 0 br i1 %1134, label %1135, label %1182 %1136 = load i32, i32* %22, align 4 %1137 = load i32, i32* %245, align 4 %1138 = and i32 %1137, 16 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1140, label %1143 %1141 = and i32 %1137, 32 %1142 = icmp eq i32 %1141, 0 br i1 %1142, label %1182, label %1143 %1144 = phi i64 [ 5, %1140 ], [ 4, %1135 ] %1145 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1144 %1146 = load i16, i16* %1145, align 2 %1147 = zext i16 %1146 to i64 %1148 = getelementptr i8, i8* %3, i64 %1147 switch i8 %1130, label %1150 [ i8 6, label %1151 i8 17, label %1151 i8 33, label %1151 i8 50, label %1151 i8 -124, label %1151 i8 -120, label %1151 i8 51, label %1149 ] br label %1151 %1152 = phi i1 [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1149 ], [ false, %1150 ] %1153 = phi i32 [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 4, %1149 ], [ -22, %1150 ] br i1 %305, label %1154, label %1159 %1155 = load i8*, i8** %306, align 8 %1156 = load i32, i32* %307, align 8 %1157 = load i32, i32* %308, align 4 %1158 = sub i32 %1156, %1157 br label %1159 %1160 = phi i8* [ %66, %1151 ], [ %1155, %1154 ] %1161 = phi i32 [ %1136, %1151 ], [ %1158, %1154 ] br i1 %1152, label %1162, label %1179 store i32 0, i32* %21, align 4 %1163 = add i32 %1153, %1129 %1164 = sub i32 %1161, %1163 %1165 = icmp slt i32 %1164, 4 br i1 %1165, label %1166, label %1170, !prof !4, !misexpect !9 br i1 %75, label %1174, label %1167 %1168 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %1163, i8* nonnull %309, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 %1104 = sext i32 %842 to i64 %1105 = getelementptr i8, i8* %66, i64 %1104 %1106 = icmp eq i8* %1105, null br i1 %1106, label %1126, label %1107 %1108 = phi i8* [ %1105, %1103 ], [ %296, %1100 ] %1109 = load i8, i8* %1108, align 4 store i8 %1109, i8* %1096, align 2 %1110 = getelementptr inbounds i8, i8* %1108, i64 1 %1111 = load i8, i8* %1110, align 1 %1112 = getelementptr inbounds i8, i8* %1096, i64 1 store i8 %1111, i8* %1112, align 1 %1113 = load i8, i8* %1108, align 4 switch i8 %1113, label %1123 [ i8 8, label %1114 i8 0, label %1114 i8 13, label %1114 i8 14, label %1114 i8 -128, label %1114 i8 -127, label %1114 ] %1124 = getelementptr inbounds i8, i8* %1096, i64 2 %1125 = bitcast i8* %1124 to i16* store i16 0, i16* %1125, align 2 br label %1126 br label %1127 %1128 = phi i16 [ %841, %840 ], [ %841, %1087 ], [ 18312, %1057 ], [ -8826, %1054 ], [ 8, %1051 ], [ %841, %1047 ], [ %841, %1015 ], [ %989, %988 ], [ %841, %1088 ], [ %841, %1126 ] %1129 = phi i32 [ %842, %840 ], [ %842, %1087 ], [ %842, %1057 ], [ %842, %1054 ], [ %842, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %842, %1088 ], [ %842, %1126 ] %1130 = phi i8 [ %844, %840 ], [ 6, %1087 ], [ -119, %1057 ], [ 41, %1054 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ %844, %1088 ], [ %844, %1126 ] %1131 = phi i32 [ 4, %840 ], [ 4, %1087 ], [ 2, %1057 ], [ %266, %1054 ], [ %266, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 4, %1088 ], [ 4, %1126 ] %1132 = load i32, i32* %263, align 4 %1133 = and i32 %1132, 1 %1134 = icmp eq i32 %1133, 0 br i1 %1134, label %1135, label %1182 %1136 = load i32, i32* %22, align 4 %1137 = load i32, i32* %245, align 4 %1138 = and i32 %1137, 16 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1140, label %1143 %1141 = and i32 %1137, 32 %1142 = icmp eq i32 %1141, 0 br i1 %1142, label %1182, label %1143 %1144 = phi i64 [ 5, %1140 ], [ 4, %1135 ] %1145 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1144 %1146 = load i16, i16* %1145, align 2 %1147 = zext i16 %1146 to i64 %1148 = getelementptr i8, i8* %3, i64 %1147 switch i8 %1130, label %1150 [ i8 6, label %1151 i8 17, label %1151 i8 33, label %1151 i8 50, label %1151 i8 -124, label %1151 i8 -120, label %1151 i8 51, label %1149 ] br label %1151 %1152 = phi i1 [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1149 ], [ false, %1150 ] %1153 = phi i32 [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 4, %1149 ], [ -22, %1150 ] br i1 %305, label %1154, label %1159 %1155 = load i8*, i8** %306, align 8 %1156 = load i32, i32* %307, align 8 %1157 = load i32, i32* %308, align 4 %1158 = sub i32 %1156, %1157 br label %1159 %1160 = phi i8* [ %66, %1151 ], [ %1155, %1154 ] %1161 = phi i32 [ %1136, %1151 ], [ %1158, %1154 ] br i1 %1152, label %1162, label %1179 store i32 0, i32* %21, align 4 %1163 = add i32 %1153, %1129 %1164 = sub i32 %1161, %1163 %1165 = icmp slt i32 %1164, 4 br i1 %1165, label %1166, label %1170, !prof !4, !misexpect !9 br i1 %75, label %1174, label %1167 %1168 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %1163, i8* nonnull %309, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 %1104 = sext i32 %842 to i64 %1105 = getelementptr i8, i8* %66, i64 %1104 %1106 = icmp eq i8* %1105, null br i1 %1106, label %1126, label %1107 %1108 = phi i8* [ %1105, %1103 ], [ %296, %1100 ] %1109 = load i8, i8* %1108, align 4 store i8 %1109, i8* %1096, align 2 %1110 = getelementptr inbounds i8, i8* %1108, i64 1 %1111 = load i8, i8* %1110, align 1 %1112 = getelementptr inbounds i8, i8* %1096, i64 1 store i8 %1111, i8* %1112, align 1 %1113 = load i8, i8* %1108, align 4 switch i8 %1113, label %1123 [ i8 8, label %1114 i8 0, label %1114 i8 13, label %1114 i8 14, label %1114 i8 -128, label %1114 i8 -127, label %1114 ] %1124 = getelementptr inbounds i8, i8* %1096, i64 2 %1125 = bitcast i8* %1124 to i16* store i16 0, i16* %1125, align 2 br label %1126 br label %1127 %1128 = phi i16 [ %841, %840 ], [ %841, %1087 ], [ 18312, %1057 ], [ -8826, %1054 ], [ 8, %1051 ], [ %841, %1047 ], [ %841, %1015 ], [ %989, %988 ], [ %841, %1088 ], [ %841, %1126 ] %1129 = phi i32 [ %842, %840 ], [ %842, %1087 ], [ %842, %1057 ], [ %842, %1054 ], [ %842, %1051 ], [ %1048, %1047 ], [ %1016, %1015 ], [ %990, %988 ], [ %842, %1088 ], [ %842, %1126 ] %1130 = phi i8 [ %844, %840 ], [ 6, %1087 ], [ -119, %1057 ], [ 41, %1054 ], [ 4, %1051 ], [ %1049, %1047 ], [ %1017, %1015 ], [ 47, %988 ], [ %844, %1088 ], [ %844, %1126 ] %1131 = phi i32 [ 4, %840 ], [ 4, %1087 ], [ 2, %1057 ], [ %266, %1054 ], [ %266, %1051 ], [ %1050, %1047 ], [ %1018, %1015 ], [ %991, %988 ], [ 4, %1088 ], [ 4, %1126 ] %1132 = load i32, i32* %263, align 4 %1133 = and i32 %1132, 1 %1134 = icmp eq i32 %1133, 0 br i1 %1134, label %1135, label %1182 %1136 = load i32, i32* %22, align 4 %1137 = load i32, i32* %245, align 4 %1138 = and i32 %1137, 16 %1139 = icmp eq i32 %1138, 0 br i1 %1139, label %1140, label %1143 %1141 = and i32 %1137, 32 %1142 = icmp eq i32 %1141, 0 br i1 %1142, label %1182, label %1143 %1144 = phi i64 [ 5, %1140 ], [ 4, %1135 ] %1145 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 %1144 %1146 = load i16, i16* %1145, align 2 %1147 = zext i16 %1146 to i64 %1148 = getelementptr i8, i8* %3, i64 %1147 switch i8 %1130, label %1150 [ i8 6, label %1151 i8 17, label %1151 i8 33, label %1151 i8 50, label %1151 i8 -124, label %1151 i8 -120, label %1151 i8 51, label %1149 ] br label %1151 %1152 = phi i1 [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1143 ], [ true, %1149 ], [ false, %1150 ] %1153 = phi i32 [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 0, %1143 ], [ 4, %1149 ], [ -22, %1150 ] br i1 %305, label %1154, label %1159 %1155 = load i8*, i8** %306, align 8 %1156 = load i32, i32* %307, align 8 %1157 = load i32, i32* %308, align 4 %1158 = sub i32 %1156, %1157 br label %1159 %1160 = phi i8* [ %66, %1151 ], [ %1155, %1154 ] %1161 = phi i32 [ %1136, %1151 ], [ %1158, %1154 ] br i1 %1152, label %1162, label %1179 store i32 0, i32* %21, align 4 %1163 = add i32 %1153, %1129 %1164 = sub i32 %1161, %1163 %1165 = icmp slt i32 %1164, 4 br i1 %1165, label %1166, label %1170, !prof !4, !misexpect !9 br i1 %75, label %1174, label %1167 %1168 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %1163, i8* nonnull %309, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1059 = load i32, i32* %22, align 4 %1060 = load i32, i32* %245, align 4 %1061 = and i32 %1060, 1048576 %1062 = icmp eq i32 %1061, 0 br i1 %1062, label %1087, label %1063 %1064 = sub i32 %1059, %842 %1065 = icmp slt i32 %1064, 20 br i1 %1065, label %1066, label %1070, !prof !4, !misexpect !9 br i1 %75, label %1087, label %1067 %1068 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %297, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1059 = load i32, i32* %22, align 4 %1060 = load i32, i32* %245, align 4 %1061 = and i32 %1060, 1048576 %1062 = icmp eq i32 %1061, 0 br i1 %1062, label %1087, label %1063 %1064 = sub i32 %1059, %842 %1065 = icmp slt i32 %1064, 20 br i1 %1065, label %1066, label %1070, !prof !4, !misexpect !9 br i1 %75, label %1087, label %1067 %1068 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %297, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1059 = load i32, i32* %22, align 4 %1060 = load i32, i32* %245, align 4 %1061 = and i32 %1060, 1048576 %1062 = icmp eq i32 %1061, 0 br i1 %1062, label %1087, label %1063 %1064 = sub i32 %1059, %842 %1065 = icmp slt i32 %1064, 20 br i1 %1065, label %1066, label %1070, !prof !4, !misexpect !9 br i1 %75, label %1087, label %1067 %1068 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %297, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1059 = load i32, i32* %22, align 4 %1060 = load i32, i32* %245, align 4 %1061 = and i32 %1060, 1048576 %1062 = icmp eq i32 %1061, 0 br i1 %1062, label %1087, label %1063 %1064 = sub i32 %1059, %842 %1065 = icmp slt i32 %1064, 20 br i1 %1065, label %1066, label %1070, !prof !4, !misexpect !9 br i1 %75, label %1087, label %1067 %1068 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %297, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1059 = load i32, i32* %22, align 4 %1060 = load i32, i32* %245, align 4 %1061 = and i32 %1060, 1048576 %1062 = icmp eq i32 %1061, 0 br i1 %1062, label %1087, label %1063 %1064 = sub i32 %1059, %842 %1065 = icmp slt i32 %1064, 20 br i1 %1065, label %1066, label %1070, !prof !4, !misexpect !9 br i1 %75, label %1087, label %1067 %1068 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %297, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1059 = load i32, i32* %22, align 4 %1060 = load i32, i32* %245, align 4 %1061 = and i32 %1060, 1048576 %1062 = icmp eq i32 %1061, 0 br i1 %1062, label %1087, label %1063 %1064 = sub i32 %1059, %842 %1065 = icmp slt i32 %1064, 20 br i1 %1065, label %1066, label %1070, !prof !4, !misexpect !9 br i1 %75, label %1087, label %1067 %1068 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %297, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1059 = load i32, i32* %22, align 4 %1060 = load i32, i32* %245, align 4 %1061 = and i32 %1060, 1048576 %1062 = icmp eq i32 %1061, 0 br i1 %1062, label %1087, label %1063 %1064 = sub i32 %1059, %842 %1065 = icmp slt i32 %1064, 20 br i1 %1065, label %1066, label %1070, !prof !4, !misexpect !9 br i1 %75, label %1087, label %1067 %1068 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %297, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1059 = load i32, i32* %22, align 4 %1060 = load i32, i32* %245, align 4 %1061 = and i32 %1060, 1048576 %1062 = icmp eq i32 %1061, 0 br i1 %1062, label %1087, label %1063 %1064 = sub i32 %1059, %842 %1065 = icmp slt i32 %1064, 20 br i1 %1065, label %1066, label %1070, !prof !4, !misexpect !9 br i1 %75, label %1087, label %1067 %1068 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %297, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1059 = load i32, i32* %22, align 4 %1060 = load i32, i32* %245, align 4 %1061 = and i32 %1060, 1048576 %1062 = icmp eq i32 %1061, 0 br i1 %1062, label %1087, label %1063 %1064 = sub i32 %1059, %842 %1065 = icmp slt i32 %1064, 20 br i1 %1065, label %1066, label %1070, !prof !4, !misexpect !9 br i1 %75, label %1087, label %1067 %1068 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %297, i32 20) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i64 0, i64* %32, align 8 %1020 = icmp eq i16 %841, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %842 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !9 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %299, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i64 0, i64* %32, align 8 %1020 = icmp eq i16 %841, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %842 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !9 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %299, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i64 0, i64* %32, align 8 %1020 = icmp eq i16 %841, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %842 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !9 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %299, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i64 0, i64* %32, align 8 %1020 = icmp eq i16 %841, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %842 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !9 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %299, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i64 0, i64* %32, align 8 %1020 = icmp eq i16 %841, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %842 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !9 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %299, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i64 0, i64* %32, align 8 %1020 = icmp eq i16 %841, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %842 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !9 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %299, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i64 0, i64* %32, align 8 %1020 = icmp eq i16 %841, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %842 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !9 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %299, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i64 0, i64* %32, align 8 %1020 = icmp eq i16 %841, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %842 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !9 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %299, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i64 0, i64* %32, align 8 %1020 = icmp eq i16 %841, -8826 br i1 %1020, label %1021, label %1047 %1022 = load i32, i32* %22, align 4 %1023 = sub i32 %1022, %842 %1024 = icmp slt i32 %1023, 8 br i1 %1024, label %1025, label %1029, !prof !4, !misexpect !9 br i1 %75, label %1047, label %1026 %1027 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %299, i32 8) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i16 0, i16* %31, align 2 %993 = icmp eq i16 %841, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %842 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !9 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %33, i32 2) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i16 0, i16* %31, align 2 %993 = icmp eq i16 %841, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %842 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !9 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %33, i32 2) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i16 0, i16* %31, align 2 %993 = icmp eq i16 %841, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %842 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !9 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %33, i32 2) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i16 0, i16* %31, align 2 %993 = icmp eq i16 %841, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %842 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !9 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %33, i32 2) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i16 0, i16* %31, align 2 %993 = icmp eq i16 %841, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %842 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !9 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %33, i32 2) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i16 0, i16* %31, align 2 %993 = icmp eq i16 %841, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %842 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !9 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %33, i32 2) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i16 0, i16* %31, align 2 %993 = icmp eq i16 %841, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %842 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !9 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %33, i32 2) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i16 0, i16* %31, align 2 %993 = icmp eq i16 %841, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %842 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !9 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %33, i32 2) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i16 0, i16* %31, align 2 %993 = icmp eq i16 %841, -8826 br i1 %993, label %994, label %1015 %995 = load i32, i32* %22, align 4 %996 = sub i32 %995, %842 %997 = icmp slt i32 %996, 2 br i1 %997, label %998, label %1002, !prof !4, !misexpect !9 br i1 %75, label %1015, label %999 %1000 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %33, i32 2) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %842 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !9 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %931, i8* nonnull %304, i32 14) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %842 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !9 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %931, i8* nonnull %304, i32 14) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %842 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !9 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %931, i8* nonnull %304, i32 14) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %842 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !9 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %931, i8* nonnull %304, i32 14) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %842 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !9 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %931, i8* nonnull %304, i32 14) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %842 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !9 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %931, i8* nonnull %304, i32 14) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %842 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !9 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %931, i8* nonnull %304, i32 14) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %842 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !9 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %931, i8* nonnull %304, i32 14) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 %928 = phi i32 [ %891, %887 ], [ %926, %921 ] %929 = icmp eq i16 %870, 22629 br i1 %929, label %930, label %982 %931 = add i32 %928, %842 %932 = load i32, i32* %22, align 4 %933 = sub i32 %932, %931 %934 = icmp slt i32 %933, 14 br i1 %934, label %935, label %939, !prof !4, !misexpect !9 br i1 %75, label %943, label %936 %937 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %931, i8* nonnull %304, i32 14) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 store i32 0, i32* %18, align 4 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %842 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !9 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %954, i8* nonnull %303, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 store i32 0, i32* %18, align 4 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %842 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !9 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %954, i8* nonnull %303, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 store i32 0, i32* %18, align 4 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %842 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !9 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %954, i8* nonnull %303, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 store i32 0, i32* %18, align 4 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %842 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !9 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %954, i8* nonnull %303, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 store i32 0, i32* %18, align 4 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %842 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !9 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %954, i8* nonnull %303, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 store i32 0, i32* %18, align 4 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %842 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !9 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %954, i8* nonnull %303, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 store i32 0, i32* %18, align 4 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %842 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !9 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %954, i8* nonnull %303, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 store i32 0, i32* %18, align 4 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %842 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !9 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %954, i8* nonnull %303, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 %854 = sext i32 %842 to i64 %855 = getelementptr i8, i8* %66, i64 %854 %856 = icmp eq i8* %855, null br i1 %856, label %988, label %857 %858 = phi i8* [ %855, %853 ], [ %300, %850 ] %859 = bitcast i8* %858 to i16* %860 = load i16, i16* %859, align 1 %861 = and i16 %860, 64 %862 = icmp eq i16 %861, 0 br i1 %862, label %863, label %988 %864 = and i16 %860, 1792 %866 = icmp ugt i16 %865, 1 br i1 %866, label %988, label %867 %868 = getelementptr inbounds i8, i8* %858, i64 2 %869 = bitcast i8* %868 to i16* %870 = load i16, i16* %869, align 1 %871 = icmp eq i16 %864, 0 br i1 %871, label %881, label %872 %882 = and i16 %860, 32 %883 = trunc i16 %860 to i8 %884 = icmp sgt i8 %883, -1 %885 = select i1 %884, i32 4, i32 8 %886 = icmp eq i16 %882, 0 br i1 %886, label %887, label %892 %893 = phi i32 [ %880, %877 ], [ %885, %881 ] store i32 0, i32* %16, align 4 %894 = add i32 %893, %842 %895 = load i32, i32* %22, align 4 %896 = sub i32 %895, %894 %897 = icmp slt i32 %896, 4 br i1 %897, label %898, label %902, !prof !4, !misexpect !9 %903 = sext i32 %894 to i64 %904 = getelementptr i8, i8* %66, i64 %903 %905 = bitcast i8* %904 to i32* %906 = icmp eq i8* %904, null br i1 %906, label %920, label %907 %908 = phi i32* [ %905, %902 ], [ %16, %899 ] %909 = load i32, i32* %245, align 4 %910 = and i32 %909, 4096 %911 = icmp eq i32 %910, 0 br i1 %911, label %921, label %912 %913 = load i16, i16* %302, align 2 %914 = zext i16 %913 to i64 %915 = getelementptr i8, i8* %3, i64 %914 %916 = load i32, i32* %908, align 4 %917 = and i32 %916, -65536 %918 = select i1 %871, i32 %916, i32 %917 %919 = bitcast i8* %915 to i32* store i32 %918, i32* %919, align 4 br label %921 %922 = load i16, i16* %859, align 1 %923 = and i16 %922, 16 %924 = icmp eq i16 %923, 0 %925 = select i1 %924, i32 4, i32 8 %926 = add nuw nsw i32 %925, %893 br i1 %871, label %927, label %950 store i32 0, i32* %18, align 4 %951 = icmp sgt i16 %922, -1 %952 = add nuw nsw i32 %926, 4 %953 = select i1 %951, i32 %926, i32 %952 %954 = add i32 %953, %842 %955 = load i32, i32* %22, align 4 %956 = sub i32 %955, %954 %957 = icmp slt i32 %956, 4 br i1 %957, label %958, label %962, !prof !4, !misexpect !9 br i1 %75, label %978, label %959 %960 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %954, i8* nonnull %303, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %300, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %300, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %300, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %300, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %300, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %300, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %300, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %300, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] store i32 0, i32* %15, align 4 %846 = load i32, i32* %22, align 4 %847 = sub i32 %846, %842 %848 = icmp slt i32 %847, 4 br i1 %848, label %849, label %853, !prof !4, !misexpect !9 br i1 %75, label %988, label %850 %851 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %300, i32 4) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 tcp_recvmsg 8 inet6_recvmsg 9 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %806 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %34, i32 34) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 ___skb_get_hash 2 __skb_get_hash 3 get_rps_cpu 4 netif_receive_skb_list_internal 5 busy_poll_stop 6 napi_busy_loop 7 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 Function:get_rps_cpu %4 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 72 %5 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %6 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 10 %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 0 br i1 %8, label %25, label %9 %26 = phi %struct.netdev_rx_queue.763090* [ %24, %22 ], [ %5, %3 ] %27 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 2 %28 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %27, align 8 %29 = getelementptr inbounds %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %26, i64 0, i32 1 %30 = load volatile %struct.rps_map*, %struct.rps_map** %29, align 64 %31 = icmp ne %struct.rps_dev_flow_table* %28, null %32 = icmp ne %struct.rps_map* %30, null %33 = or i1 %31, %32 br i1 %33, label %34, label %193 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 41 %36 = bitcast i8** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 40 %39 = bitcast i8** %38 to i64* %40 = load i64, i64* %39, align 8 %41 = sub i64 %37, %40 %42 = trunc i64 %41 to i16 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 35 store i16 %42, i16* %43, align 4 %44 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 16 %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 768 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %49 %50 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 23 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %193, label %53 %54 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %55 = icmp ne %struct.rps_sock_flow_table* %54, null %56 = and i1 %31, %55 br i1 %56, label %57, label %177 %58 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 0 %59 = load i32, i32* %58, align 64 %60 = and i32 %59, %51 %61 = zext i32 %60 to i64 %62 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %54, i64 0, i32 2, i64 %61 %63 = load i32, i32* %62, align 4 %64 = xor i32 %63, %51 %65 = load i32, i32* @rps_cpu_mask, align 4 %66 = xor i32 %65, -1 %67 = and i32 %64, %66 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %177 %70 = and i32 %65, %63 %71 = getelementptr inbounds %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 0 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, %51 %74 = zext i32 %73 to i64 %75 = getelementptr %struct.rps_dev_flow_table, %struct.rps_dev_flow_table* %28, i64 0, i32 2, i64 %74 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 0 %77 = load i16, i16* %76, align 4 %78 = zext i16 %77 to i32 %79 = icmp eq i32 %70, %78 br i1 %79, label %166, label %80, !prof !4, !misexpect !5 %81 = load i32, i32* @nr_cpu_ids, align 4 %82 = icmp ugt i32 %81, %78 br i1 %82, label %83, label %99 %84 = zext i16 %77 to i64 %85 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %84) #6, !srcloc !8 %86 = and i8 %85, 1 %87 = icmp eq i8 %86, 0 br i1 %87, label %99, label %88 %100 = trunc i32 %70 to i16 %101 = and i32 %70, 65535 %102 = load i32, i32* @nr_cpu_ids, align 4 %103 = icmp ugt i32 %102, %101 br i1 %103, label %104, label %163 %105 = load i16, i16* %6, align 4 %106 = icmp eq i16 %105, 0 br i1 %106, label %153, label %107 %108 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 84 %109 = load %struct.cpu_rmap*, %struct.cpu_rmap** %108, align 32 %110 = icmp eq %struct.cpu_rmap* %109, null br i1 %110, label %153, label %111 %112 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %0, i64 0, i32 23 %113 = load i64, i64* %112, align 32 %114 = and i64 %113, 274877906944 %115 = icmp eq i64 %114, 0 br i1 %115, label %153, label %116 %117 = zext i32 %101 to i64 %118 = getelementptr %struct.cpu_rmap, %struct.cpu_rmap* %109, i64 0, i32 4, i64 %117, i32 0 %119 = load i16, i16* %118, align 4 %120 = add i16 %105, -1 %121 = icmp eq i16 %119, %120 br i1 %121, label %153, label %122 %123 = load %struct.netdev_rx_queue.763090*, %struct.netdev_rx_queue.763090** %4, align 16 %124 = zext i16 %119 to i64 %125 = getelementptr %struct.netdev_rx_queue.763090, %struct.netdev_rx_queue.763090* %123, i64 %124, i32 2 %126 = load volatile %struct.rps_dev_flow_table*, %struct.rps_dev_flow_table** %125, align 8 %127 = icmp eq %struct.rps_dev_flow_table* %126, null br i1 %127, label %153, label %128 %129 = load i16, i16* %44, align 8 %130 = and i16 %129, 768 %131 = icmp eq i16 %130, 0 br i1 %131, label %132, label %133 tail call void bitcast (void (%struct.sk_buff.761490*)* @__skb_get_hash to void (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %1) #78 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:jmp ${2:l}\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %11 = call fastcc i32 @___skb_get_hash(%struct.sk_buff.761490* %0, %struct.flow_keys* nonnull %3, %struct.siphash_key_t* nonnull @hashrnd) #79 Function:___skb_get_hash %4 = bitcast %struct.flow_keys* %1 to i8* %5 = tail call zeroext i1 @__skb_flow_dissect(%struct.net.761588* null, %struct.sk_buff.761490* %0, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* %4, i8* null, i16 zeroext 0, i32 0, i32 0, i32 2) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %806 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %34, i32 34) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ipip6_tunnel_bind_dev 6 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %806 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %34, i32 34) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %806 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %34, i32 34) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 ip_route_output_key_hash_rcu 4 ip_route_output_flow 5 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %806 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %34, i32 34) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_rt_update_pmtu 4 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %806 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %34, i32 34) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 fib_multipath_hash 2 fib_select_path 3 __ip_do_redirect 4 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %806 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %34, i32 34) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 rt6_multipath_hash 2 fib6_select_path 3 ip6_pol_route 4 ip6_pol_route_input 5 fib6_rule_lookup 6 ip6_route_output_flags_noref 7 ip6_route_output_flags 8 icmp6_send 9 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 %173 = icmp sgt i32 %172, -1 %174 = load i8, i8* %10, align 1 %175 = icmp eq i8 %174, 58 %176 = and i1 %173, %175 br i1 %176, label %177, label %199 br label %203 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %204 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %205 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %204, i64 0, i32 14 %206 = load i32, i32* %205, align 64 %207 = and i32 %206, 8 %208 = icmp eq i32 %207, 0 br i1 %208, label %209, label %217 %210 = zext i8 %1 to i64 %211 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 22, i64 0 %212 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %211, i64 %210) #6, !srcloc !10 %213 = and i8 %212, 1 %214 = icmp eq i8 %213, 0 br i1 %214, label %217, label %215 %218 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 18 %219 = load %struct.sock.762871**, %struct.sock.762871*** %218, align 8 %220 = call i64 asm sideeffect "movq %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.762871** %219) #6, !srcloc !11 %221 = inttoptr i64 %220 to %struct.sock.762871* %222 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 1, i32 0, i32 0, i32 0 %223 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %222) #78 %224 = icmp eq i32 %223, 0 %225 = icmp eq i64 %220, 0 %226 = or i1 %225, %224 br i1 %226, label %489, label %227 %228 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 0, i32 5 store i8 58, i8* %228, align 2 %229 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %16, i64 0, i32 1 %230 = bitcast %struct.in6_addr* %229 to i8* %231 = icmp eq %struct.in6_addr* %4, null %232 = select i1 %231, %struct.in6_addr* %110, %struct.in6_addr* %4 %233 = icmp eq %struct.in6_addr* %232, null br i1 %233, label %238, label %234 %239 = getelementptr inbounds %struct.sock.762871, %struct.sock.762871* %221, i64 0, i32 0, i32 9, i32 0 %240 = load %struct.net.762977*, %struct.net.762977** %239, align 8 %241 = call %struct.dst_entry.762864* bitcast (%struct.dst_entry.902548* (%struct.net.902772*, %struct.sock.902701*, %struct.flowi6*, i32)* @ip6_route_output_flags to %struct.dst_entry.762864* (%struct.net.762977*, %struct.sock.762871*, %struct.flowi6*, i32)*)(%struct.net.762977* %240, %struct.sock.762871* nonnull %221, %struct.flowi6* nonnull %16, i32 0) #78 Function:ip6_route_output_flags tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call %struct.dst_entry.902548* @ip6_route_output_flags_noref(%struct.net.902772* %0, %struct.sock.902701* %1, %struct.flowi6* %2, i32 %3) #78 Function:ip6_route_output_flags_noref %5 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 1 %6 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %7 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 store i32 1, i32* %7, align 4 %8 = or i32 %3, 128 %9 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2 %10 = bitcast %struct.in6_addr* %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr %struct.flowi6, %struct.flowi6* %2, i64 0, i32 2, i32 0, i32 0, i64 2 %13 = bitcast i32* %12 to i64* %14 = load i64, i64* %13, align 8 %15 = or i64 %14, %11 %16 = icmp eq i64 %15, 0 %17 = icmp eq %struct.sock.902701* %1, null br i1 %17, label %22, label %18 %19 = getelementptr inbounds %struct.sock.902701, %struct.sock.902701* %1, i64 0, i32 0, i32 6 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %32 %23 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %5) #78 %24 = and i32 %23, 50 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 0 %30 = xor i1 %16, true %31 = or i1 %29, %30 br i1 %31, label %34, label %32 %35 = phi i32 [ %33, %32 ], [ %8, %26 ] br i1 %16, label %38, label %36 br i1 %17, label %58, label %39 %59 = phi i32 [ %57, %50 ], [ %35, %38 ], [ %37, %36 ] %60 = tail call %struct.dst_entry.902548* bitcast (%struct.dst_entry.836531* (%struct.net.836644*, %struct.flowi6*, %struct.sk_buff.836958*, i32, %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)* @fib6_rule_lookup to %struct.dst_entry.902548* (%struct.net.902772*, %struct.flowi6*, %struct.sk_buff.902664*, i32, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)*)*)(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* null, i32 %59, %struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* nonnull @ip6_pol_route_output) #78 Function:fib6_rule_lookup %6 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 35, i32 11 %7 = load %struct.fib6_table.836551*, %struct.fib6_table.836551** %6, align 32 %8 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_output to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %8, label %9, label %11, !prof !4, !misexpect !5 %12 = icmp eq %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)* %4, bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*) br i1 %12, label %13, label %15, !prof !4, !misexpect !5 %14 = tail call %struct.rt6_info.836572* bitcast (%struct.rt6_info.902561* (%struct.net.902772*, %struct.fib6_table.902522*, %struct.flowi6*, %struct.sk_buff.902664*, i32)* @ip6_pol_route_input to %struct.rt6_info.836572* (%struct.net.836644*, %struct.fib6_table.836551*, %struct.flowi6*, %struct.sk_buff.836958*, i32)*)(%struct.net.836644* %0, %struct.fib6_table.836551* %7, %struct.flowi6* %1, %struct.sk_buff.836958* %2, i32 %3) #78 Function:ip6_pol_route_input %6 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = tail call %struct.rt6_info.902561* @ip6_pol_route(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %7, %struct.flowi6* %2, %struct.sk_buff.902664* %3, i32 %4) #78 Function:ip6_pol_route %7 = alloca %struct.anon.273, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.fib6_result.903079, align 8 %10 = bitcast %struct.fib6_result.903079* %9 to i8* %11 = trunc i32 %5 to i8 %12 = icmp sgt i8 %11, -1 %13 = and i32 %5, 65 %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 2 %15 = load %struct.ipv6_devconf*, %struct.ipv6_devconf** %14, align 8 %16 = getelementptr inbounds %struct.ipv6_devconf, %struct.ipv6_devconf* %15, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 0 %19 = or i32 %13, 2 %20 = select i1 %18, i32 %19, i32 %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %21 = call i32 @fib6_table_lookup(%struct.net.902772* %0, %struct.fib6_table.902522* %1, i32 %2, %struct.flowi6* %3, %struct.fib6_result.903079* nonnull %9, i32 %20) #78 %22 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %9, i64 0, i32 1 %23 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %22, align 8 %24 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 6 %25 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %24, align 8 %26 = icmp eq %struct.fib6_info.902564* %23, %25 br i1 %26, label %315, label %27 call void @fib6_select_path(%struct.net.902772* %0, %struct.fib6_result.903079* nonnull %9, %struct.flowi6* %3, i32 %2, i1 zeroext false, %struct.sk_buff.902664* %4, i32 %20) #78 Function:fib6_select_path %8 = getelementptr inbounds %struct.fib6_result.903079, %struct.fib6_result.903079* %1, i64 0, i32 1 %9 = load %struct.fib6_info.902564*, %struct.fib6_info.902564** %8, align 8 %10 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 20 %11 = load %struct.nexthop.902560*, %struct.nexthop.902560** %10, align 8 %12 = icmp eq %struct.nexthop.902560* %11, null br i1 %12, label %13, label %18 %14 = getelementptr inbounds %struct.fib6_info.902564, %struct.fib6_info.902564* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %4 br i1 %17, label %124, label %27 %28 = getelementptr inbounds %struct.flowi6, %struct.flowi6* %2, i64 0, i32 5 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %42, label %93 %43 = phi i32* [ %24, %35 ], [ %28, %27 ] %44 = tail call i32 @rt6_multipath_hash(%struct.net.902772* %0, %struct.flowi6* %2, %struct.sk_buff.902664* %5, %struct.flow_keys* null) #78 Function:rt6_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = bitcast %struct.flow_keys* %10 to i8* %14 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 14 %15 = load i8, i8* %14, align 4 switch i8 %15, label %401 [ i8 0, label %16 i8 1, label %38 i8 2, label %102 i8 3, label %159 ] %160 = icmp eq %struct.sk_buff.902664* %2, null %161 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %0, i64 0, i32 35, i32 1, i32 13 %162 = load i32, i32* %161, align 8 br i1 %160, label %340, label %163 %164 = bitcast %struct.flow_keys* %7 to i8* %165 = bitcast %struct.flow_keys* %8 to i8* %166 = zext i32 %162 to i64 %167 = and i64 %166, 63 %168 = icmp eq i64 %167, 0 br i1 %168, label %229, label %169 %170 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %164, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 %171 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 0, i32 1 store i16 3, i16* %171, align 2 %172 = and i64 %166, 1 %173 = icmp eq i64 %172, 0 br i1 %173, label %179, label %174 %175 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 0 %176 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 0 %177 = bitcast %struct.in6_addr* %175 to i8* %178 = bitcast %struct.in6_addr* %176 to i8* br label %179 %180 = and i64 %166, 2 %181 = icmp eq i64 %180, 0 br i1 %181, label %187, label %182 %183 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 8, i32 0, i32 0, i32 1 %184 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 8, i32 0, i32 0, i32 1 %185 = bitcast %struct.in6_addr* %183 to i8* %186 = bitcast %struct.in6_addr* %184 to i8* br label %187 %188 = and i64 %166, 4 %189 = icmp eq i64 %188, 0 br i1 %189, label %194, label %190 %191 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 1, i32 1 %192 = load i8, i8* %191, align 2 %193 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 1, i32 1 store i8 %192, i8* %193, align 2 br label %194 %195 = and i64 %166, 8 %196 = icmp eq i64 %195, 0 br i1 %196, label %201, label %197 %198 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 2, i32 0 %199 = load i32, i32* %198, align 4 %200 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 2, i32 0 store i32 %199, i32* %200, align 4 br label %201 %202 = and i64 %166, 16 %203 = icmp eq i64 %202, 0 br i1 %203, label %210, label %204 %205 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %206 = bitcast %struct.kuid_t* %205 to i16* %207 = load i16, i16* %206, align 4 %208 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %209 = bitcast %struct.kuid_t* %208 to i16* store i16 %207, i16* %209, align 4 br label %210 %211 = and i64 %166, 32 %212 = icmp eq i64 %211, 0 br i1 %212, label %221, label %213 %214 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 6, i32 0 %215 = bitcast %struct.kuid_t* %214 to %struct.raw_hdlc_proto* %216 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %215, i64 0, i32 1 %217 = load i16, i16* %216, align 2 %218 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %8, i64 0, i32 6, i32 0 %219 = bitcast %struct.kuid_t* %218 to %struct.raw_hdlc_proto* %220 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %219, i64 0, i32 1 store i16 %217, i16* %220, align 2 br label %221 %222 = getelementptr inbounds %struct.flow_keys, %struct.flow_keys* %7, i64 0, i32 0, i32 2 %223 = load i32, i32* %222, align 4 %224 = call i32 @flow_hash_from_keys(%struct.flow_keys* nonnull %8) #79 %225 = and i32 %223, 4 %226 = icmp eq i32 %225, 0 %227 = add i32 %224, -559038729 %228 = load i32, i32* %161, align 8 br label %229 %230 = phi i32 [ %162, %163 ], [ %228, %221 ] %231 = phi i1 [ false, %163 ], [ %226, %221 ] %232 = phi i32 [ -559038729, %163 ], [ %227, %221 ] %233 = bitcast %struct.flow_keys* %5 to i8* %234 = bitcast %struct.flow_keys* %6 to i8* br i1 %231, label %317, label %235 %236 = zext i32 %230 to i64 %237 = and i64 %236, 4032 %238 = icmp eq i64 %237, 0 br i1 %238, label %317, label %239 %240 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.902772*, %struct.sk_buff.902664*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.902772* null, %struct.sk_buff.902664* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %233, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %806 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %34, i32 34) #79 ------------- Use: =BAD PATH= Call Stack: 0 __skb_flow_dissect 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 %107 = icmp eq i8* %106, null br i1 %107, label %120, label %108 %121 = bitcast %struct.flow_keys_basic* %4 to i8* %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 34 %123 = load i16, i16* %122, align 2 %124 = icmp eq i16 %123, -1 br i1 %124, label %125, label %139 %126 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net*, %struct.sk_buff*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net* null, %struct.sk_buff* %0, %struct.flow_dissector* nonnull @flow_keys_basic_dissector, i8* nonnull %121, i8* null, i16 zeroext 0, i32 0, i32 0, i32 0) #78 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %806 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %312, i8* nonnull %34, i32 34) #79 ------------- Use: =BAD PATH= Call Stack: 0 ipv6_skip_exthdr 1 icmp6_send 2 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 Function:ipv6_skip_exthdr %5 = alloca i16, align 2 %6 = alloca i16, align 2 %7 = bitcast i16* %5 to i8* %8 = load i8, i8* %2, align 1 store i16 0, i16* %3, align 2 %9 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 7 %11 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 41 %12 = icmp eq %struct.sk_buff.273360* %0, null %13 = bitcast i16* %6 to i8* br label %14 %15 = phi i32 [ %1, %4 ], [ %76, %73 ] %16 = phi i8 [ %8, %4 ], [ %75, %73 ] switch i8 %16, label %77 [ i8 0, label %17 i8 43, label %17 i8 44, label %17 i8 51, label %17 i8 59, label %17 i8 60, label %17 ] store i16 0, i16* %5, align 2 %18 = icmp eq i8 %16, 59 br i1 %18, label %72, label %19 %20 = load i32, i32* %9, align 8 %21 = load i32, i32* %10, align 4 %22 = sub i32 %20, %15 %23 = sub i32 %22, %21 %24 = icmp slt i32 %23, 2 br i1 %24, label %25, label %29, !prof !4, !misexpect !5 br i1 %12, label %72, label %26 %27 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.273360*, i32, i8*, i32)*)(%struct.sk_buff.273360* nonnull %0, i32 %15, i8* nonnull %7, i32 2) #78 %28 = icmp sgt i32 %27, -1 br i1 %28, label %34, label %72 %35 = phi i8* [ %32, %29 ], [ %7, %26 ] %36 = icmp eq i8 %16, 44 br i1 %36, label %37, label %61 store i16 0, i16* %6, align 2 %38 = add i32 %15, 2 %39 = load i32, i32* %9, align 8 %40 = load i32, i32* %10, align 4 %41 = sub i32 %39, %38 %42 = sub i32 %41, %40 %43 = icmp slt i32 %42, 2 br i1 %43, label %44, label %48, !prof !4, !misexpect !5 br i1 %12, label %53, label %45 %46 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.273360*, i32, i8*, i32)*)(%struct.sk_buff.273360* nonnull %0, i32 %38, i8* nonnull %13, i32 2) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv6_skip_exthdr 1 icmp6_send 2 ip6_link_failure ------------- Path:  Function:ip6_link_failure %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %0, i64 0, i32 3, i64 0 %4 = bitcast i8* %3 to %struct.inet6_skb_parm* tail call void bitcast (void (%struct.sk_buff.763154*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)* @icmp6_send to void (%struct.sk_buff.902664*, i8, i8, i32, %struct.in6_addr*, %struct.inet6_skb_parm*)*)(%struct.sk_buff.902664* %0, i8 zeroext 1, i8 zeroext 3, i32 0, %struct.in6_addr* null, %struct.inet6_skb_parm* %4) #78 Function:icmp6_send %7 = alloca %struct.dst_entry.762864*, align 8 %8 = alloca %struct.dst_entry.762864*, align 8 %9 = alloca %struct.flowi6, align 8 %10 = alloca i8, align 1 %11 = alloca i16, align 2 %12 = alloca i8, align 1 %13 = alloca i8, align 1 %14 = alloca i64, align 8 %15 = bitcast i64* %14 to %struct.icmp6hdr* %16 = alloca %struct.flowi6, align 8 %17 = alloca %struct.icmpv6_msg, align 8 %18 = alloca %struct.ipcm6_cookie, align 8 %19 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %20 = load i8*, i8** %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = bitcast i64* %14 to i8* store i64 0, i64* %14, align 8 %26 = bitcast %struct.flowi6* %16 to i8* %27 = bitcast %struct.icmpv6_msg* %17 to i8* %28 = bitcast %struct.ipcm6_cookie* %18 to i8* %29 = icmp ult i8* %24, %20 br i1 %29, label %490, label %30 %31 = getelementptr i8, i8* %24, i64 40 %32 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 38 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = getelementptr i8, i8* %20, i64 %34 %36 = icmp ugt i8* %31, %35 br i1 %36, label %490, label %37 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = icmp eq %struct.net_device.763141* %39, null br i1 %40, label %490, label %41 %42 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %39, i64 0, i32 109, i32 0 %43 = load %struct.net.762977*, %struct.net.762977** %42, align 8 %44 = getelementptr inbounds %struct.net.762977, %struct.net.762977* %43, i64 0, i32 35, i32 1, i32 26 %45 = load i8, i8* %44, align 2 %46 = icmp eq i8 %45, 0 br i1 %46, label %50, label %47 %51 = phi i32 [ %49, %47 ], [ 0, %41 ] %52 = getelementptr inbounds i8, i8* %24, i64 24 %53 = bitcast i8* %52 to %struct.in6_addr* %54 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %53) #78 %55 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %56 = tail call i32 bitcast (i32 (%struct.net.901513*, %struct.in6_addr*, %struct.net_device.901397*, i32)* @ipv6_chk_addr to i32 (%struct.net.762977*, %struct.in6_addr*, %struct.net_device.763141*, i32)*)(%struct.net.762977* %43, %struct.in6_addr* %53, %struct.net_device.763141* %55, i32 0) #78 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %61 br label %62 %63 = phi %struct.in6_addr* [ %53, %61 ], [ null, %58 ] %64 = and i32 %54, 2 %65 = icmp eq i32 %64, 0 br i1 %65, label %66, label %71 %67 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 16 %68 = load i16, i16* %67, align 8 %69 = and i16 %68, 7 %70 = icmp eq i16 %69, 0 br i1 %70, label %109, label %71 switch i8 %1, label %490 [ i8 2, label %109 i8 4, label %72 ] %73 = icmp eq i8 %2, 2 br i1 %73, label %74, label %490 store i8 0, i8* %13, align 1 %75 = load i8*, i8** %19, align 8 %76 = load i16, i16* %21, align 4 %77 = zext i16 %76 to i64 %78 = getelementptr i8, i8* %75, i64 %77 %79 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %80 = bitcast i8** %79 to i64* %81 = load i64, i64* %80, align 8 %82 = ptrtoint i8* %78 to i64 %83 = sub i64 %82, %81 %84 = trunc i64 %83 to i32 %85 = add i32 %84, %3 %86 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93, !prof !4, !misexpect !5 %99 = inttoptr i64 %81 to i8* %100 = sext i32 %85 to i64 %101 = getelementptr i8, i8* %99, i64 %100 %102 = icmp eq i8* %101, null br i1 %102, label %103, label %104 br label %109 %110 = phi %struct.in6_addr* [ %63, %66 ], [ null, %71 ], [ null, %104 ], [ null, %103 ] %111 = getelementptr inbounds i8, i8* %24, i64 8 %112 = bitcast i8* %111 to %struct.in6_addr* %113 = call i32 @__ipv6_addr_type(%struct.in6_addr* %112) #78 %114 = and i32 %113, 65535 %115 = and i32 %113, 32 %116 = icmp eq i32 %115, 0 br i1 %116, label %117, label %123 %118 = and i32 %113, 2 %119 = icmp ne i32 %118, 0 %120 = and i32 %113, 48 %121 = icmp ne i32 %120, 0 %122 = and i1 %119, %121 br i1 %122, label %123, label %146 %147 = phi i32 [ %126, %128 ], [ %145, %138 ], [ %126, %133 ], [ 0, %117 ] %148 = icmp ne i32 %114, 0 %149 = and i32 %113, 2 %150 = icmp eq i32 %149, 0 %151 = and i1 %148, %150 br i1 %151, label %152, label %490 %153 = load i8*, i8** %19, align 8 %154 = load i16, i16* %21, align 4 %155 = zext i16 %154 to i64 %156 = getelementptr i8, i8* %153, i64 %155 %157 = getelementptr i8, i8* %156, i64 40 %158 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %159 = bitcast i8** %158 to i64* %160 = load i64, i64* %159, align 8 %161 = ptrtoint i8* %157 to i64 %162 = sub i64 %161, %160 %163 = trunc i64 %162 to i32 %164 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %165 = load i32, i32* %164, align 8 %166 = sub i32 %165, %163 store i8 0, i8* %10, align 1 %167 = getelementptr inbounds i8, i8* %156, i64 6 %168 = load i8, i8* %167, align 2 store i8 %168, i8* %10, align 1 %169 = bitcast i16* %11 to i8* store i16 0, i16* %11, align 2 %170 = icmp slt i32 %166, 0 br i1 %170, label %198, label %171 %172 = call i32 bitcast (i32 (%struct.sk_buff.273360*, i32, i8*, i16*)* @ipv6_skip_exthdr to i32 (%struct.sk_buff.763154*, i32, i8*, i16*)*)(%struct.sk_buff.763154* %0, i32 %163, i8* nonnull %10, i16* nonnull %11) #78 Function:ipv6_skip_exthdr %5 = alloca i16, align 2 %6 = alloca i16, align 2 %7 = bitcast i16* %5 to i8* %8 = load i8, i8* %2, align 1 store i16 0, i16* %3, align 2 %9 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 7 %11 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 41 %12 = icmp eq %struct.sk_buff.273360* %0, null %13 = bitcast i16* %6 to i8* br label %14 %15 = phi i32 [ %1, %4 ], [ %76, %73 ] %16 = phi i8 [ %8, %4 ], [ %75, %73 ] switch i8 %16, label %77 [ i8 0, label %17 i8 43, label %17 i8 44, label %17 i8 51, label %17 i8 59, label %17 i8 60, label %17 ] store i16 0, i16* %5, align 2 %18 = icmp eq i8 %16, 59 br i1 %18, label %72, label %19 %20 = load i32, i32* %9, align 8 %21 = load i32, i32* %10, align 4 %22 = sub i32 %20, %15 %23 = sub i32 %22, %21 %24 = icmp slt i32 %23, 2 br i1 %24, label %25, label %29, !prof !4, !misexpect !5 br i1 %12, label %72, label %26 %27 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.273360*, i32, i8*, i32)*)(%struct.sk_buff.273360* nonnull %0, i32 %15, i8* nonnull %7, i32 2) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __pskb_pull_tail 2 skb_vlan_untag 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 tcp_recvmsg 10 inet6_recvmsg 11 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __pskb_pull_tail 2 skb_vlan_untag 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __pskb_pull_tail 2 packet_parse_headers 3 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __pskb_pull_tail 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __dev_queue_xmit 2 dev_queue_xmit 3 netlink_deliver_tap 4 netlink_sendskb 5 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #78 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #78 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #78 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 48 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #78 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #78 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 48 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.763154*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #78 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.763154* %0, %struct.net_device.763141* null) #78 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.763141*, %struct.net_device.763141** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %29 = load i8*, i8** %10, align 8 %30 = load i32, i32* %17, align 4 %31 = zext i32 %30 to i64 %32 = getelementptr i8, i8* %29, i64 %31 %33 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 6 %34 = load i32, i32* %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 3, i64 0 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = getelementptr inbounds i8, i8* %32, i64 4 %38 = bitcast i8* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 0 br i1 %40, label %140, label %41 %42 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 34 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, -1 br i1 %44, label %140, label %45 %46 = getelementptr inbounds i8, i8* %32, i64 6 %47 = bitcast i8* %46 to i16* %48 = load i16, i16* %47, align 2 %49 = zext i16 %43 to i64 %50 = getelementptr i8, i8* %29, i64 %49 %51 = load i16, i16* %15, align 2 %52 = zext i16 %51 to i64 %53 = ptrtoint i8* %50 to i64 %54 = sub nsw i64 %49, %52 %55 = trunc i64 %54 to i32 %56 = getelementptr inbounds i8, i8* %32, i64 24 %57 = bitcast i8* %56 to i32* %58 = load i32, i32* %57, align 8 %59 = and i32 %58, 17 %60 = icmp eq i32 %59, 0 br i1 %60, label %93, label %61, !prof !8, !misexpect !9 %62 = bitcast %struct.tcphdr* %3 to i8* %63 = load i64, i64* %8, align 8 %64 = sub i64 %53, %63 %65 = trunc i64 %64 to i32 %66 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 7 %67 = load i32, i32* %66, align 4 %68 = sub i32 %34, %67 %69 = sub i32 %68, %65 %70 = icmp slt i32 %69, 20 br i1 %70, label %71, label %76, !prof !8, !misexpect !9 %72 = icmp eq %struct.sk_buff.763154* %0, null br i1 %72, label %91, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.763154*, i32, i8*, i32)*)(%struct.sk_buff.763154* nonnull %0, i32 %65, i8* nonnull %62, i32 20) #78 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ipip6_tunnel_bind_dev 7 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ping_v4_sendmsg ------------- Path:  Function:ping_v4_sendmsg %4 = alloca %struct.flowi4, align 8 %5 = alloca %struct.ipcm_cookie, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %6 to %struct.icmphdr* %8 = alloca %struct.pingfakehdr, align 8 %9 = alloca %struct.rtable.867317*, align 8 %10 = alloca %struct.ip_options_data, align 8 %11 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %12 = load %struct.net*, %struct.net** %11, align 8 %13 = bitcast %struct.flowi4* %4 to i8* %14 = bitcast %struct.sock* %0 to %struct.inet_sock.867335* %15 = bitcast %struct.ipcm_cookie* %5 to i8* %16 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %17 = getelementptr inbounds %struct.pingfakehdr, %struct.pingfakehdr* %8, i64 0, i32 0, i32 0 %18 = bitcast %struct.rtable.867317** %9 to i8* store %struct.rtable.867317* null, %struct.rtable.867317** %9, align 8 %19 = bitcast %struct.ip_options_data* %10 to i8* %20 = icmp ugt i64 %2, 65535 br i1 %20, label %332, label %21 %22 = icmp ult i64 %2, 8 br i1 %22, label %332, label %23 %24 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 1 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %332 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = call i64 @_copy_from_iter(i8* nonnull %16, i64 8, %struct.iov_iter* %29) #78 %31 = icmp eq i64 %30, 8 br i1 %31, label %33, label %32, !prof !4, !misexpect !5 %34 = getelementptr inbounds i8, i8* %16, i64 1 %35 = load i8, i8* %34, align 1 %36 = load i8, i8* %16, align 8 %37 = icmp eq i8 %36, 8 %38 = icmp eq i8 %35, 0 %39 = icmp eq i8 %36, 42 %40 = or i1 %37, %39 %41 = and i1 %38, %40 br i1 %41, label %42, label %332 %43 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 %45 = icmp eq i8* %44, null br i1 %45, label %57, label %46 %47 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %48 = load i32, i32* %47, align 8 %49 = icmp ult i32 %48, 16 br i1 %49, label %332, label %50 %51 = bitcast i8* %44 to i16* %52 = load i16, i16* %51, align 4 %53 = icmp eq i16 %52, 2 br i1 %53, label %54, label %332 %55 = getelementptr inbounds i8, i8* %44, i64 4 %56 = bitcast i8* %55 to i32* br label %63 %64 = phi i32* [ %56, %54 ], [ %62, %61 ] %65 = load i32, i32* %64, align 4 %66 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 5 store i16 -1, i16* %66, align 2 %67 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 6 %68 = bitcast i8* %67 to i32* store i32 0, i32* %68, align 4 %69 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 34 %70 = load i32, i32* %69, align 4 %71 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 1 store i32 %70, i32* %71, align 8 %72 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 65 %73 = load i16, i16* %72, align 8 %74 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 0, i32 2 store i16 %73, i16* %74, align 4 %75 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 6 %76 = load i32, i32* %75, align 4 %77 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 2 store i32 %76, i32* %77, align 4 %78 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1, i32 0 %79 = load i32, i32* %78, align 8 %80 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 1 store i32 %79, i32* %80, align 8 %81 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %82 = load i64, i64* %81, align 8 %83 = icmp eq i64 %82, 0 br i1 %83, label %84, label %86 %87 = call i32 bitcast (i32 (%struct.sock.836948*, %struct.msghdr.836922*, %struct.ipcm_cookie*, i1)* @ip_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.ipcm_cookie*, i1)*)(%struct.sock* %0, %struct.msghdr* %1, %struct.ipcm_cookie* nonnull %5, i1 zeroext false) #78 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %90 = load %struct.ip_options_rcu*, %struct.ip_options_rcu** %89, align 8 br i1 %88, label %93, label %91, !prof !4, !misexpect !6 %94 = icmp eq %struct.ip_options_rcu* %90, null %95 = getelementptr inbounds %struct.ipcm_cookie, %struct.ipcm_cookie* %5, i64 0, i32 3 %96 = icmp eq %struct.ip_options_rcu* %90, null br i1 %96, label %99, label %97 %98 = load i32, i32* %80, align 8 store i32 %65, i32* %80, align 8 br label %117 %118 = phi %struct.ip_options_rcu** [ %95, %97 ], [ %100, %113 ] %119 = phi i1 [ %94, %97 ], [ %101, %113 ] %120 = phi i32 [ %98, %97 ], [ %115, %113 ] %121 = phi %struct.ip_options_rcu* [ %90, %97 ], [ %114, %113 ] %122 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %121, i64 0, i32 1, i32 3 %123 = load i8, i8* %122, align 1 %124 = icmp eq i8 %123, 0 br i1 %124, label %130, label %125 %131 = phi %struct.ip_options_rcu** [ %118, %127 ], [ %118, %117 ], [ %100, %113 ] %132 = phi i1 [ %119, %127 ], [ %119, %117 ], [ %101, %113 ] %133 = phi i1 [ false, %127 ], [ false, %117 ], [ true, %113 ] %134 = phi i32 [ %120, %127 ], [ %120, %117 ], [ %115, %113 ] %135 = phi %struct.ip_options_rcu* [ %121, %127 ], [ %121, %117 ], [ null, %113 ] %136 = phi i32 [ %129, %127 ], [ %65, %117 ], [ %65, %113 ] %137 = load i16, i16* %66, align 2 %138 = icmp eq i16 %137, -1 br i1 %138, label %141, label %139 %140 = trunc i16 %137 to i8 br label %144 %145 = phi i8 [ %140, %139 ], [ %143, %141 ] %146 = and i8 %145, 30 %147 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 %148 = load volatile i64, i64* %147, align 8 %149 = and i64 %148, 8192 %150 = icmp eq i64 %149, 0 br i1 %150, label %151, label %161 %152 = load i32, i32* %24, align 8 %153 = and i32 %152, 4 %154 = icmp eq i32 %153, 0 br i1 %154, label %155, label %161 br i1 %133, label %163, label %156 %157 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %135, i64 0, i32 1, i32 6 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %163, label %161 %164 = phi i8 [ %162, %161 ], [ %146, %156 ], [ %146, %155 ] %165 = and i32 %65, 240 %166 = icmp eq i32 %165, 224 %167 = load i32, i32* %77, align 4 %168 = icmp eq i32 %167, 0 br i1 %166, label %169, label %180 br i1 %168, label %170, label %174 %175 = phi i32 [ %167, %169 ], [ %173, %170 ] %176 = icmp eq i32 %134, 0 br i1 %176, label %177, label %184 %185 = phi i32 [ %175, %174 ], [ %175, %177 ], [ %167, %180 ], [ %183, %181 ] %186 = phi i32 [ %134, %174 ], [ %179, %177 ], [ %134, %180 ], [ %134, %181 ] %187 = load i32, i32* %71, align 8 %188 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 48 %189 = load i16, i16* %188, align 4 %190 = trunc i16 %189 to i8 %191 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %192 = bitcast %struct.hlist_node*** %191 to i16* %193 = load i16, i16* %192, align 8 %194 = and i16 %193, 40 %195 = icmp ne i16 %194, 0 %196 = zext i1 %195 to i8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 57, i32 0 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %185, i32* %199, align 8 %200 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %200, align 4 %201 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %187, i32* %201, align 8 %202 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %164, i8* %202, align 4 %203 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %203, align 1 %204 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %190, i8* %204, align 2 %205 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 %196, i8* %205, align 1 %206 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %206, align 8 %207 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %207, align 8 %208 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %198, i32* %208, align 4 %209 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %136, i32* %209, align 4 %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %186, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %212 = bitcast %struct.kuid_t* %211 to %struct.raw_hdlc_proto* %213 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %212, i64 0, i32 1 store i16 0, i16* %213, align 2 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %214, align 8 %215 = load i8, i8* %16, align 8 %216 = bitcast %struct.kuid_t* %211 to %struct.nd_opt_hdr* %217 = bitcast %struct.kuid_t* %211 to i8* store i8 %215, i8* %217, align 8 %218 = getelementptr inbounds %struct.icmphdr, %struct.icmphdr* %7, i64 0, i32 1 %219 = load i8, i8* %218, align 1 %220 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %216, i64 0, i32 1 store i8 %219, i8* %220, align 1 %221 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0 call void @security_sk_classify_flow(%struct.sock* %0, %struct.flowi_common* nonnull %221) #78 %222 = call %struct.rtable.867317* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867317* (%struct.net*, %struct.flowi4*, %struct.sock*)*)(%struct.net* %12, %struct.flowi4* nonnull %4, %struct.sock* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 ip_route_output_key_hash_rcu 5 ip_route_output_flow 6 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 __ip_rt_update_pmtu 5 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_copy_bits 1 __skb_flow_dissect 2 fib_multipath_hash 3 fib_select_path 4 __ip_do_redirect 5 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %201 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %49, i64 0, i32 34, i32 14 %202 = load i8, i8* %201, align 4, !range !10 %203 = icmp eq i8 %202, 0 br i1 %203, label %206, label %204 %205 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %49, %struct.flowi4* %2, %struct.fib_result.837080* nonnull %7, i32 1) #78 br label %227 %228 = phi i32 [ %205, %204 ], [ %226, %225 ] %229 = icmp eq i32 %228, 0 br i1 %229, label %230, label %240 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %49, %struct.fib_result.837080* nonnull %7, %struct.flowi4* %2, %struct.sk_buff.836958* %1) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %33 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 1 %34 = load i16, i16* %33, align 8 %35 = zext i16 %34 to i32 br label %39 %40 = phi i32 [ %38, %36 ], [ %35, %32 ] %41 = icmp ugt i32 %40, 1 br i1 %41, label %42, label %44 %43 = tail call i32 bitcast (i32 (%struct.net.836644*, %struct.flowi4*, %struct.sk_buff.836958*, %struct.flow_keys*)* @fib_multipath_hash to i32 (%struct.net.767947*, %struct.flowi4*, %struct.sk_buff.767837*, %struct.flow_keys*)*)(%struct.net.767947* %0, %struct.flowi4* %2, %struct.sk_buff.767837* %3, %struct.flow_keys* null) #78 Function:fib_multipath_hash %5 = alloca %struct.flow_keys, align 8 %6 = alloca %struct.flow_keys, align 8 %7 = alloca %struct.flow_keys, align 8 %8 = alloca %struct.flow_keys, align 8 %9 = alloca %struct.flow_keys, align 8 %10 = alloca %struct.flow_keys, align 8 %11 = alloca %struct.flow_keys, align 8 %12 = alloca %struct.flow_keys, align 8 %13 = icmp eq %struct.flowi4* %1, null br i1 %13, label %17, label %14 %18 = phi i32 [ %16, %14 ], [ 0, %4 ] %19 = bitcast %struct.flow_keys* %10 to i8* %20 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 123 %21 = load volatile i8, i8* %20, align 1 switch i8 %21, label %364 [ i8 0, label %22 i8 1, label %35 i8 2, label %95 i8 3, label %142 ] %36 = icmp eq %struct.sk_buff.836958* %2, null br i1 %36, label %72, label %37 %38 = bitcast %struct.flow_keys* %11 to i8* %39 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 16 %40 = load i16, i16* %39, align 8 %41 = and i16 %40, 256 %42 = icmp eq i16 %41, 0 br i1 %42, label %43, label %69 %44 = icmp eq %struct.flow_keys* %3, null br i1 %44, label %45, label %47 %46 = call zeroext i1 bitcast (i1 (%struct.net.761588*, %struct.sk_buff.761490*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)* @__skb_flow_dissect to i1 (%struct.net.836644*, %struct.sk_buff.836958*, %struct.flow_dissector*, i8*, i8*, i16, i32, i32, i32)*)(%struct.net.836644* null, %struct.sk_buff.836958* nonnull %2, %struct.flow_dissector* nonnull @flow_keys_dissector, i8* nonnull %38, i8* null, i16 zeroext 0, i32 0, i32 0, i32 4) #79 Function:__skb_flow_dissect %10 = alloca i32, align 4 %11 = alloca %struct.kuid_t, align 4 %12 = alloca [20 x i8], align 1 %13 = alloca i64, align 8 %14 = alloca %struct.anon.263.761595, align 1 %15 = alloca i32, align 4 %16 = alloca i32, align 4 %17 = alloca %struct.ethhdr, align 1 %18 = alloca i32, align 4 %19 = alloca %struct.tcphdr, align 4 %20 = alloca i64, align 8 %21 = alloca i32, align 4 %22 = alloca i32, align 4 %23 = alloca %struct.bpf_flow_keys, align 4 %24 = alloca %struct.bpf_flow_dissector, align 8 %25 = alloca %struct.iphdr, align 4 %26 = alloca %struct.ipv6hdr, align 4 %27 = alloca i32, align 4 %28 = alloca i64, align 8 %29 = alloca %union.anon.99, align 4 %30 = alloca [34 x i8], align 1 %31 = alloca i16, align 2 %32 = alloca i64, align 8 %33 = bitcast i16* %31 to i8* %34 = getelementptr inbounds [34 x i8], [34 x i8]* %30, i64 0, i64 0 store i32 %7, i32* %22, align 4 %35 = icmp eq i8* %4, null br i1 %35, label %36, label %62 %63 = phi i32 [ %61, %36 ], [ %7, %9 ] %64 = phi i16 [ %46, %36 ], [ %5, %9 ] %65 = phi i32 [ %56, %36 ], [ %6, %9 ] %66 = phi i8* [ %38, %36 ], [ %4, %9 ] %67 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 0 %68 = load i16, i16* %67, align 2 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %3, i64 %69 %71 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 1 %72 = load i16, i16* %71, align 2 %73 = zext i16 %72 to i64 %74 = getelementptr i8, i8* %3, i64 %73 %75 = icmp eq %struct.sk_buff.761490* %1, null %76 = icmp ne %struct.net.761588* %0, null %77 = or i1 %76, %75 br i1 %77, label %93, label %78 %79 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %80 = load %struct.net_device.761478*, %struct.net_device.761478** %79, align 8 %81 = icmp eq %struct.net_device.761478* %80, null br i1 %81, label %84, label %82 %83 = getelementptr inbounds %struct.net_device.761478, %struct.net_device.761478* %80, i64 0, i32 109, i32 0 br label %90 %91 = phi %struct.net.761588** [ %89, %88 ], [ %83, %82 ] %92 = load %struct.net.761588*, %struct.net.761588** %91, align 8 br label %93 %94 = phi %struct.net.761588* [ %0, %62 ], [ %92, %90 ] %95 = icmp eq %struct.net.761588* %94, null br i1 %95, label %96, label %97, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %98 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** getelementptr inbounds (%struct.net.761588, %struct.net.761588* bitcast (%struct.net* @init_net to %struct.net.761588*), i64 0, i32 39, i32 0, i64 0), align 8 %99 = icmp eq %struct.bpf_prog_array.761583* %98, null br i1 %99, label %100, label %104 %101 = getelementptr inbounds %struct.net.761588, %struct.net.761588* %94, i64 0, i32 39, i32 0, i64 0 %102 = load volatile %struct.bpf_prog_array.761583*, %struct.bpf_prog_array.761583** %101, align 8 %103 = icmp eq %struct.bpf_prog_array.761583* %102, null br i1 %103, label %242, label %104 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #79 br label %244 %245 = getelementptr inbounds %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 0 %246 = load i32, i32* %245, align 4 %247 = trunc i32 %246 to i8 %248 = icmp sgt i8 %247, -1 br i1 %248, label %260, label %249 %261 = getelementptr inbounds %struct.anon.263.761595, %struct.anon.263.761595* %14, i64 0, i32 0, i32 0 %262 = getelementptr inbounds i8, i8* %70, i64 4 %263 = bitcast i8* %262 to i32* %264 = lshr i32 %8, 1 %265 = and i32 %264, 2 %266 = xor i32 %265, 2 %267 = getelementptr inbounds [20 x i8], [20 x i8]* %12, i64 0, i64 0 %268 = bitcast i64* %13 to i8* %269 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 9 %270 = bitcast %struct.kuid_t* %11 to i8* %271 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %11, i64 0, i32 0 %272 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 19 %273 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 13 %274 = bitcast %union.anon.99* %29 to i8* %275 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 8 %276 = bitcast i32* %10 to i8* %277 = getelementptr inbounds i8, i8* %70, i64 2 %278 = bitcast i8* %277 to i16* %279 = bitcast i64* %28 to i8* %280 = bitcast i32* %27 to i8* %281 = icmp ne %struct.sk_buff.761490* %1, null %282 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 18 %283 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 33 %284 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 25 %285 = getelementptr inbounds %struct.ipv6hdr, %struct.ipv6hdr* %26, i64 0, i32 0 %286 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 3 %287 = and i32 %8, 2 %288 = icmp eq i32 %287, 0 %289 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 11 %290 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 21 %291 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %25, i64 0, i32 0 %292 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 2 %293 = and i32 %8, 1 %294 = icmp eq i32 %293, 0 %295 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 6 %296 = bitcast i64* %20 to i8* %297 = bitcast %struct.tcphdr* %19 to i8* %298 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 20 %299 = bitcast i64* %32 to i8* %300 = bitcast i32* %15 to i8* %301 = bitcast i32* %16 to i8* %302 = getelementptr %struct.flow_dissector, %struct.flow_dissector* %2, i64 0, i32 1, i64 12 %303 = bitcast i32* %18 to i8* %304 = getelementptr inbounds %struct.ethhdr, %struct.ethhdr* %17, i64 0, i32 0, i64 0 %305 = icmp eq i8* %66, null %306 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 41 %307 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 6 %308 = getelementptr inbounds %struct.sk_buff.761490, %struct.sk_buff.761490* %1, i64 0, i32 7 %309 = bitcast i32* %21 to i8* br label %310 %311 = phi i16 [ %64, %260 ], [ %836, %835 ] %312 = phi i32 [ %65, %260 ], [ %837, %835 ] %313 = phi i8 [ 0, %260 ], [ %826, %835 ] %314 = phi i32 [ 0, %260 ], [ %838, %835 ] %315 = phi i8 [ 0, %260 ], [ %839, %835 ] %316 = phi i32 [ 0, %260 ], [ %828, %835 ] %317 = phi i32 [ 28, %260 ], [ %829, %835 ] switch i16 %311, label %1204 [ i16 8, label %318 i16 -8826, label %390 i16 -22392, label %459 i16 129, label %459 i16 25736, label %542 i16 -13688, label %566 i16 18312, label %601 i16 18568, label %601 i16 1673, label %674 i16 1544, label %680 i16 13696, label %680 i16 1347, label %769 i16 -2168, label %800 ] %801 = load i32, i32* %22, align 4 %802 = sub i32 %801, %312 %803 = icmp slt i32 %802, 34 br i1 %803, label %804, label %808, !prof !4, !misexpect !9 br i1 %75, label %820, label %805 %821 = phi i32 [ %312, %808 ], [ %819, %812 ], [ %312, %805 ], [ %312, %804 ] %822 = phi i32 [ 1, %808 ], [ 0, %812 ], [ 1, %805 ], [ 1, %804 ] br label %823 %824 = phi i16 [ -2168, %820 ], [ %797, %796 ], [ %311, %767 ], [ %311, %669 ], [ -13688, %599 ], [ %563, %562 ], [ %538, %537 ], [ -8826, %455 ], [ 8, %386 ] %825 = phi i32 [ %821, %820 ], [ %798, %796 ], [ %312, %767 ], [ %672, %669 ], [ %312, %599 ], [ %564, %562 ], [ %539, %537 ], [ %456, %455 ], [ %387, %386 ] %826 = phi i8 [ %313, %820 ], [ %313, %796 ], [ %313, %767 ], [ %670, %669 ], [ %313, %599 ], [ %313, %562 ], [ %313, %537 ], [ %313, %455 ], [ %313, %386 ] %827 = phi i8 [ %315, %820 ], [ %315, %796 ], [ %315, %767 ], [ %315, %669 ], [ %315, %599 ], [ %315, %562 ], [ %315, %537 ], [ %457, %455 ], [ %388, %386 ] %828 = phi i32 [ %316, %820 ], [ %316, %796 ], [ %316, %767 ], [ %673, %669 ], [ %316, %599 ], [ %316, %562 ], [ %316, %537 ], [ %316, %455 ], [ %316, %386 ] %829 = phi i32 [ %317, %820 ], [ %317, %796 ], [ %317, %767 ], [ %317, %669 ], [ %317, %599 ], [ %317, %562 ], [ %540, %537 ], [ %317, %455 ], [ %317, %386 ] %830 = phi i32 [ %822, %820 ], [ %799, %796 ], [ %768, %767 ], [ %671, %669 ], [ %600, %599 ], [ %565, %562 ], [ %541, %537 ], [ %458, %455 ], [ %389, %386 ] switch i32 %830, label %1204 [ i32 0, label %1189 i32 2, label %832 i32 4, label %831 i32 3, label %831 ] br label %840 %841 = phi i16 [ %1128, %1186 ], [ %824, %831 ] %842 = phi i32 [ %1129, %1186 ], [ %825, %831 ] %843 = phi i32 [ %1187, %1186 ], [ %314, %831 ] %844 = phi i8 [ %1130, %1186 ], [ %827, %831 ] switch i8 %844, label %1127 [ i8 47, label %845 i8 0, label %992 i8 43, label %992 i8 60, label %992 i8 44, label %1019 i8 4, label %1051 i8 41, label %1054 i8 -119, label %1057 i8 6, label %1058 i8 1, label %1088 i8 58, label %1088 ] %1089 = load i32, i32* %245, align 4 %1090 = and i32 %1089, 64 %1091 = icmp eq i32 %1090, 0 br i1 %1091, label %1127, label %1092 %1093 = load i32, i32* %22, align 4 %1094 = load i16, i16* %295, align 2 %1095 = zext i16 %1094 to i64 %1096 = getelementptr i8, i8* %3, i64 %1095 store i64 0, i64* %20, align 8 %1097 = sub i32 %1093, %842 %1098 = icmp slt i32 %1097, 8 br i1 %1098, label %1099, label %1103, !prof !4, !misexpect !9 br i1 %75, label %1126, label %1100 %1101 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.761490*, i32, i8*, i32)*)(%struct.sk_buff.761490* nonnull %1, i32 %842, i8* nonnull %296, i32 8) #79 Function:skb_copy_bits %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %8 = load i32, i32* %7, align 4 %9 = sub i32 %6, %8 %10 = sub i32 %6, %3 %11 = icmp slt i32 %10, %1 br i1 %11, label %160, label %12 %13 = sub i32 %9, %1 %14 = icmp sgt i32 %13, 0 br i1 %14, label %15, label %29 %16 = icmp sgt i32 %13, %3 %17 = select i1 %16, i32 %3, i32 %13 %18 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 41 %19 = load i8*, i8** %18, align 8 %20 = sext i32 %1 to i64 %21 = getelementptr i8, i8* %19, i64 %20 %22 = zext i32 %17 to i64 %23 = sub i32 %3, %17 %24 = icmp eq i32 %23, 0 br i1 %24, label %161, label %25 %26 = add i32 %17, %1 %27 = sext i32 %17 to i64 %28 = getelementptr i8, i8* %2, i64 %27 br label %29 %30 = phi i32 [ %23, %25 ], [ %3, %12 ] %31 = phi i8* [ %28, %25 ], [ %2, %12 ] %32 = phi i32 [ %26, %25 ], [ %1, %12 ] %33 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %34 = load i8*, i8** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %36 = load i32, i32* %35, align 4 %37 = zext i32 %36 to i64 %38 = getelementptr i8, i8* %34, i64 %37 %39 = getelementptr inbounds i8, i8* %38, i64 2 %40 = load i8, i8* %39, align 2 %41 = icmp eq i8 %40, 0 br i1 %41, label %112, label %42 %43 = phi i64 [ %103, %99 ], [ 0, %29 ] %44 = phi i8* [ %107, %99 ], [ %38, %29 ] %45 = phi i32 [ %102, %99 ], [ %32, %29 ] %46 = phi i8* [ %101, %99 ], [ %31, %29 ] %47 = phi i32 [ %100, %99 ], [ %30, %29 ] %48 = phi i32 [ %57, %99 ], [ %9, %29 ] %49 = getelementptr inbounds i8, i8* %44, i64 48 %50 = bitcast i8* %49 to [17 x %struct.page_frag.756147]* %51 = add i32 %45, %47 %52 = icmp sgt i32 %48, %51 br i1 %52, label %53, label %54, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2378, i32 2305, i64 12) #6, !srcloc !6 br label %54 %55 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 1 %56 = load i32, i32* %55, align 8 %57 = add i32 %56, %48 %58 = sub i32 %57, %45 %59 = icmp sgt i32 %58, 0 br i1 %59, label %60, label %99 %61 = icmp sgt i32 %58, %47 %62 = select i1 %61, i32 %47, i32 %58 %63 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 2 %64 = load i32, i32* %63, align 4 %65 = sub i32 %45, %48 %66 = add i32 %65, %64 %67 = icmp eq i32 %62, 0 br i1 %67, label %92, label %68 %69 = and i32 %66, 4095 %70 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %50, i64 0, i64 %43, i32 0 %71 = load %struct.page.756615*, %struct.page.756615** %70, align 8 %72 = lshr i32 %66, 12 %73 = zext i32 %72 to i64 %74 = getelementptr %struct.page.756615, %struct.page.756615* %71, i64 %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %75 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.756514** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.756514**)) #11, !srcloc !8 %76 = inttoptr i64 %75 to %struct.task_struct.756514* %77 = getelementptr inbounds %struct.task_struct.756514, %struct.task_struct.756514* %76, i64 0, i32 166 %78 = load i32, i32* %77, align 8 %79 = add i32 %78, 1 store i32 %79, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %80 = load i64, i64* @vmemmap_base, align 8 %81 = ptrtoint %struct.page.756615* %74 to i64 %82 = sub i64 %81, %80 %83 = shl i64 %82, 6 %84 = load i64, i64* @page_offset_base, align 8 %85 = add i64 %83, %84 %86 = inttoptr i64 %85 to i8* %87 = zext i32 %69 to i64 %88 = getelementptr i8, i8* %86, i64 %87 %89 = zext i32 %62 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %90 = load i32, i32* %77, align 8 %91 = add i32 %90, -1 store i32 %91, i32* %77, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %92 %93 = sub i32 %47, %62 %94 = icmp eq i32 %93, 0 %95 = sext i32 %62 to i64 %96 = getelementptr i8, i8* %46, i64 %95 %97 = select i1 %94, i32 0, i32 %62 %98 = add i32 %97, %45 br i1 %94, label %161, label %99 %100 = phi i32 [ %93, %92 ], [ %47, %54 ] %101 = phi i8* [ %96, %92 ], [ %46, %54 ] %102 = phi i32 [ %98, %92 ], [ %45, %54 ] %103 = add nuw nsw i64 %43, 1 %104 = load i8*, i8** %33, align 8 %105 = load i32, i32* %35, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr i8, i8* %104, i64 %106 %108 = getelementptr inbounds i8, i8* %107, i64 2 %109 = load i8, i8* %108, align 2 %110 = zext i8 %109 to i64 %111 = icmp ult i64 %103, %110 br i1 %111, label %42, label %112 %113 = phi i32 [ %9, %29 ], [ %57, %99 ] %114 = phi i32 [ %30, %29 ], [ %100, %99 ] %115 = phi i8* [ %31, %29 ], [ %101, %99 ] %116 = phi i32 [ %32, %29 ], [ %102, %99 ] %117 = phi i8* [ %38, %29 ], [ %107, %99 ] %118 = getelementptr inbounds i8, i8* %117, i64 8 %119 = bitcast i8* %118 to %struct.sk_buff.756266** %120 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %119, align 8 %121 = icmp eq %struct.sk_buff.756266* %120, null br i1 %121, label %157, label %122 %123 = phi %struct.sk_buff.756266* [ %155, %150 ], [ %120, %112 ] %124 = phi i32 [ %153, %150 ], [ %116, %112 ] %125 = phi i8* [ %152, %150 ], [ %115, %112 ] %126 = phi i32 [ %151, %150 ], [ %114, %112 ] %127 = phi i32 [ %134, %150 ], [ %113, %112 ] %128 = add i32 %124, %126 %129 = icmp sgt i32 %127, %128 br i1 %129, label %130, label %131, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.63305, i64 0, i64 0), i32 2408, i32 2305, i64 12) #6, !srcloc !12 br label %131 %132 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %123, i64 0, i32 6 %133 = load i32, i32* %132, align 8 %134 = add i32 %133, %127 %135 = sub i32 %134, %124 %136 = icmp sgt i32 %135, 0 br i1 %136, label %137, label %150 %138 = icmp sgt i32 %135, %126 %139 = select i1 %138, i32 %126, i32 %135 %140 = sub i32 %124, %127 %141 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* nonnull %123, i32 %140, i8* %125, i32 %139) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 tcp_recvmsg 9 inet6_recvmsg 10 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 packet_parse_headers 1 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 ------------- Good: 5982 Bad: 197 Ignored: 22669 Check Use of Function:ieee80211_process_measurement_req Check Use of Function:dev_disable_lro Check Use of Function:generic_file_write_iter Check Use of Function:drv_event_callback Check Use of Function:ieee80211_roc_setup Check Use of Function:dev_ingress_queue_create Check Use of Function:lookup_fast Check Use of Function:cfg80211_sme_auth_timeout Check Use of Function:xt_free_table_info Check Use of Function:cfg80211_unregister_wdev Check Use of Function:unregister_netdevice_many Check Use of Function:register_netdevice Check Use of Function:may_open Check Use of Function:__SCT__tp_func_ext4_da_reserve_space Check Use of Function:nl80211_notify_wiphy Check Use of Function:device_rename Check Use of Function:pci_set_power_state Check Use of Function:rdev_set_wakeup Check Use of Function:device_del Check Use of Function:ipip6_dellink Check Use of Function:ext4_xattr_inode_get Check Use of Function:wiphy_regulatory_deregister Check Use of Function:io_uring_add_tctx_node Check Use of Function:register_inetaddr_notifier Check Use of Function:translate_table.68297 Check Use of Function:unlock_page Check Use of Function:ieee80211_determine_chantype Check Use of Function:xfrm_user_policy Check Use of Function:handle_dots Check Use of Function:cfg80211_sme_deauth Check Use of Function:walk_page_range Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86) #78 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %12 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %13 = bitcast %struct.vm_area_struct* %0 to i8* %14 = tail call i32 @walk_page_range(%struct.mm_struct* %12, i64 %2, i64 %3, %struct.mm_walk_ops* nonnull @swapin_walk_ops, i8* %13) #78 ------------- Use: =BAD PATH= Call Stack: 0 madvise_willneed 1 do_madvise 2 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] call fastcc void @madvise_willneed(%struct.vm_area_struct* nonnull %73, %struct.vm_area_struct** nonnull %11, i64 %81, i64 %86) #78 Function:madvise_willneed %5 = alloca %struct.xa_state, align 8 %6 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 6 %7 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %8 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %0, i64 0, i32 14 %9 = load %struct.file*, %struct.file** %8, align 8 store %struct.vm_area_struct* %0, %struct.vm_area_struct** %1, align 8 %10 = icmp eq %struct.file* %9, null br i1 %10, label %11, label %15 %12 = load %struct.mm_struct*, %struct.mm_struct** %6, align 8 %13 = bitcast %struct.vm_area_struct* %0 to i8* %14 = tail call i32 @walk_page_range(%struct.mm_struct* %12, i64 %2, i64 %3, %struct.mm_walk_ops* nonnull @swapin_walk_ops, i8* %13) #78 ------------- Good: 17 Bad: 2 Ignored: 14 Check Use of Function:ieee80211_if_add Check Use of Function:__SCT__tp_func_drv_sta_set_4addr Check Use of Function:intel_user_framebuffer_create_handle Check Use of Function:_dev_printk Use: =BAD PATH= Call Stack: 0 pnp_disable_dev 1 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.351947* %11 = getelementptr inbounds %struct.pnp_dev.351947, %struct.pnp_dev.351947* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #79 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.34057, i64 0, i64 0), i64 7) #80 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.352189*)* @pnp_disable_dev to i32 (%struct.pnp_dev.351947*)*)(%struct.pnp_dev.351947* %10) #79 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.352179*, %struct.pnp_protocol.352179** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.352179, %struct.pnp_protocol.352179* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.352189*)*, i32 (%struct.pnp_dev.352189*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.352189*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %23 = load i32, i32* @pnp_debug, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %51, label %25 %26 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.33953, i64 0, i64 0), %struct.device* %26, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.7.33954, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 pnp_auto_config_dev 1 pnp_activate_dev 2 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device* %0 to %struct.pnp_dev.351947* %11 = getelementptr inbounds %struct.pnp_dev.351947, %struct.pnp_dev.351947* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #79 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.11.34057, i64 0, i64 0), i64 7) #80 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.12.34058, i64 0, i64 0), i64 8) #80 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %27 %26 = tail call i32 bitcast (i32 (%struct.pnp_dev.352189*)* @pnp_activate_dev to i32 (%struct.pnp_dev.351947*)*)(%struct.pnp_dev.351947* %10) #79 Function:pnp_activate_dev %2 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %33 %6 = tail call i32 @pnp_auto_config_dev(%struct.pnp_dev.352189* %0) #78 Function:pnp_auto_config_dev %2 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %10 %6 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 14 %7 = load i32, i32* %6, align 4 %8 = and i32 %7, 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %15 %11 = load i32, i32* @pnp_debug, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %33, label %13 %14 = getelementptr inbounds %struct.pnp_dev.352189, %struct.pnp_dev.352189* %0, i64 0, i32 0 tail call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.33953, i64 0, i64 0), %struct.device* %14, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.1.33967, i64 0, i64 0)) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.557472* %5 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 %10 = icmp eq %struct.drm_device.382396* %0, null br i1 %10, label %14, label %11 %15 = phi %struct.device* [ %13, %11 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %15, i32 2, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.44203, i64 0, i64 0)) #78 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.38007, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.38003, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.438758** %12 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %11, align 8 %13 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %72, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #78 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #79 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39851, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %30 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #78 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %72 %33 = load i32, i32* %5, align 4 %34 = icmp eq i32 %33, 0 %35 = icmp eq %struct.drm_i915_private.438758* %12, null br i1 %34, label %44, label %36 br i1 %35, label %48, label %45 %49 = phi %struct.device* [ %47, %45 ], [ null, %44 ] call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %49, i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.41.39858, i64 0, i64 0)) #78 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.38007, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.38003, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file** %9 = load %struct.seq_file*, %struct.seq_file** %8, align 8 %10 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %9, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.drm_i915_private.438758** %12 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 store i8 0, i8* %6, align 1 %14 = icmp ugt i64 %2, 15 br i1 %14, label %68, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #78 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %68 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #79 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.39.39851, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %34 %35 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #78 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68 %38 = icmp eq %struct.drm_i915_private.438758* %12, null br i1 %38, label %42, label %39 %43 = phi %struct.device* [ %41, %39 ], [ null, %37 ] %44 = load i8, i8* %6, align 1, !range !4 %45 = icmp eq i8 %44, 0 %46 = select i1 %45, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.48.39852, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.47.39853, i64 0, i64 0) call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %43, i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.46.39854, i64 0, i64 0), i8* %46) #78 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.38007, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.38003, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_coredump.436855** %7 = load %struct.i915_gpu_coredump.436855*, %struct.i915_gpu_coredump.436855** %6, align 8 %8 = icmp eq %struct.i915_gpu_coredump.436855* %7, null br i1 %8, label %19, label %9 %10 = getelementptr inbounds %struct.i915_gpu_coredump.436855, %struct.i915_gpu_coredump.436855* %7, i64 0, i32 5 %11 = load %struct.drm_i915_private.436889*, %struct.drm_i915_private.436889** %10, align 8 %12 = icmp eq %struct.drm_i915_private.436889* %11, null br i1 %12, label %16, label %13 %17 = phi %struct.device* [ %15, %13 ], [ null, %9 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %17, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.42.39602, i64 0, i64 0)) #78 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.38007, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.38003, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 check_for_unclaimed_mmio 2 intel_uncore_forcewake_user_put 3 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.436889** %5 = load %struct.drm_i915_private.436889*, %struct.drm_i915_private.436889** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %5, i64 0, i32 3, i32 0 %7 = load i8, i8* %6, align 8 %8 = icmp ugt i8 %7, 5 br i1 %8, label %9, label %11 %10 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %5, i64 0, i32 9 tail call void bitcast (void (%struct.intel_uncore.429056*)* @intel_uncore_forcewake_user_put to void (%struct.intel_uncore.436570*)*)(%struct.intel_uncore.436570* %10) #78 Function:intel_uncore_forcewake_user_put %2 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %3) #78 %4 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 15 %5 = load i32, i32* %4, align 8 %6 = add i32 %5, -1 store i32 %6, i32* %4, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %64 %9 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 16 %10 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %11 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %13 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %12, i64 0, i32 3 %14 = load i32, i32* %13, align 4 %15 = add i32 %14, -1 store i32 %15, i32* %13, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %21 %22 = tail call fastcc zeroext i1 @check_for_unclaimed_mmio(%struct.intel_uncore.429056* %0) #79 Function:check_for_unclaimed_mmio %2 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 16 %3 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %2, align 8 %4 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %3, i64 0, i32 3 %5 = load i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %83 %8 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %30, label %12 %13 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 271104 %16 = bitcast i8* %15 to i32* %17 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16) #6, !srcloc !4 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %30, !prof !5, !misexpect !6 %20 = icmp eq i32 %17, -1 br i1 %20, label %21, label %26, !prof !5, !misexpect !7 %22 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 1 %23 = load %struct.drm_i915_private.429396*, %struct.drm_i915_private.429396** %22, align 8 %24 = getelementptr inbounds %struct.drm_i915_private.429396, %struct.drm_i915_private.429396* %23, i64 0, i32 0, i32 2 %25 = load %struct.device*, %struct.device** %24, align 8 tail call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %25, i8* getelementptr inbounds ([83 x i8], [83 x i8]* @.str.35.39371, i64 0, i64 0)) #78 br label %26 %27 = load i8*, i8** %13, align 8 %28 = getelementptr i8, i8* %27, i64 271104 %29 = bitcast i8* %28 to i32* tail call void asm sideeffect "movl $0,$1", "r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -2147483648, i32* %29) #6, !srcloc !8 br label %30 %31 = phi i8 [ 0, %7 ], [ 1, %26 ], [ 0, %12 ] %32 = load i32, i32* %8, align 4 %33 = and i32 %32, 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35 %52 = phi i32 [ %50, %47 ], [ %32, %30 ] %53 = phi i8 [ %49, %47 ], [ %31, %30 ] %54 = and i32 %52, 8 %55 = icmp eq i32 %54, 0 br i1 %55, label %79, label %56 %57 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 0 %58 = load i8*, i8** %57, align 8 %59 = getelementptr i8, i8* %58, i64 1179648 %60 = bitcast i8* %59 to i32* %61 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %60) #6, !srcloc !4 %62 = icmp ne i32 %61, 0 br i1 %62, label %63, label %75, !prof !5, !misexpect !7 %64 = getelementptr inbounds %struct.intel_uncore.429056, %struct.intel_uncore.429056* %0, i64 0, i32 1 %65 = load %struct.drm_i915_private.429396*, %struct.drm_i915_private.429396** %64, align 8 %66 = icmp eq %struct.drm_i915_private.429396* %65, null br i1 %66, label %70, label %67 %68 = getelementptr inbounds %struct.drm_i915_private.429396, %struct.drm_i915_private.429396* %65, i64 0, i32 0, i32 2 %69 = load %struct.device*, %struct.device** %68, align 8 br label %70 %71 = phi %struct.device* [ %69, %67 ], [ null, %63 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %71, i32 2, i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str.36.39372, i64 0, i64 0), i32 %61) #79 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.38007, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.38003, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 drm_dev_dbg 1 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject, %struct.kobject* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.423982** %12 = load %struct.drm_i915_private.423982*, %struct.drm_i915_private.423982** %11, align 8 %13 = icmp eq %struct.drm_i915_private.423982* %12, null br i1 %13, label %17, label %14 %18 = phi %struct.device* [ %16, %14 ], [ null, %6 ] tail call void (%struct.device*, i32, i8*, ...) @drm_dev_dbg(%struct.device* %18, i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.30.38898, i64 0, i64 0)) #78 Function:drm_dev_dbg %4 = alloca %struct.va_format, align 8 %5 = alloca [1 x %struct.__va_list_tag], align 16 %6 = bitcast %struct.va_format* %4 to i8* %7 = bitcast [1 x %struct.__va_list_tag]* %5 to i8* %8 = load i32, i32* @__drm_debug, align 4 %9 = and i32 %8, %1 %10 = icmp eq i32 %9, 0 br i1 %10, label %20, label %11 %12 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 0 store i8* %2, i8** %12, align 8 %13 = getelementptr inbounds %struct.va_format, %struct.va_format* %4, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %5, [1 x %struct.__va_list_tag]** %13, align 8 %14 = icmp eq %struct.device* %0, null br i1 %14, label %17, label %16 call void (i8*, %struct.device*, i8*, ...) @_dev_printk(i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.12.38007, i64 0, i64 0), %struct.device* nonnull %0, i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.10.38003, i64 0, i64 0), i8* %15, %struct.va_format* nonnull %4) #78 ------------- Good: 2251 Bad: 8 Ignored: 822 Check Use of Function:rfkill_register Check Use of Function:acpi_ec_init Check Use of Function:nl80211_common_reg_change_event Check Use of Function:ieee80211_sta_wmm_params Check Use of Function:ieee80211_vht_handle_opmode Check Use of Function:cfg80211_tx_mlme_mgmt Check Use of Function:ip6_route_del Check Use of Function:dm_pr_release Check Use of Function:cfg80211_chandef_valid Check Use of Function:ieee80211_vif_change_bandwidth Check Use of Function:ext4_release_orphan_info Check Use of Function:ieee80211_set_disassoc Check Use of Function:cgroupns_install Check Use of Function:pagevec_lookup_range Check Use of Function:__SCT__tp_func_drv_channel_switch_beacon Check Use of Function:put_ucounts Check Use of Function:__sta_info_recalc_tim Check Use of Function:drm_atomic_commit Check Use of Function:security_move_mount Check Use of Function:drm_mode_obj_find_prop_id Check Use of Function:scsi_run_host_queues Check Use of Function:round_jiffies Use: =BAD PATH= Call Stack: 0 fib6_run_gc 1 ip6_dst_gc ------------- Path:  Function:ip6_dst_gc %2 = getelementptr %struct.dst_ops.902527, %struct.dst_ops.902527* %0, i64 -7, i32 9 %3 = bitcast %struct.dst_entry.902548* (%struct.dst_entry.902548*)** %2 to %struct.net.902772* %4 = getelementptr inbounds %struct.dst_entry.902548* (%struct.dst_entry.902548*)*, %struct.dst_entry.902548* (%struct.dst_entry.902548*)** %2, i64 160 %5 = bitcast %struct.dst_entry.902548* (%struct.dst_entry.902548*)** %4 to %struct.netns_ipv6.902756* %6 = getelementptr inbounds %struct.dst_entry.902548* (%struct.dst_entry.902548*)*, %struct.dst_entry.902548* (%struct.dst_entry.902548*)** %2, i64 184 %7 = bitcast %struct.dst_entry.902548* (%struct.dst_entry.902548*)** %6 to %struct.netns_sysctl_ipv6* %8 = getelementptr inbounds %struct.dst_entry.902548* (%struct.dst_entry.902548*)*, %struct.dst_entry.902548* (%struct.dst_entry.902548*)** %2, i64 190 %9 = bitcast %struct.dst_entry.902548* (%struct.dst_entry.902548*)** %8 to i32* %10 = load i32, i32* %9, align 16 %11 = getelementptr inbounds %struct.netns_sysctl_ipv6, %struct.netns_sysctl_ipv6* %7, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.netns_sysctl_ipv6, %struct.netns_sysctl_ipv6* %7, i64 0, i32 10 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.netns_sysctl_ipv6, %struct.netns_sysctl_ipv6* %7, i64 0, i32 8 %16 = load i32, i32* %15, align 4 %17 = getelementptr inbounds %struct.dst_entry.902548* (%struct.dst_entry.902548*)*, %struct.dst_entry.902548* (%struct.dst_entry.902548*)** %2, i64 225 %18 = bitcast %struct.dst_entry.902548* (%struct.dst_entry.902548*)** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %0, i64 0, i32 17, i32 1 %21 = load volatile i64, i64* %20, align 8 %22 = icmp sgt i64 %21, 0 %23 = select i1 %22, i64 %21, i64 0 %24 = trunc i64 %23 to i32 %25 = icmp slt i32 %12, %24 br i1 %25, label %26, label %32 %27 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %0, i64 0, i32 17 %28 = tail call i64 @__percpu_counter_sum(%struct.percpu_counter* %27) #78 %29 = icmp sgt i64 %28, 0 %30 = select i1 %29, i64 %28, i64 0 %31 = trunc i64 %30 to i32 br label %32 %33 = phi i32 [ %31, %26 ], [ %24, %1 ] %34 = load volatile i64, i64* @jiffies, align 64 %35 = sext i32 %10 to i64 %36 = add i64 %19, %35 %37 = sub i64 %34, %36 %38 = icmp sgt i64 %37, -1 %39 = icmp sgt i32 %33, %12 %40 = or i1 %39, %38 br i1 %40, label %41, label %56 %42 = getelementptr inbounds %struct.netns_ipv6.902756, %struct.netns_ipv6.902756* %5, i64 0, i32 15, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 1, i32* %42) #6, !srcloc !4 %44 = add i32 %43, 1 %45 = sext i32 %44 to i64 tail call void bitcast (void (i64, %struct.net.836644*, i1)* @fib6_run_gc to void (i64, %struct.net.902772*, i1)*)(i64 %45, %struct.net.902772* %3, i1 zeroext true) #78 Function:fib6_run_gc %4 = alloca i64, align 8 %5 = bitcast i64* %4 to %struct.util_est* %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %1, i64 0, i32 35, i32 14, i32 0, i32 0 br i1 %2, label %8, label %9 %10 = tail call i32 @_raw_spin_trylock_bh(%struct.raw_spinlock* %7) #78 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %17 %18 = icmp eq i64 %0, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %1, i64 0, i32 35, i32 1, i32 9 %23 = load i32, i32* %22, align 8 br label %24 %25 = phi i32 [ %20, %19 ], [ %23, %21 ] %26 = bitcast i64* %4 to i32* store i32 %25, i32* %26, align 8 %27 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 store i32 0, i32* %27, align 4 call fastcc void @__fib6_clean_all(%struct.net.836644* %1, i32 (%struct.fib6_info.836575*, i8*)* nonnull @fib6_age, i32 0, i8* nonnull %6, i1 zeroext false) #78 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %1, i64 0, i32 35, i32 16 store i64 %28, i64* %29, align 8 %30 = load i32, i32* %27, align 4 %31 = icmp eq i32 %30, 0 %32 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %1, i64 0, i32 35, i32 9 br i1 %31, label %40, label %33 %34 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %1, i64 0, i32 35, i32 1, i32 9 %35 = load i32, i32* %34, align 8 %36 = sext i32 %35 to i64 %37 = add i64 %28, %36 %38 = call i64 @round_jiffies(i64 %37) #78 ------------- Good: 89 Bad: 1 Ignored: 53 Check Use of Function:ieee80211_vif_release_channel Check Use of Function:__SCT__tp_func_azx_resume Check Use of Function:netif_carrier_off Check Use of Function:local_bh_enable.71811 Check Use of Function:register_pernet_subsys Check Use of Function:drm_connector_list_iter_end Check Use of Function:sta_info_free Check Use of Function:__pm_runtime_idle Check Use of Function:ieee80211_led_assoc Check Use of Function:kobject_uevent_env Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 uevent_store.46944 ------------- Path:  Function:uevent_store.46944 %4 = getelementptr inbounds %struct.device_driver, %struct.device_driver* %0, i64 0, i32 18 %5 = load %struct.driver_private*, %struct.driver_private** %4, align 8 %6 = getelementptr inbounds %struct.driver_private, %struct.driver_private* %5, i64 0, i32 0 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #78 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #78 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.28822, i64 0, i64 0), i8* %1, i64 %21) #78 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.28823, i64 0, i64 0), i8* %1, i64 %21) #78 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.28824, i64 0, i64 0), i8* %1, i64 %21) #78 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.28825, i64 0, i64 0), i8* %1, i64 %21) #78 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.28826, i64 0, i64 0), i8* %1, i64 %21) #78 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.28827, i64 0, i64 0), i8* %1, i64 %21) #78 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.28828, i64 0, i64 0), i8* %1, i64 %21) #78 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.28829, i64 0, i64 0), i8* %1, i64 %21) #78 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #79 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 bus_uevent_store ------------- Path:  Function:bus_uevent_store %4 = getelementptr inbounds %struct.bus_type, %struct.bus_type* %0, i64 0, i32 20 %5 = load %struct.subsys_private*, %struct.subsys_private** %4, align 8 %6 = getelementptr inbounds %struct.subsys_private, %struct.subsys_private* %5, i64 0, i32 0, i32 2 %7 = tail call i32 @kobject_synth_uevent(%struct.kobject* %6, i8* %1, i64 %2) #78 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #78 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.28822, i64 0, i64 0), i8* %1, i64 %21) #78 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.28823, i64 0, i64 0), i8* %1, i64 %21) #78 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.28824, i64 0, i64 0), i8* %1, i64 %21) #78 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.28825, i64 0, i64 0), i8* %1, i64 %21) #78 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.28826, i64 0, i64 0), i8* %1, i64 %21) #78 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.28827, i64 0, i64 0), i8* %1, i64 %21) #78 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.28828, i64 0, i64 0), i8* %1, i64 %21) #78 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.28829, i64 0, i64 0), i8* %1, i64 %21) #78 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #79 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 uevent_store ------------- Path:  Function:uevent_store %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #78 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #78 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.28822, i64 0, i64 0), i8* %1, i64 %21) #78 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.28823, i64 0, i64 0), i8* %1, i64 %21) #78 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.28824, i64 0, i64 0), i8* %1, i64 %21) #78 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.28825, i64 0, i64 0), i8* %1, i64 %21) #78 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.28826, i64 0, i64 0), i8* %1, i64 %21) #78 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.28827, i64 0, i64 0), i8* %1, i64 %21) #78 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.28828, i64 0, i64 0), i8* %1, i64 %21) #78 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.28829, i64 0, i64 0), i8* %1, i64 %21) #78 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #79 ------------- Use: =BAD PATH= Call Stack: 0 kobject_synth_uevent 1 store_uevent ------------- Path:  Function:store_uevent %5 = getelementptr inbounds %struct.module_kobject, %struct.module_kobject* %1, i64 0, i32 0 %6 = tail call i32 @kobject_synth_uevent(%struct.kobject* %5, i8* %2, i64 %3) #78 Function:kobject_synth_uevent %4 = alloca [2 x i8*], align 16 %5 = bitcast [2 x i8*]* %4 to i8* %6 = icmp eq i64 %2, 0 br i1 %6, label %162, label %7 %8 = add i64 %2, -1 %9 = getelementptr i8, i8* %1, i64 %8 %10 = load i8, i8* %9, align 1 switch i8 %10, label %13 [ i8 10, label %11 i8 0, label %11 ] %12 = icmp eq i64 %8, 0 br i1 %12, label %162, label %13 %14 = phi i64 [ %8, %11 ], [ %2, %7 ] %15 = tail call i8* @strnchr(i8* %1, i64 %14, i32 32) #78 %16 = icmp eq i8* %15, null %17 = ptrtoint i8* %15 to i64 %18 = ptrtoint i8* %1 to i64 %19 = sub i64 %17, %18 %20 = getelementptr i8, i8* %15, i64 1 %21 = select i1 %16, i64 %14, i64 %19 %22 = select i1 %16, i8* null, i8* %20 %23 = tail call i32 @strncmp(i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.16.28822, i64 0, i64 0), i8* %1, i64 %21) #78 %24 = icmp eq i32 %23, 0 %25 = icmp eq i64 %21, 3 %26 = and i1 %24, %25 br i1 %26, label %58, label %27 %28 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.17.28823, i64 0, i64 0), i8* %1, i64 %21) #78 %29 = icmp eq i32 %28, 0 %30 = icmp eq i64 %21, 6 %31 = and i1 %30, %29 br i1 %31, label %58, label %32 %33 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.18.28824, i64 0, i64 0), i8* %1, i64 %21) #78 %34 = icmp eq i32 %33, 0 %35 = and i1 %30, %34 br i1 %35, label %58, label %36 %37 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.19.28825, i64 0, i64 0), i8* %1, i64 %21) #78 %38 = icmp eq i32 %37, 0 %39 = icmp eq i64 %21, 4 %40 = and i1 %39, %38 br i1 %40, label %58, label %41 %42 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.20.28826, i64 0, i64 0), i8* %1, i64 %21) #78 %43 = icmp eq i32 %42, 0 %44 = and i1 %30, %43 br i1 %44, label %58, label %45 %46 = tail call i32 @strncmp(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.28827, i64 0, i64 0), i8* %1, i64 %21) #78 %47 = icmp eq i32 %46, 0 %48 = icmp eq i64 %21, 7 %49 = and i1 %48, %47 br i1 %49, label %58, label %50 %51 = tail call i32 @strncmp(i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.28828, i64 0, i64 0), i8* %1, i64 %21) #78 %52 = icmp eq i32 %51, 0 %53 = and i1 %39, %52 br i1 %53, label %58, label %54 %55 = tail call i32 @strncmp(i8* getelementptr inbounds ([7 x i8], [7 x i8]* @.str.23.28829, i64 0, i64 0), i8* %1, i64 %21) #78 %56 = icmp eq i32 %55, 0 %57 = and i1 %30, %56 br i1 %57, label %58, label %162 %59 = phi i32 [ 0, %13 ], [ 1, %27 ], [ 2, %32 ], [ 3, %36 ], [ 4, %41 ], [ 5, %45 ], [ 6, %50 ], [ 7, %54 ] %60 = icmp eq i8* %22, null br i1 %60, label %61, label %64 %62 = getelementptr inbounds [2 x i8*], [2 x i8*]* %4, i64 0, i64 0 %63 = call i32 @kobject_uevent_env(%struct.kobject* %0, i32 %59, i8** nonnull %62) #79 ------------- Good: 51 Bad: 4 Ignored: 15 Check Use of Function:check_zeroed_user Use: =BAD PATH= Call Stack: 0 copy_clone_args_from_user 1 __se_sys_clone3 2 __ia32_sys_clone3 ------------- Path:  Function:__ia32_sys_clone3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_clone3(i64 %4, i64 %7) #78 Function:__se_sys_clone3 %3 = alloca %struct.kernel_clone_args, align 8 %4 = alloca [32 x i32], align 16 %5 = inttoptr i64 %0 to %struct.clone_args* %6 = bitcast %struct.kernel_clone_args* %3 to i8* %7 = bitcast [32 x i32]* %4 to i8* %8 = getelementptr inbounds [32 x i32], [32 x i32]* %4, i64 0, i64 0 %9 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %3, i64 0, i32 8 store i32* %8, i32** %9, align 8 %10 = call fastcc i32 @copy_clone_args_from_user(%struct.kernel_clone_args* nonnull %3, %struct.clone_args* %5, i64 %1) #78 Function:copy_clone_args_from_user %4 = alloca %struct.clone_args, align 8 %5 = bitcast %struct.clone_args* %4 to i8* %6 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %0, i64 0, i32 8 %7 = load i32*, i32** %6, align 8 %8 = icmp ugt i64 %2, 4096 br i1 %8, label %95, label %9, !prof !4, !misexpect !5 %10 = icmp ult i64 %2, 64 br i1 %10, label %95, label %11, !prof !4, !misexpect !5 %12 = bitcast %struct.clone_args* %1 to i8* %13 = icmp ugt i64 %2, 88 %14 = select i1 %13, i64 88, i64 %2 %15 = icmp ult i64 %2, 88 %16 = select i1 %15, i64 88, i64 %2 %17 = sub nuw nsw i64 %16, %14 br i1 %15, label %18, label %20 br i1 %13, label %21, label %27 %22 = getelementptr i8, i8* %12, i64 %14 %23 = tail call i32 @check_zeroed_user(i8* %22, i64 %17) #78 ------------- Use: =BAD PATH= Call Stack: 0 copy_clone_args_from_user 1 __se_sys_clone3 2 __x64_sys_clone3 ------------- Path:  Function:__x64_sys_clone3 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_clone3(i64 %3, i64 %5) #78 Function:__se_sys_clone3 %3 = alloca %struct.kernel_clone_args, align 8 %4 = alloca [32 x i32], align 16 %5 = inttoptr i64 %0 to %struct.clone_args* %6 = bitcast %struct.kernel_clone_args* %3 to i8* %7 = bitcast [32 x i32]* %4 to i8* %8 = getelementptr inbounds [32 x i32], [32 x i32]* %4, i64 0, i64 0 %9 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %3, i64 0, i32 8 store i32* %8, i32** %9, align 8 %10 = call fastcc i32 @copy_clone_args_from_user(%struct.kernel_clone_args* nonnull %3, %struct.clone_args* %5, i64 %1) #78 Function:copy_clone_args_from_user %4 = alloca %struct.clone_args, align 8 %5 = bitcast %struct.clone_args* %4 to i8* %6 = getelementptr inbounds %struct.kernel_clone_args, %struct.kernel_clone_args* %0, i64 0, i32 8 %7 = load i32*, i32** %6, align 8 %8 = icmp ugt i64 %2, 4096 br i1 %8, label %95, label %9, !prof !4, !misexpect !5 %10 = icmp ult i64 %2, 64 br i1 %10, label %95, label %11, !prof !4, !misexpect !5 %12 = bitcast %struct.clone_args* %1 to i8* %13 = icmp ugt i64 %2, 88 %14 = select i1 %13, i64 88, i64 %2 %15 = icmp ult i64 %2, 88 %16 = select i1 %15, i64 88, i64 %2 %17 = sub nuw nsw i64 %16, %14 br i1 %15, label %18, label %20 br i1 %13, label %21, label %27 %22 = getelementptr i8, i8* %12, i64 %14 %23 = tail call i32 @check_zeroed_user(i8* %22, i64 %17) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %139, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i32, i64 } %17, 0 %19 = extractvalue { i32*, i32, i64 } %17, 1 %20 = extractvalue { i32*, i32, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %64 %25 = icmp eq i32 %19, 0 %26 = select i1 %25, i32 48, i32 %19 %27 = add i32 %26, -48 %28 = icmp ugt i32 %27, 4048 %29 = inttoptr i64 %1 to i8* br i1 %28, label %60, label %30 %31 = icmp ult i32 %26, 56 %32 = select i1 %31, i32 %26, i32 56 %33 = zext i32 %32 to i64 %34 = select i1 %31, i32 56, i32 %26 %35 = sub nuw nsw i32 %34, %32 %36 = zext i32 %35 to i64 br i1 %31, label %37, label %39 %40 = icmp eq i32 %26, 56 br i1 %40, label %47, label %41 %42 = getelementptr i8, i8* %29, i64 %33 %43 = tail call i32 @check_zeroed_user(i8* %42, i64 %36) #78 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102742, %struct.file.102742* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %14 = bitcast %struct.seccomp_notif* %8 to i8* %15 = tail call i32 @check_zeroed_user(i8* %12, i64 80) #78 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102742, %struct.file.102742* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %14 = bitcast %struct.seccomp_notif* %8 to i8* %15 = tail call i32 @check_zeroed_user(i8* %12, i64 80) #78 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102742, %struct.file.102742* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #78 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_notify_ioctl ------------- Path:  Function:seccomp_notify_ioctl %4 = alloca %struct.efi_table_hdr_t, align 8 %5 = alloca %struct.seccomp_kaddfd, align 8 %6 = alloca i64, align 8 %7 = alloca %struct.trampoline_header, align 8 %8 = alloca %struct.seccomp_notif, align 8 %9 = getelementptr inbounds %struct.file.102742, %struct.file.102742* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seccomp_filter** %11 = load %struct.seccomp_filter*, %struct.seccomp_filter** %10, align 8 %12 = inttoptr i64 %2 to i8* switch i32 %1, label %221 [ i32 -1068490496, label %13 i32 -1072160511, label %102 i32 -2146950910, label %177 i32 1074274562, label %177 ] %222 = and i32 %1, 65535 %223 = icmp eq i32 %222, 8451 br i1 %223, label %224, label %367 %225 = inttoptr i64 %2 to %struct.efi_table_hdr_t* %226 = lshr i32 %1, 16 %227 = and i32 %226, 16383 %228 = bitcast %struct.efi_table_hdr_t* %4 to i8* %229 = bitcast %struct.seccomp_kaddfd* %5 to i8* %230 = add nsw i32 %227, -24 %231 = icmp ugt i32 %230, 4071 br i1 %231, label %365, label %232 %233 = icmp ugt i32 %227, 24 br i1 %233, label %234, label %243 %235 = zext i32 %227 to i64 %236 = add nsw i64 %235, -24 %237 = getelementptr %struct.efi_table_hdr_t, %struct.efi_table_hdr_t* %225, i64 1 %238 = bitcast %struct.efi_table_hdr_t* %237 to i8* %239 = tail call i32 @check_zeroed_user(i8* %238, i64 %236) #78 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __ia32_sys_perf_event_open ------------- Path:  Function:__ia32_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = trunc i64 %3 to i32 %10 = bitcast %struct.perf_event_attr* %6 to i8* %11 = icmp ult i64 %4, 16 br i1 %11, label %12, label %1087 %13 = inttoptr i64 %0 to %struct.perf_event_attr* %14 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %13, %struct.perf_event_attr* nonnull %6) #78 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %31 = getelementptr i8, i8* %19, i64 %22 %32 = tail call i32 @check_zeroed_user(i8* %31, i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 perf_copy_attr 1 __se_sys_perf_event_open 2 __x64_sys_perf_event_open ------------- Path:  Function:__x64_sys_perf_event_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_perf_event_open(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_perf_event_open %6 = alloca %struct.perf_event_attr, align 8 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = trunc i64 %3 to i32 %10 = bitcast %struct.perf_event_attr* %6 to i8* %11 = icmp ult i64 %4, 16 br i1 %11, label %12, label %1087 %13 = inttoptr i64 %0 to %struct.perf_event_attr* %14 = call fastcc i32 @perf_copy_attr(%struct.perf_event_attr* %13, %struct.perf_event_attr* nonnull %6) #78 Function:perf_copy_attr %3 = bitcast %struct.perf_event_attr* %1 to i8* %5 = getelementptr inbounds %struct.perf_event_attr, %struct.perf_event_attr* %0, i64 0, i32 1 %6 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %4) #6, !srcloc !4 %7 = extractvalue { i32*, i32, i64 } %6, 0 %8 = extractvalue { i32*, i32, i64 } %6, 1 %9 = extractvalue { i32*, i32, i64 } %6, 2 %10 = ptrtoint i32* %7 to i64 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %155 %14 = icmp eq i32 %8, 0 %15 = select i1 %14, i32 64, i32 %8 %16 = add i32 %15, -64 %17 = icmp ugt i32 %16, 4032 br i1 %17, label %150, label %18 %19 = bitcast %struct.perf_event_attr* %0 to i8* %20 = icmp ult i32 %15, 128 %21 = select i1 %20, i32 %15, i32 128 %22 = zext i32 %21 to i64 %23 = select i1 %20, i32 128, i32 %15 %24 = sub nuw nsw i32 %23, %21 %25 = zext i32 %24 to i64 br i1 %20, label %26, label %28 %29 = icmp eq i32 %15, 128 br i1 %29, label %36, label %30 %31 = getelementptr i8, i8* %19, i64 %22 %32 = tail call i32 @check_zeroed_user(i8* %31, i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_openat2 ------------- Path:  Function:__x64_sys_openat2 %2 = alloca %struct.perf_branch_entry, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = inttoptr i64 %9 to %struct.perf_branch_entry* %14 = bitcast %struct.perf_branch_entry* %2 to i8* %15 = icmp ult i64 %11, 24 br i1 %15, label %42, label %16, !prof !4, !misexpect !5 %17 = inttoptr i64 %9 to i8* %18 = icmp eq i64 %11, 24 br i1 %18, label %27, label %19 %20 = add i64 %11, -24 %21 = getelementptr %struct.perf_branch_entry, %struct.perf_branch_entry* %13, i64 1 %22 = bitcast %struct.perf_branch_entry* %21 to i8* %23 = tail call i32 @check_zeroed_user(i8* %22, i64 %20) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_openat2 ------------- Path:  Function:__ia32_sys_openat2 %2 = alloca %struct.perf_branch_entry, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %4 to i32 %15 = inttoptr i64 %7 to i8* %16 = inttoptr i64 %10 to %struct.perf_branch_entry* %17 = bitcast %struct.perf_branch_entry* %2 to i8* %18 = icmp ult i64 %13, 24 br i1 %18, label %45, label %19, !prof !4, !misexpect !5 %20 = inttoptr i64 %10 to i8* %21 = icmp eq i64 %13, 24 br i1 %21, label %30, label %22 %23 = add nsw i64 %13, -24 %24 = getelementptr %struct.perf_branch_entry, %struct.perf_branch_entry* %16, i64 1 %25 = bitcast %struct.perf_branch_entry* %24 to i8* %26 = tail call i32 @check_zeroed_user(i8* %25, i64 %23) #78 ------------- Good: 4 Bad: 12 Ignored: 10 Check Use of Function:sd_pr_register Check Use of Function:cfg80211_rx_mlme_mgmt Check Use of Function:netif_set_xps_queue Check Use of Function:ext4_stop_mmpd Check Use of Function:cfg80211_shutdown_all_interfaces Check Use of Function:__i915_active_wait Check Use of Function:iowrite32 Check Use of Function:drv_stop_ap Check Use of Function:kbd_rate Check Use of Function:regulatory_hint_user Check Use of Function:set_blocksize Check Use of Function:cfg80211_cac_event Check Use of Function:_dev_notice Check Use of Function:xt_alloc_table_info Check Use of Function:ieee80211_vif_copy_chanctx_to_vlans Check Use of Function:ieee80211_configure_filter Check Use of Function:ieee80211_free_txskb Check Use of Function:tcp_abort Check Use of Function:dev_change_proto_down Check Use of Function:rtl8139_hw_start Check Use of Function:idr_remove Use: =BAD PATH= Call Stack: 0 free_pid 1 change_pid 2 __se_sys_setpgid 3 __ia32_sys_setpgid ------------- Path:  Function:__ia32_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setpgid(i64 %4, i64 %7) #78 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #78 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #78 %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %80, label %20 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 44 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, -1 br i1 %23, label %24, label %80 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 56 %26 = load %struct.task_struct*, %struct.task_struct** %25, align 8 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 95 %28 = load %struct.signal_struct*, %struct.signal_struct** %27, align 32 %29 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 95 %30 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %31 = icmp eq %struct.signal_struct* %28, %30 br i1 %31, label %32, label %45 %46 = icmp eq %struct.task_struct* %18, %8 br i1 %46, label %47, label %80 %48 = phi %struct.signal_struct* [ %34, %40 ], [ %30, %45 ] %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 95 %50 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %48, i64 0, i32 23 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %80 %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 63 %55 = load %struct.pid*, %struct.pid** %54, align 32 %56 = icmp eq i32 %15, %13 br i1 %56, label %70, label %57 %58 = tail call %struct.pid* @find_vpid(i32 %15) #78 %59 = tail call %struct.task_struct* @pid_task(%struct.pid* %58, i32 2) #78 %60 = icmp eq %struct.task_struct* %59, null br i1 %60, label %80, label %61 %62 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %59, i64 0, i32 95 %63 = load %struct.signal_struct*, %struct.signal_struct** %62, align 32 %64 = getelementptr %struct.signal_struct, %struct.signal_struct* %63, i64 0, i32 21, i64 3 %65 = load %struct.pid*, %struct.pid** %64, align 8 %66 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %67 = getelementptr %struct.signal_struct, %struct.signal_struct* %66, i64 0, i32 21, i64 3 %68 = load %struct.pid*, %struct.pid** %67, align 8 %69 = icmp eq %struct.pid* %65, %68 br i1 %69, label %70, label %80 %71 = phi %struct.pid* [ %55, %53 ], [ %58, %61 ] %72 = tail call i32 @security_task_setpgid(%struct.task_struct* nonnull %18, i32 %15) #78 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %80 %75 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %76 = getelementptr %struct.signal_struct, %struct.signal_struct* %75, i64 0, i32 21, i64 2 %77 = load %struct.pid*, %struct.pid** %76, align 8 %78 = icmp eq %struct.pid* %77, %71 br i1 %78, label %80, label %79 tail call void @change_pid(%struct.task_struct* nonnull %18, i32 2, %struct.pid* %71) #78 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #78 Function:free_pid %2 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @pidmap_lock, i64 0, i32 0, i32 0)) #78 %3 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 1 br label %4 %5 = phi i32 [ 0, %1 ], [ %28, %22 ] %6 = sext i32 %5 to i64 %7 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 1 %8 = load %struct.pid_namespace*, %struct.pid_namespace** %7, align 8 %9 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = add i32 %10, -1 store i32 %11, i32* %9, align 8 switch i32 %10, label %22 [ i32 3, label %12 i32 2, label %12 i32 -2147483647, label %16 ] %23 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 0 %24 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 0 %25 = load i32, i32* %24, align 8 %26 = sext i32 %25 to i64 %27 = tail call i8* @idr_remove(%struct.idr* %23, i64 %26) #78 ------------- Use: =BAD PATH= Call Stack: 0 free_pid 1 change_pid 2 __se_sys_setpgid 3 __x64_sys_setpgid ------------- Path:  Function:__x64_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setpgid(i64 %3, i64 %5) #78 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %6 = inttoptr i64 %5 to %struct.task_struct* %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %6, i64 0, i32 60 %8 = load %struct.task_struct*, %struct.task_struct** %7, align 8 %9 = icmp eq i32 %3, 0 br i1 %9, label %10, label %12 %11 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %8, i32 0, %struct.pid_namespace* null) #78 br label %12 %13 = phi i32 [ %3, %2 ], [ %11, %10 ] %14 = icmp eq i32 %4, 0 %15 = select i1 %14, i32 %13, i32 %4 %16 = icmp slt i32 %15, 0 br i1 %16, label %83, label %17 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %18 = tail call %struct.task_struct* @find_task_by_vpid(i32 %13) #78 %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %80, label %20 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 44 %22 = load i32, i32* %21, align 4 %23 = icmp sgt i32 %22, -1 br i1 %23, label %24, label %80 %25 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 56 %26 = load %struct.task_struct*, %struct.task_struct** %25, align 8 %27 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %26, i64 0, i32 95 %28 = load %struct.signal_struct*, %struct.signal_struct** %27, align 32 %29 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 95 %30 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %31 = icmp eq %struct.signal_struct* %28, %30 br i1 %31, label %32, label %45 %46 = icmp eq %struct.task_struct* %18, %8 br i1 %46, label %47, label %80 %48 = phi %struct.signal_struct* [ %34, %40 ], [ %30, %45 ] %49 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 95 %50 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %48, i64 0, i32 23 %51 = load i32, i32* %50, align 8 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %80 %54 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %18, i64 0, i32 63 %55 = load %struct.pid*, %struct.pid** %54, align 32 %56 = icmp eq i32 %15, %13 br i1 %56, label %70, label %57 %58 = tail call %struct.pid* @find_vpid(i32 %15) #78 %59 = tail call %struct.task_struct* @pid_task(%struct.pid* %58, i32 2) #78 %60 = icmp eq %struct.task_struct* %59, null br i1 %60, label %80, label %61 %62 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %59, i64 0, i32 95 %63 = load %struct.signal_struct*, %struct.signal_struct** %62, align 32 %64 = getelementptr %struct.signal_struct, %struct.signal_struct* %63, i64 0, i32 21, i64 3 %65 = load %struct.pid*, %struct.pid** %64, align 8 %66 = load %struct.signal_struct*, %struct.signal_struct** %29, align 32 %67 = getelementptr %struct.signal_struct, %struct.signal_struct* %66, i64 0, i32 21, i64 3 %68 = load %struct.pid*, %struct.pid** %67, align 8 %69 = icmp eq %struct.pid* %65, %68 br i1 %69, label %70, label %80 %71 = phi %struct.pid* [ %55, %53 ], [ %58, %61 ] %72 = tail call i32 @security_task_setpgid(%struct.task_struct* nonnull %18, i32 %15) #78 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %80 %75 = load %struct.signal_struct*, %struct.signal_struct** %49, align 32 %76 = getelementptr %struct.signal_struct, %struct.signal_struct* %75, i64 0, i32 21, i64 2 %77 = load %struct.pid*, %struct.pid** %76, align 8 %78 = icmp eq %struct.pid* %77, %71 br i1 %78, label %80, label %79 tail call void @change_pid(%struct.task_struct* nonnull %18, i32 2, %struct.pid* %71) #78 Function:change_pid %4 = icmp eq i32 %1, 0 br i1 %4, label %5, label %7 %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 95 %9 = load %struct.signal_struct*, %struct.signal_struct** %8, align 32 %10 = zext i32 %1 to i64 %11 = getelementptr %struct.signal_struct, %struct.signal_struct* %9, i64 0, i32 21, i64 %10 br label %12 %13 = phi i64 [ 0, %5 ], [ %10, %7 ] %14 = phi %struct.pid** [ %6, %5 ], [ %11, %7 ] %15 = load %struct.pid*, %struct.pid** %14, align 8 %16 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 0 %17 = load %struct.hlist_node*, %struct.hlist_node** %16, align 8 %18 = getelementptr %struct.task_struct, %struct.task_struct* %0, i64 0, i32 64, i64 %13, i32 1 %19 = load %struct.hlist_node**, %struct.hlist_node*** %18, align 8 store volatile %struct.hlist_node* %17, %struct.hlist_node** %19, align 8 %20 = icmp eq %struct.hlist_node* %17, null br i1 %20, label %23, label %21 %22 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %17, i64 0, i32 1 store volatile %struct.hlist_node** %19, %struct.hlist_node*** %22, align 8 br label %23 store volatile %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %18, align 8 store %struct.pid* %2, %struct.pid** %14, align 8 %24 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 3, i32 0 %25 = load volatile %struct.hlist_node*, %struct.hlist_node** %24, align 8 %26 = icmp eq %struct.hlist_node* %25, null br i1 %26, label %48, label %27 %49 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 2, i32 0 %50 = load volatile %struct.hlist_node*, %struct.hlist_node** %49, align 8 %51 = icmp eq %struct.hlist_node* %50, null br i1 %51, label %52, label %27 %53 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 1, i32 0 %54 = load volatile %struct.hlist_node*, %struct.hlist_node** %53, align 8 %55 = icmp eq %struct.hlist_node* %54, null br i1 %55, label %56, label %27 %57 = getelementptr %struct.pid, %struct.pid* %15, i64 0, i32 3, i64 0, i32 0 %58 = load volatile %struct.hlist_node*, %struct.hlist_node** %57, align 8 %59 = icmp eq %struct.hlist_node* %58, null br i1 %59, label %60, label %27 tail call void @free_pid(%struct.pid* %15) #78 Function:free_pid %2 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @pidmap_lock, i64 0, i32 0, i32 0)) #78 %3 = getelementptr inbounds %struct.pid, %struct.pid* %0, i64 0, i32 1 br label %4 %5 = phi i32 [ 0, %1 ], [ %28, %22 ] %6 = sext i32 %5 to i64 %7 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 1 %8 = load %struct.pid_namespace*, %struct.pid_namespace** %7, align 8 %9 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = add i32 %10, -1 store i32 %11, i32* %9, align 8 switch i32 %10, label %22 [ i32 3, label %12 i32 2, label %12 i32 -2147483647, label %16 ] %23 = getelementptr inbounds %struct.pid_namespace, %struct.pid_namespace* %8, i64 0, i32 0 %24 = getelementptr %struct.pid, %struct.pid* %0, i64 0, i32 7, i64 %6, i32 0 %25 = load i32, i32* %24, align 8 %26 = sext i32 %25 to i64 %27 = tail call i8* @idr_remove(%struct.idr* %23, i64 %26) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_put_client 1 nfs4_init_client ------------- Path:  Function:nfs4_init_client %3 = alloca %struct.__kernel_sockaddr_storage, align 8 %4 = alloca %struct.__kernel_sockaddr_storage, align 8 %5 = alloca %struct.xprt_create, align 8 %6 = alloca %struct.nfs_client.247351*, align 8 %7 = bitcast %struct.nfs_client.247351** %6 to i8* store %struct.nfs_client.247351* null, %struct.nfs_client.247351** %6, align 8 %8 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 2 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %99, label %11 %12 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 31 %13 = load %struct.nfs4_minor_version_ops.247360*, %struct.nfs4_minor_version_ops.247360** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_minor_version_ops.247360, %struct.nfs4_minor_version_ops.247360* %13, i64 0, i32 2 %15 = load i32 (%struct.nfs_client.247351*)*, i32 (%struct.nfs_client.247351*)** %14, align 8 %16 = tail call i32 %15(%struct.nfs_client.247351* %0) #78 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %30 %19 = getelementptr inbounds %struct.nfs_client.247351, %struct.nfs_client.247351* %0, i64 0, i32 11 %20 = load %struct.rpc_clnt*, %struct.rpc_clnt** %19, align 8 %21 = getelementptr inbounds %struct.rpc_clnt, %struct.rpc_clnt* %20, i64 0, i32 5 %22 = load volatile %struct.rpc_xprt*, %struct.rpc_xprt** %21, align 8 %23 = load %struct.nfs4_minor_version_ops.247360*, %struct.nfs4_minor_version_ops.247360** %12, align 8 %24 = getelementptr inbounds %struct.nfs4_minor_version_ops.247360, %struct.nfs4_minor_version_ops.247360* %23, i64 0, i32 0 %25 = load i32, i32* %24, align 8 %26 = tail call i32 @nfs_callback_up(i32 %25, %struct.rpc_xprt* %22) #78 %27 = icmp slt i32 %26, 0 br i1 %27, label %95, label %28 %96 = phi i32 [ %16, %30 ], [ %33, %32 ], [ %26, %18 ] call void bitcast (void (%struct.nfs_client*, i32)* @nfs_mark_client_ready to void (%struct.nfs_client.247351*, i32)*)(%struct.nfs_client.247351* %0, i32 %96) #78 call void bitcast (void (%struct.nfs_client*)* @nfs_put_client to void (%struct.nfs_client.247351*)*)(%struct.nfs_client.247351* %0) #78 Function:nfs_put_client %2 = icmp eq %struct.nfs_client* %0, null br i1 %2, label %51, label %3 %4 = getelementptr inbounds %struct.nfs_client, %struct.nfs_client* %0, i64 0, i32 43 %5 = load %struct.net*, %struct.net** %4, align 8 %6 = load i32, i32* @nfs_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.net, %struct.net* %5, i64 0, i32 38 %8 = load volatile %struct.net_generic*, %struct.net_generic** %7, align 64 %9 = bitcast %struct.net_generic* %8 to [0 x i8*]* %10 = zext i32 %6 to i64 %11 = getelementptr [0 x i8*], [0 x i8*]* %9, i64 0, i64 %10 %12 = load i8*, i8** %11, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %13 = getelementptr inbounds %struct.nfs_client, %struct.nfs_client* %0, i64 0, i32 0 %14 = getelementptr inbounds i8, i8* %12, i64 160 %15 = bitcast i8* %14 to %struct.spinlock* %16 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %13, %struct.spinlock* %15) #78 br i1 %16, label %17, label %51 %18 = getelementptr inbounds %struct.nfs_client, %struct.nfs_client* %0, i64 0, i32 9, i32 1 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.nfs_client, %struct.nfs_client* %0, i64 0, i32 9, i32 0 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 1 store %struct.list_head* %19, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 store volatile %struct.list_head* %21, %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %20, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %18, align 8 %24 = load %struct.net*, %struct.net** %4, align 8 %25 = load i32, i32* @nfs_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %26 = getelementptr inbounds %struct.net, %struct.net* %24, i64 0, i32 38 %27 = load volatile %struct.net_generic*, %struct.net_generic** %26, align 64 %28 = bitcast %struct.net_generic* %27 to [0 x i8*]* %29 = zext i32 %25 to i64 %30 = getelementptr [0 x i8*], [0 x i8*]* %28, i64 0, i64 %29 %31 = load i8*, i8** %30, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %32 = getelementptr inbounds %struct.nfs_client, %struct.nfs_client* %0, i64 0, i32 30 %33 = load i32, i32* %32, align 8 %34 = icmp eq i32 %33, 0 br i1 %34, label %40, label %35 %36 = getelementptr inbounds i8, i8* %31, i64 120 %37 = bitcast i8* %36 to %struct.idr* %38 = zext i32 %33 to i64 %39 = tail call i8* @idr_remove(%struct.idr* %37, i64 %38) #78 ------------- Good: 125 Bad: 3 Ignored: 70 Check Use of Function:cfg80211_free_nan_func Check Use of Function:__SCT__tp_func_drv_leave_ibss Check Use of Function:force_sig Use: =BAD PATH= Call Stack: 0 signal_fault 1 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = bitcast %struct.cpumask* %2 to i8* %12 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 0, i64* %12, align 8 %13 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -4 %16 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %17 = add i64 %16, -268 %18 = icmp ult i64 %17, %15 br i1 %18, label %42, label %19, !prof !6, !misexpect !7 %20 = inttoptr i64 %15 to %struct.rt_sigframe_ia32* %22 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %20, i64 0, i32 5, i32 4 %23 = bitcast %struct.kernel_cap_struct* %22 to i64* %24 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %23, i64 8, i64 %21) #6, !srcloc !8 %25 = extractvalue { i64*, i64, i64 } %24, 0 %26 = extractvalue { i64*, i64, i64 } %24, 1 %27 = extractvalue { i64*, i64, i64 } %24, 2 %28 = ptrtoint i64* %25 to i64 store i64 %26, i64* %12, align 8 %29 = and i64 %28, 4294967295 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %42, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #78 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %20, i64 0, i32 5, i32 3 %33 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %32) #79 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %42 %36 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %20, i64 0, i32 5, i32 2 %37 = call i32 @compat_restore_altstack(%struct.uid_gid_extent* %36) #78 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %42 %43 = inttoptr i64 %15 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %43, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.3.4769, i64 0, i64 0)) #78 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #78 ------------- Use: =BAD PATH= Call Stack: 0 signal_fault 1 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 2 %6 = bitcast i8** %5 to i64* %7 = load i64, i64* %6, align 32 %8 = add i64 %7, 16384 %9 = inttoptr i64 %8 to %struct.pt_regs* %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1 %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %9, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = inttoptr i64 %13 to %struct.sigframe_ia32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !5 %18 = add i64 %17, -736 %19 = icmp ult i64 %18, %13 br i1 %19, label %50, label %20, !prof !6, !misexpect !7 %22 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2 %23 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 2, i32 26 %24 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %23, i64 4, i64 %21) #6, !srcloc !8 %25 = extractvalue { i32*, i32, i64 } %24, 0 %26 = extractvalue { i32*, i32, i64 } %24, 1 %27 = extractvalue { i32*, i32, i64 } %24, 2 %28 = ptrtoint i32* %25 to i64 %29 = zext i32 %26 to i64 store i64 %29, i64* %16, align 8 %30 = and i64 %28, 4294967295 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %50, !prof !9, !misexpect !10 %34 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %14, i64 0, i32 4, i64 0 %35 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_nocheck_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %34, i64 4, i64 %33) #6, !srcloc !11 %36 = extractvalue { i32*, i32, i64 } %35, 0 %37 = extractvalue { i32*, i32, i64 } %35, 1 %38 = extractvalue { i32*, i32, i64 } %35, 2 %39 = ptrtoint i32* %36 to i64 %40 = bitcast %struct.cpumask* %2 to i32* %41 = getelementptr inbounds i32, i32* %40, i64 1 store i32 %37, i32* %41, align 4 %42 = and i64 %39, 4294967295 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %50, !prof !9, !misexpect !10 call void @set_current_blocked(%struct.cpumask* nonnull %2) #78 %45 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %10, %struct.sigcontext_32* %22) #79 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %50 %51 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %10, i8* %51, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4766, i64 0, i64 0)) #78 Function:signal_fault %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = load i32, i32* @show_unhandled_signals, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %26, label %8 %9 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #78 %10 = icmp eq i32 %9, 0 br i1 %10, label %26, label %11 tail call void @force_sig(i32 11) #78 ------------- Good: 6 Bad: 2 Ignored: 20 Check Use of Function:ieee80211_tx_h_select_key Check Use of Function:iommu_disable_protect_mem_regions Check Use of Function:yenta_probe_cb_irq Check Use of Function:proc_tid_base_lookup Check Use of Function:ieee80211_xmit Check Use of Function:iomem_get_mapping Check Use of Function:ieee80211_tx_frags Check Use of Function:__ieee80211_tx Check Use of Function:invoke_tx_handlers_late Check Use of Function:drop_super Check Use of Function:drm_modeset_acquire_fini Check Use of Function:path_init Check Use of Function:drm_atomic_get_crtc_state Check Use of Function:ieee80211_mgd_probe_ap_send Check Use of Function:ieee80211_sdata_stop Check Use of Function:ieee80211_data_to_8023_exthdr Check Use of Function:ieee80211_recalc_ps_vif Check Use of Function:__ieee80211_request_sched_scan_start Check Use of Function:ieee80211_send_nullfunc Check Use of Function:tty_kref_put Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 20, i32 0, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 20, i32 1 %46 = load %struct.pid.51755*, %struct.pid.51755** %45, align 8 %47 = icmp eq %struct.pid.51755* %46, null br i1 %47, label %57, label %48 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %43, i64 %44) #78 br label %65 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 20, i32 0, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 20, i32 1 %46 = load %struct.pid.51755*, %struct.pid.51755** %45, align 8 %47 = icmp eq %struct.pid.51755* %46, null br i1 %47, label %57, label %48 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %43, i64 %44) #78 br label %65 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct*, %struct.tty_struct** %12, align 8 switch i32 %1, label %19 [ i32 21521, label %14 i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 -2147191753, label %14 i32 -2147191722, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file* %0, i32 %1, i64 %2) #78 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 20, i32 0, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 20, i32 1 %46 = load %struct.pid.51755*, %struct.pid.51755** %45, align 8 %47 = icmp eq %struct.pid.51755* %46, null br i1 %47, label %57, label %48 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %43, i64 %44) #78 br label %65 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct*, %struct.tty_struct** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %18 = load %struct.inode*, %struct.inode** %17, align 8 %19 = icmp eq %struct.tty_struct* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %15, i64 0, i32 3 %38 = load %struct.tty_driver*, %struct.tty_driver** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver, %struct.tty_driver* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %403 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %70 i32 21523, label %105 i32 21524, label %113 i32 21533, label %144 i32 21516, label %174 i32 21517, label %177 i32 -2147199936, label %180 i32 21540, label %193 i32 21559, label %221 i32 -2147199950, label %224 i32 21525, label %280 i32 21528, label %299 i32 21527, label %299 i32 21526, label %299 i32 21597, label %332 i32 21515, label %349 i32 21535, label %351 i32 21534, label %382 i32 21569, label %399 ] %404 = tail call i64 bitcast (i64 (%struct.tty_struct.362950*, %struct.tty_struct.362950*, %struct.file.362846*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct*, %struct.tty_struct*, %struct.file*, i32, i64)*)(%struct.tty_struct* nonnull %15, %struct.tty_struct* %50, %struct.file* %0, i32 %1, i64 %2) #79 Function:tty_jobctrl_ioctl switch i32 %3, label %236 [ i32 21538, label %6 i32 21518, label %24 i32 21519, label %96 i32 21520, label %133 i32 21545, label %209 ] %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct.363009* %9 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %8, i64 0, i32 95 %10 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %10, i64 0, i32 24 %12 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %11, align 8 %13 = icmp eq %struct.tty_struct.362950* %12, %0 br i1 %13, label %14, label %236 tail call void @disassociate_ctty(i32 0) #78 Function:disassociate_ctty %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.363009** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.363009**)) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct.363009* %4 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 95 %5 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %6 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %5, i64 0, i32 23 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %151, label %9 %10 = getelementptr inbounds %struct.task_struct.363009, %struct.task_struct.363009* %3, i64 0, i32 96 %11 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %12 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %11, i64 0, i32 0, i32 0, i32 0 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %12) #78 %14 = load %struct.signal_struct.362956*, %struct.signal_struct.362956** %4, align 32 %15 = getelementptr inbounds %struct.signal_struct.362956, %struct.signal_struct.362956* %14, i64 0, i32 24 %16 = load %struct.tty_struct.362950*, %struct.tty_struct.362950** %15, align 8 %17 = icmp eq %struct.tty_struct.362950* %16, null br i1 %17, label %30, label %18 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %10, align 8 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %32, i64 %13) #78 %33 = icmp eq i32 %0, 0 br i1 %17, label %66, label %34 br i1 %33, label %42, label %35 %36 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 3 %37 = load %struct.tty_driver.362945*, %struct.tty_driver.362945** %36, align 8 %38 = getelementptr inbounds %struct.tty_driver.362945, %struct.tty_driver.362945* %37, i64 0, i32 10 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, 4 br i1 %40, label %42, label %41 %43 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 20, i32 0, i32 0, i32 0 %44 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %43) #78 %45 = getelementptr inbounds %struct.tty_struct.362950, %struct.tty_struct.362950* %16, i64 0, i32 20, i32 1 %46 = load %struct.pid.51755*, %struct.pid.51755** %45, align 8 %47 = icmp eq %struct.pid.51755* %46, null br i1 %47, label %57, label %48 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %43, i64 %44) #78 br label %65 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.362950*)*)(%struct.tty_struct.362950* nonnull %16) #78 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_open 1 uart_open ------------- Path:  Function:uart_open %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 0 %7 = tail call i32 bitcast (i32 (%struct.tty_port.361680*, %struct.tty_struct.361677*, %struct.file.361569*)* @tty_port_open to i32 (%struct.tty_port*, %struct.tty_struct*, %struct.file*)*)(%struct.tty_port* %6, %struct.tty_struct* %0, %struct.file* %1) #78 Function:tty_port_open %4 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 5 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %5) #78 %6 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = add i32 %7, 1 store i32 %8, i32* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %9, align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 5, i32 0, i32 0 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #78 %12 = getelementptr inbounds %struct.tty_port.361680, %struct.tty_port.361680* %0, i64 0, i32 1 %13 = load %struct.tty_struct.361677*, %struct.tty_struct.361677** %12, align 8 tail call void bitcast (void (%struct.tty_struct*)* @tty_kref_put to void (%struct.tty_struct.361677*)*)(%struct.tty_struct.361677* %13) #78 ------------- Good: 23 Bad: 5 Ignored: 25 Check Use of Function:ieee80211_mgd_stop Check Use of Function:ieee80211_ibss_stop Check Use of Function:ieee80211_dfs_cac_cancel Check Use of Function:drm_atomic_state_clear Check Use of Function:ieee80211_queue_delayed_work Check Use of Function:security_kernel_post_load_data Check Use of Function:ieee80211_key_free_common Check Use of Function:nl80211_exit Check Use of Function:___ieee80211_stop_rx_ba_session Check Use of Function:sta_set_sinfo Check Use of Function:ieee80211_recalc_ps Check Use of Function:sta_info_move_state Check Use of Function:drm_mode_convert_to_umode Check Use of Function:drv_tdls_cancel_channel_switch Check Use of Function:sta_info_hash_del Check Use of Function:kcalloc.71688 Check Use of Function:drv_sync_rx_queues Check Use of Function:__sta_info_destroy_part2 Check Use of Function:perf_event_set_output Check Use of Function:wiphy_register Check Use of Function:ipv6_sysctl_register Check Use of Function:ieee80211_init_rate_ctrl_alg Check Use of Function:drv_suspend Check Use of Function:drm_atomic_helper_disable_plane Check Use of Function:drm_mode_get_hv_timing Check Use of Function:pin_insert Check Use of Function:ieee80211_txq_purge Check Use of Function:generic_access_phys Check Use of Function:ieee80211_queue_skb Check Use of Function:iommu_change_dev_def_domain Check Use of Function:drm_event_cancel_free Check Use of Function:round_jiffies_relative Check Use of Function:kern_path Check Use of Function:__hw_addr_init Check Use of Function:__cfg80211_connect_result Check Use of Function:cfg80211_sme_rx_auth Check Use of Function:panic Use: =BAD PATH= Call Stack: 0 snd_disconnect_release ------------- Path:  Function:snd_disconnect_release tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @shutdown_lock, i64 0, i32 0, i32 0)) #78 %3 = load i8*, i8** bitcast (%struct.list_head* @shutdown_files to i8**), align 8 %4 = icmp eq i8* %3, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %4, label %25, label %5 %6 = phi i8* [ %23, %21 ], [ %3, %2 ] %7 = getelementptr i8, i8* %6, i64 -16 %8 = bitcast i8* %7 to %struct.file** %9 = load %struct.file*, %struct.file** %8, align 8 %10 = icmp eq %struct.file* %9, %1 br i1 %10, label %11, label %21 %22 = bitcast i8* %6 to i8** %23 = load i8*, i8** %22, align 8 %24 = icmp eq i8* %23, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %24, label %25, label %5 %26 = phi %struct.snd_monitor_file* [ %13, %11 ], [ null, %2 ], [ null, %21 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @shutdown_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %27 = icmp eq %struct.snd_monitor_file* %26, null br i1 %27, label %47, label %28, !prof !6, !misexpect !7 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.25.61626, i64 0, i64 0), i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_disconnect_release, i64 0, i64 0), %struct.inode* %0, %struct.file* %1) #79 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation_on_close 4 nfs4_put_open_state 5 __nfs4_close 6 nfs4_close_sync 7 nfs4_close_context ------------- Path:  Function:nfs4_close_context %3 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 5 %4 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %3, align 8 %5 = icmp eq %struct.nfs4_state.236428* %4, null br i1 %5, label %16, label %6 %7 = icmp eq i32 %1, 0 %8 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 3 %11 = lshr i32 %9, 5 %12 = and i32 %11, 1 %13 = or i32 %12, %10 br i1 %7, label %15, label %14 tail call void bitcast (void (%struct.nfs4_state.238111*, i32)* @nfs4_close_sync to void (%struct.nfs4_state.236428*, i32)*)(%struct.nfs4_state.236428* nonnull %4, i32 %13) #78 Function:nfs4_close_sync tail call fastcc void @__nfs4_close(%struct.nfs4_state.238111* %0, i32 %1, i32 1) #78 Function:__nfs4_close %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 6 %7 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %6, i64 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32* %7) #6, !srcloc !4 %8 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %9 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %8, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %10 = and i32 %1, 3 switch i32 %10, label %23 [ i32 1, label %11 i32 2, label %15 i32 3, label %19 ] %20 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %21 = load i32, i32* %20, align 4 %22 = add i32 %21, -1 store i32 %22, i32* %20, align 4 br label %23 %24 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 12 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %62 %28 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 10 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %40 %32 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 5 %33 = load volatile i64, i64* %32, align 8 %34 = and i64 %33, 8 %35 = load volatile i64, i64* %32, align 8 %36 = and i64 %35, 32 %37 = or i64 %36, %34 %38 = icmp ne i64 %37, 0 %39 = zext i1 %38 to i32 br label %40 %41 = phi i32 [ %39, %31 ], [ 0, %27 ] %42 = phi i32 [ 2, %31 ], [ 3, %27 ] %43 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 11 %44 = load i32, i32* %43, align 8 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %62 %63 = phi i32 [ %58, %60 ], [ %58, %46 ], [ 0, %23 ], [ %41, %40 ] %64 = phi i32 [ 0, %60 ], [ 1, %46 ], [ 3, %23 ], [ %42, %40 ] %65 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 13 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %64 br i1 %67, label %94, label %68 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %95 = bitcast %struct.spinlock* %8 to i8* store volatile i8 0, i8* %95, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %96 = icmp eq i32 %63, 0 br i1 %96, label %97, label %116 tail call void @nfs4_put_open_state(%struct.nfs4_state.238111* %0) #79 Function:nfs4_put_open_state %2 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 4 %3 = load %struct.inode*, %struct.inode** %2, align 8 %4 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 3 %5 = load %struct.nfs4_state_owner.238107*, %struct.nfs4_state_owner.238107** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 14 %7 = getelementptr inbounds %struct.nfs4_state_owner.238107, %struct.nfs4_state_owner.238107* %5, i64 0, i32 5 %8 = tail call zeroext i1 @refcount_dec_and_lock(%struct.seqcount_spinlock* %6, %struct.spinlock* %7) #78 br i1 %8, label %9, label %49 %10 = getelementptr inbounds %struct.inode, %struct.inode* %3, i64 0, i32 18 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 1, i32 1 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 1, i32 0 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 1 store %struct.list_head* %13, %struct.list_head** %16, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %17, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %12, align 8 %18 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 0, i32 1 %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_state.238111, %struct.nfs4_state.238111* %0, i64 0, i32 0, i32 0 %21 = load %struct.list_head*, %struct.list_head** %20, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %21, i64 0, i32 1 store %struct.list_head* %19, %struct.list_head** %22, align 8 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 store volatile %struct.list_head* %21, %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %20, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %18, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %24 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %24, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %25, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @nfs4_inode_return_delegation_on_close(%struct.inode* %3) #78 Function:nfs4_inode_return_delegation_on_close %2 = icmp eq %struct.inode* %0, null br i1 %2, label %63, label %3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %5 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %4, i64 88 %6 = bitcast %struct.seqcount_spinlock* %5 to %struct.nfs_delegation.236475** %7 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %6, align 8 %8 = icmp eq %struct.nfs_delegation.236475* %7, null br i1 %8, label %60, label %9 %61 = phi %struct.nfs_delegation.236475* [ %56, %59 ], [ null, %55 ], [ null, %22 ], [ null, %14 ], [ null, %9 ], [ null, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %62 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* nonnull %0, %struct.nfs_delegation.236475* %61, i32 0) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation 4 nfs4_inode_make_writeable 5 _nfs4_do_setattr 6 nfs4_do_setattr 7 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #78 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236429** %24 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236429* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236429* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236429* %31, %struct.nfs4_label* null) #79 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236401** %15 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236429* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236428* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 2 %27 = bitcast %struct.nfs_fh** %24 to %struct.seqcount_spinlock** %28 = bitcast %struct.nfs_setattrargs* %8 to i8* store %struct.seqcount_spinlock* %26, %struct.seqcount_spinlock** %27, align 8 %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %30 = bitcast %struct.nfs4_stateid_struct* %29 to i8* %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %32, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %34 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %34, i32** %33, align 8 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %35, align 8 %36 = bitcast %struct.nfs_setattrres* %9 to i8* %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 %38 = bitcast %struct.nfs_setattrres* %9 to i8* store %struct.nfs_fattr* %2, %struct.nfs_fattr** %37, align 8 %39 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %39, align 8 %40 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %40, align 8 %41 = bitcast %struct.nfs4_exception* %10 to i8* %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236428* %22, %struct.nfs4_state.236428** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %29, %struct.nfs4_stateid_struct** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = and i32 %49, 6145 %51 = icmp eq i32 %50, 0 %52 = select i1 %51, i64 256, i64 131328 %53 = and i32 %49, 6 %54 = icmp eq i32 %53, 0 %55 = or i64 %52, 4096 %56 = select i1 %54, i64 %52, i64 %55 %57 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 35, i64 0 %58 = bitcast i32* %57 to i8* %59 = icmp eq %struct.inode* %0, null %60 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 38 %61 = bitcast %struct.seqcount_spinlock* %60 to i64* %62 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 0 %64 = icmp eq %struct.nfs4_state.236428* %22, null %65 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %22, i64 0, i32 13 br label %66 br i1 %59, label %92, label %67 %93 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236429* %4) #79 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236401** %14 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* %0) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation 4 nfs4_inode_make_writeable 5 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.236417** %6 = load %struct.nfs_renameargs.236417*, %struct.nfs_renameargs.236417** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.236418** %9 = load %struct.nfs_renameres.236418*, %struct.nfs_renameres.236418** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %11 = load %struct.inode*, %struct.inode** %10, align 8 %12 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = icmp eq %struct.inode* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %11) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation 4 nfs4_inode_make_writeable 5 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 @nfs4_inode_make_writeable(%struct.inode* nonnull %7) #78 Function:nfs4_inode_make_writeable tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %18, label %7 %8 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %5, i64 0, i32 7 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 32 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %18 %13 = load volatile i64, i64* %8, align 8 %14 = and i64 %13, 16 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 %17 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* %0) #79 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_end_delegation_return 3 nfs4_inode_return_delegation 4 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.236413** %6 = load %struct.nfs_removeargs.236413*, %struct.nfs_removeargs.236413** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.236415** %9 = load %struct.nfs_removeres.236415*, %struct.nfs_removeres.236415** %8, align 8 %10 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 9 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 16 %15 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.236401** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %0, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = icmp eq %struct.inode* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 @nfs4_inode_return_delegation(%struct.inode* nonnull %2) #78 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 88 %4 = bitcast %struct.seqcount_spinlock* %3 to %struct.nfs_delegation.236475** %5 = load volatile %struct.nfs_delegation.236475*, %struct.nfs_delegation.236475** %4, align 8 %6 = icmp eq %struct.nfs_delegation.236475* %5, null br i1 %6, label %34, label %7 %35 = phi %struct.nfs_delegation.236475* [ null, %1 ], [ %28, %31 ], [ null, %27 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @rcu_read_unlock_strict() #78 %36 = icmp eq %struct.nfs_delegation.236475* %35, null br i1 %36, label %61, label %37 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %39 = load %struct.file_lock_context*, %struct.file_lock_context** %38, align 8 %40 = icmp eq %struct.file_lock_context* %39, null br i1 %40, label %52, label %41 %53 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %54 = load i16, i16* %53, align 8 %55 = and i16 %54, -4096 %56 = icmp eq i16 %55, -32768 br i1 %56, label %57, label %59 %58 = tail call i32 @nfs_wb_all(%struct.inode* %0) #78 br label %59 %60 = tail call fastcc i32 @nfs_end_delegation_return(%struct.inode* %0, %struct.nfs_delegation.236475* nonnull %35, i32 1) #79 Function:nfs_end_delegation_return %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %5 = load %struct.super_block*, %struct.super_block** %4, align 8 %6 = getelementptr inbounds %struct.super_block, %struct.super_block* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.241391** %8 = load %struct.nfs_server.241391*, %struct.nfs_server.241391** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.241391, %struct.nfs_server.241391* %8, i64 0, i32 0 %10 = load %struct.nfs_client.241456*, %struct.nfs_client.241456** %9, align 8 %11 = icmp eq %struct.nfs_delegation.236475* %1, null br i1 %11, label %211, label %12 %13 = icmp eq i32 %2, 0 %14 = select i1 %13, i32 2051, i32 3 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 40 %16 = load %struct.file_lock_context*, %struct.file_lock_context** %15, align 8 %17 = icmp eq %struct.file_lock_context* %16, null br i1 %17, label %30, label %18 %31 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 7 %32 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3 %33 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %34 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %33, i64 78 %35 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head* %36 = bitcast %struct.seqcount_spinlock* %34 to %struct.list_head** %37 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 3, i32 1 %38 = bitcast %struct.nfs4_stateid_struct* %32 to i8* br label %39 %40 = load volatile i64, i64* %31, align 8 %41 = and i64 %40, 32 %42 = icmp eq i64 %41, 0 br i1 %42, label %43, label %165 %166 = load volatile i64, i64* %31, align 8 %167 = and i64 %166, 32 %168 = icmp eq i64 %167, 0 br i1 %168, label %169, label %188 %170 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 9 %171 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %170, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %171) #78 %172 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %173 = load %struct.cred*, %struct.cred** %172, align 8 %174 = icmp eq %struct.cred* %173, null br i1 %174, label %179, label %175 %176 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 25 %177 = bitcast %union.anon.46* %176 to i32* store i32 0, i32* %177, align 8 %178 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %178, i32* %178) #6, !srcloc !14 br label %179 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %180 = bitcast %struct.spinlock* %170 to i8* store volatile i8 0, i8* %180, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %181 = tail call i32 @nfs4_proc_delegreturn(%struct.inode* %0, %struct.cred* %173, %struct.nfs4_stateid_struct* %32, i32 %2) #78 br i1 %174, label %188, label %182 %183 = getelementptr inbounds %struct.cred, %struct.cred* %173, i64 0, i32 0, i32 0 %184 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %183, i32* %183) #6, !srcloc !15 %185 = and i8 %184, 1 %186 = icmp eq i8 %185, 0 br i1 %186, label %188, label %187 tail call void @__put_cred(%struct.cred* nonnull %173) #78 br label %188 %189 = phi i32 [ %152, %163 ], [ 0, %165 ], [ %181, %179 ], [ %181, %182 ], [ %181, %187 ] %190 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 8 %191 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %190, i64 0, i32 0, i32 0 %192 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %191, i32 -1, i32* %191) #6, !srcloc !16 %193 = icmp eq i32 %192, 1 br i1 %193, label %199, label %194 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %200 = getelementptr inbounds %struct.nfs_delegation.236475, %struct.nfs_delegation.236475* %1, i64 0, i32 1 %201 = load %struct.cred*, %struct.cred** %200, align 8 %202 = icmp eq %struct.cred* %201, null br i1 %202, label %209, label %203 %204 = getelementptr inbounds %struct.cred, %struct.cred* %201, i64 0, i32 0, i32 0 %205 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %204, i32* %204) #6, !srcloc !15 %206 = and i8 %205, 1 %207 = icmp eq i8 %206, 0 br i1 %207, label %209, label %208 tail call void @__put_cred(%struct.cred* nonnull %201) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_complete_unlink 3 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, -4096 %6 = icmp eq i16 %5, 16384 br i1 %6, label %7, label %8 tail call void bitcast (void (%struct.inode.216899*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %1, i64 2) #78 br label %8 %9 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = and i32 %10, 4096 %12 = icmp eq i32 %11, 0 br i1 %12, label %26, label %13 tail call void bitcast (void (%struct.dentry.222508*, %struct.inode.222506*)* @nfs_complete_unlink to void (%struct.dentry*, %struct.inode*)*)(%struct.dentry* %0, %struct.inode* %1) #78 Function:nfs_complete_unlink %3 = alloca %struct.rpc_message.222549, align 8 %4 = alloca %struct.rpc_task_setup.222587, align 8 %5 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %0, i64 0, i32 7, i32 0 %6 = bitcast %struct.anon.1* %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %0, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, -4097 store i32 %9, i32* %7, align 8 %10 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %0, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.nfs_unlinkdata.222570** %12 = load %struct.nfs_unlinkdata.222570*, %struct.nfs_unlinkdata.222570** %11, align 8 store i8* null, i8** %10, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = bitcast %struct.anon.1* %5 to i8* store volatile i8 0, i8* %13, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %14 = getelementptr %struct.inode.222506, %struct.inode.222506* %1, i64 -1, i32 24, i32 2 %15 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %14, i64 36 %16 = bitcast %struct.seqcount_spinlock* %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %130 %21 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %0, i64 0, i32 3 %22 = load %struct.dentry.222508*, %struct.dentry.222508** %21, align 8 %23 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %22, i64 0, i32 5 %24 = load %struct.inode.222506*, %struct.inode.222506** %23, align 8 %25 = getelementptr %struct.inode.222506, %struct.inode.222506* %24, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 62 %27 = bitcast %struct.seqcount_spinlock* %26 to %struct.rw_semaphore* tail call void @down_read(%struct.rw_semaphore* %27) #78 %28 = load %struct.dentry.222508*, %struct.dentry.222508** %21, align 8 %29 = getelementptr inbounds %struct.nfs_unlinkdata.222570, %struct.nfs_unlinkdata.222570* %12, i64 0, i32 0, i32 2 %30 = getelementptr inbounds %struct.nfs_unlinkdata.222570, %struct.nfs_unlinkdata.222570* %12, i64 0, i32 3 %31 = tail call %struct.dentry.222508* bitcast (%struct.dentry.150061* (%struct.dentry.150061*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.222508* (%struct.dentry.222508*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.222508* %28, %struct.qstr* %29, %struct.wait_queue_head* %30) #78 %32 = icmp ugt %struct.dentry.222508* %31, inttoptr (i64 -4096 to %struct.dentry.222508*) br i1 %32, label %33, label %34 %35 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %31, i64 0, i32 0 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 268435456 %38 = icmp eq i32 %37, 0 br i1 %38, label %39, label %55 %40 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %31, i64 0, i32 7, i32 0 %41 = bitcast %struct.anon.1* %40 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %41) #78 %42 = getelementptr inbounds %struct.dentry.222508, %struct.dentry.222508* %31, i64 0, i32 5 %43 = load %struct.inode.222506*, %struct.inode.222506** %42, align 8 %44 = icmp eq %struct.inode.222506* %43, null br i1 %44, label %126, label %45 %46 = load i32, i32* %35, align 8 %47 = and i32 %46, 4096 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %128 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %129 = bitcast %struct.anon.1* %40 to i8* store volatile i8 0, i8* %129, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.dentry.150061*)* @dput to void (%struct.dentry.222508*)*)(%struct.dentry.222508* %31) #78 tail call void @up_read(%struct.rw_semaphore* %27) #78 tail call void @kfree(i8* null) #78 br label %130 %131 = getelementptr inbounds %struct.nfs_unlinkdata.222570, %struct.nfs_unlinkdata.222570* %12, i64 0, i32 4 %132 = load %struct.cred*, %struct.cred** %131, align 8 %133 = icmp eq %struct.cred* %132, null br i1 %133, label %140, label %134 %135 = getelementptr inbounds %struct.cred, %struct.cred* %132, i64 0, i32 0, i32 0 %136 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %135, i32* %135) #6, !srcloc !6 %137 = and i8 %136, 1 %138 = icmp eq i8 %137, 0 br i1 %138, label %140, label %139 tail call void @__put_cred(%struct.cred* nonnull %132) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __put_nfs_open_context 3 nfs_file_clear_open_context 4 nfs_file_release ------------- Path:  Function:nfs_file_release %3 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %0, i64 0, i32 8 %4 = load %struct.super_block.215246*, %struct.super_block.215246** %3, align 8 %5 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.215399** %7 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %6, align 16 %8 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 17 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 tail call void bitcast (void (%struct.file.216574*)* @nfs_file_clear_open_context to void (%struct.file.215264*)*)(%struct.file.215264* %1) #78 Function:nfs_file_clear_open_context %2 = getelementptr inbounds %struct.file.216574, %struct.file.216574* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.nfs_open_context.216977** %4 = load %struct.nfs_open_context.216977*, %struct.nfs_open_context.216977** %3, align 8 %5 = icmp eq %struct.nfs_open_context.216977* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %4, i64 0, i32 2 %8 = load %struct.dentry.216888*, %struct.dentry.216888** %7, align 8 %9 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %8, i64 0, i32 5 %10 = load %struct.inode.216899*, %struct.inode.216899** %9, align 8 %11 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %4, i64 0, i32 7 %12 = bitcast i64* %11 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %12, i32 -17, i8* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %4, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, 0 br i1 %15, label %16, label %20 %17 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %10, i64 0, i32 9 %18 = load %struct.address_space.216900*, %struct.address_space.216900** %17, align 8 %19 = tail call i32 bitcast (i32 (%struct.address_space.122387*)* @invalidate_inode_pages2 to i32 (%struct.address_space.216900*)*)(%struct.address_space.216900* %18) #78 br label %20 store i8* null, i8** %2, align 8 tail call fastcc void @__put_nfs_open_context(%struct.nfs_open_context.216977* nonnull %4, i32 1) #78 Function:__put_nfs_open_context %3 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 2 %4 = load %struct.dentry.216888*, %struct.dentry.216888** %3, align 8 %5 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %4, i64 0, i32 5 %6 = load %struct.inode.216899*, %struct.inode.216899** %5, align 8 %7 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %4, i64 0, i32 9 %8 = load %struct.super_block.216885*, %struct.super_block.216885** %7, align 8 %9 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 9 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 0 %21 = load volatile %struct.list_head*, %struct.list_head** %20, align 8 %22 = icmp eq %struct.list_head* %21, %19 br i1 %22, label %32, label %23 %33 = icmp eq %struct.inode.216899* %6, null br i1 %33, label %46, label %34 %47 = getelementptr inbounds %struct.nfs_open_context.216977, %struct.nfs_open_context.216977* %0, i64 0, i32 3 %48 = load %struct.cred*, %struct.cred** %47, align 8 %49 = icmp eq %struct.cred* %48, null br i1 %49, label %56, label %50 %51 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 0, i32 0 %52 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !10 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 tail call void @__put_cred(%struct.cred* nonnull %48) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_access_zap_cache 3 nfs_access_get_cached 4 nfs_do_access 5 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 br i1 %28, label %36, label %29 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %37 tail call void @rcu_read_unlock_strict() #78 %38 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %39 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %38, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %40 = load i64, i64* %7, align 8 %41 = and i64 %40, 8 %42 = icmp eq i64 %41, 0 br i1 %42, label %45, label %43 %46 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 48 %47 = bitcast %struct.seqcount_spinlock* %46 to %struct.rb_node** %48 = bitcast %struct.spinlock* %38 to i8* %49 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 br label %50 %51 = phi i1 [ false, %45 ], [ true, %83 ] %52 = load %struct.rb_node*, %struct.rb_node** %47, align 8 %53 = icmp eq %struct.rb_node* %52, null br i1 %53, label %107, label %54 %55 = phi %struct.rb_node* [ %69, %67 ], [ %52, %50 ] %56 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %55, i64 1, i32 2 %57 = bitcast %struct.rb_node** %56 to %struct.cred** %58 = load %struct.cred*, %struct.cred** %57, align 8 %59 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %58) #78 %60 = icmp slt i32 %59, 0 br i1 %60, label %61, label %63 %64 = icmp eq i32 %59, 0 br i1 %64, label %71, label %65 %72 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 %73 = xor i1 %72, true %74 = or i1 %51, %73 br i1 %74, label %87, label %75 br i1 %3, label %76, label %107 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %48, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %77 = load %struct.super_block*, %struct.super_block** %49, align 8 %78 = getelementptr inbounds %struct.super_block, %struct.super_block* %77, i64 0, i32 28 %79 = bitcast i8** %78 to %struct.nfs_server.214586** %80 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %79, align 16 %81 = tail call i32 bitcast (i32 (%struct.nfs_server.217027*, %struct.inode.216899*)* @__nfs_revalidate_inode to i32 (%struct.nfs_server.214586*, %struct.inode*)*)(%struct.nfs_server.214586* %80, %struct.inode* %0) #78 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %111 tail call void @_raw_spin_lock(%struct.raw_spinlock* %39) #78 %84 = load i64, i64* %7, align 8 %85 = and i64 %84, 8 %86 = icmp eq i64 %85, 0 br i1 %86, label %50, label %109 %110 = phi i8* [ %44, %43 ], [ %48, %83 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* %110, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @nfs_access_zap_cache(%struct.inode* %0) #78 Function:nfs_access_zap_cache %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %7 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 36 %8 = bitcast %struct.seqcount_spinlock* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 4 %11 = icmp eq i64 %10, 0 br i1 %11, label %84, label %12 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @nfs_access_lru_lock, i64 0, i32 0, i32 0)) #78 %13 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btrq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 2, i64* %8) #6, !srcloc !4 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %26, label %16 %27 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 18 %28 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %27, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %28) #78 %29 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 48 %30 = bitcast %struct.seqcount_spinlock* %29 to %struct.rb_root* %31 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %32 = icmp eq %struct.rb_node* %31, null br i1 %32, label %49, label %33 %34 = phi %struct.rb_node* [ %47, %33 ], [ %31, %26 ] call void @rb_erase(%struct.rb_node* nonnull %34, %struct.rb_root* %30) #78 %35 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1 %36 = bitcast %struct.rb_node* %35 to %struct.list_head* %37 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %34, i64 1, i32 1 %38 = bitcast %struct.rb_node** %37 to %struct.list_head** %39 = load %struct.list_head*, %struct.list_head** %38, align 8 %40 = bitcast %struct.rb_node* %35 to %struct.list_head** %41 = load %struct.list_head*, %struct.list_head** %40, align 8 %42 = getelementptr inbounds %struct.list_head, %struct.list_head* %41, i64 0, i32 1 store %struct.list_head* %39, %struct.list_head** %42, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %39, i64 0, i32 0 store volatile %struct.list_head* %41, %struct.list_head** %43, align 8 %44 = load %struct.list_head*, %struct.list_head** %4, align 8 %45 = getelementptr inbounds %struct.list_head, %struct.list_head* %44, i64 0, i32 1 %46 = bitcast %struct.list_head** %45 to %struct.rb_node** store %struct.rb_node* %35, %struct.rb_node** %46, align 8 store %struct.list_head* %44, %struct.list_head** %40, align 8 store %struct.list_head* %2, %struct.list_head** %38, align 8 store volatile %struct.list_head* %36, %struct.list_head** %4, align 8 %47 = call %struct.rb_node* @rb_first(%struct.rb_root* %30) #78 %48 = icmp eq %struct.rb_node* %47, null br i1 %48, label %49, label %33 %50 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %6, i64 38 %51 = bitcast %struct.seqcount_spinlock* %50 to i64* %52 = load i64, i64* %51, align 8 %53 = and i64 %52, -9 store i64 %53, i64* %51, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = bitcast %struct.spinlock* %27 to i8* store volatile i8 0, i8* %54, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @nfs_access_lru_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %55 = load volatile %struct.list_head*, %struct.list_head** %4, align 8 %56 = icmp eq %struct.list_head* %55, %2 br i1 %56, label %84, label %57 %58 = phi %struct.list_head* [ %82, %81 ], [ %55, %49 ] %59 = getelementptr %struct.list_head, %struct.list_head* %58, i64 -2, i32 1 %60 = getelementptr inbounds %struct.list_head, %struct.list_head* %58, i64 0, i32 1 %61 = load %struct.list_head*, %struct.list_head** %60, align 8 %62 = getelementptr %struct.list_head, %struct.list_head* %58, i64 0, i32 0 %63 = load %struct.list_head*, %struct.list_head** %62, align 8 %64 = getelementptr inbounds %struct.list_head, %struct.list_head* %63, i64 0, i32 1 store %struct.list_head* %61, %struct.list_head** %64, align 8 %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %61, i64 0, i32 0 store volatile %struct.list_head* %63, %struct.list_head** %65, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %62, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %60, align 8 %66 = getelementptr %struct.list_head, %struct.list_head* %58, i64 1 %67 = bitcast %struct.list_head* %66 to %struct.cred** %68 = load %struct.cred*, %struct.cred** %67, align 8 %69 = icmp eq %struct.cred* %68, null br i1 %69, label %76, label %70 %71 = getelementptr inbounds %struct.cred, %struct.cred* %68, i64 0, i32 0, i32 0 %72 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %71, i32* %71) #6, !srcloc !7 %73 = and i8 %72, 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %76, label %75 call void @__put_cred(%struct.cred* nonnull %68) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 put_fs_context 3 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context** %5 = load %struct.fs_context*, %struct.fs_context** %4, align 8 %6 = icmp eq %struct.fs_context* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.158414*)* @put_fs_context to void (%struct.fs_context*)*)(%struct.fs_context* nonnull %5) #78 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 5 %3 = load %struct.dentry.158354*, %struct.dentry.158354** %2, align 8 %4 = icmp eq %struct.dentry.158354* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.157989*, %struct.fs_context_operations.157989** %15, align 8 %17 = icmp eq %struct.fs_context_operations.157989* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.157989, %struct.fs_context_operations.157989* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.158414*)*, void (%struct.fs_context.158414*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.158414*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #78 %25 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 7 %26 = load %struct.net*, %struct.net** %25, align 8 %27 = getelementptr inbounds %struct.net, %struct.net* %26, i64 0, i32 14, i32 3 %28 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 %32 = add i32 %29, -1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !5, !misexpect !6 %38 = getelementptr inbounds %struct.fs_context.158414, %struct.fs_context.158414* %0, i64 0, i32 8 %39 = load %struct.cred*, %struct.cred** %38, align 8 %40 = icmp eq %struct.cred* %39, null br i1 %40, label %47, label %41 %42 = getelementptr inbounds %struct.cred, %struct.cred* %39, i64 0, i32 0, i32 0 %43 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32* %42) #6, !srcloc !8 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %47, label %46 tail call void @__put_cred(%struct.cred* nonnull %39) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #78 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %48 switch i32 %0, label %10 [ i32 -2147483648, label %48 i32 -1, label %23 ] %24 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %21 ], [ 4, %9 ] %25 = phi %struct.pid.48786* [ %14, %12 ], [ %20, %17 ], [ %22, %21 ], [ null, %9 ] %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %24, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.48786* %25, %struct.pid.48786** %27, align 8 %28 = or i32 %2, 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %31, align 8 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %32, align 8 %33 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_waitid 6 __se_compat_sys_waitid 7 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_waitid 6 __se_sys_waitid 7 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_waitid 6 __se_sys_waitid 7 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #78 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = alloca i32, align 4 %8 = bitcast %struct.wait_opts* %6 to i8* %9 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %10 = and i32 %3, 520093680 %11 = icmp ne i32 %10, 0 %12 = and i32 %3, 14 %13 = icmp eq i32 %12, 0 %14 = or i1 %11, %13 br i1 %14, label %65, label %15 switch i32 %0, label %65 [ i32 0, label %41 i32 1, label %16 i32 2, label %20 i32 3, label %30 ] %31 = icmp slt i32 %1, 0 br i1 %31, label %65, label %32 %33 = call %struct.pid.48786* bitcast (%struct.pid* (i32, i32*)* @pidfd_get_pid to %struct.pid.48786* (i32, i32*)*)(i32 %1, i32* nonnull %7) #78 %34 = icmp ugt %struct.pid.48786* %33, inttoptr (i64 -4096 to %struct.pid.48786*) br i1 %34, label %39, label %35 %36 = load i32, i32* %7, align 4 %37 = and i32 %36, 2048 %38 = icmp eq i32 %37, 0 br label %41 %42 = phi i1 [ %38, %35 ], [ true, %24 ], [ true, %26 ], [ true, %18 ], [ true, %15 ] %43 = phi %struct.pid.48786* [ %33, %35 ], [ %25, %24 ], [ %29, %26 ], [ %19, %18 ], [ null, %15 ] %44 = phi i32 [ 0, %35 ], [ 2, %24 ], [ 2, %26 ], [ 0, %18 ], [ 4, %15 ] %45 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %44, i32* %45, align 8 %46 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.48786* %43, %struct.pid.48786** %46, align 8 %47 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %47, align 4 %48 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %48, align 8 %49 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %49, align 8 br i1 %42, label %52, label %50 %53 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #79 Function:do_wait %2 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %3 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_wait, %4)) #6 to label %18 [label %4], !srcloc !4 %19 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %19, i64 0, i32 0 store i32 0, i32* %20, align 8 %21 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %22 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %22, align 8 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !9 %24 = inttoptr i64 %23 to %struct.task_struct.49224* %25 = bitcast i8** %21 to %struct.task_struct.49224** store %struct.task_struct.49224* %24, %struct.task_struct.49224** %25, align 8 %26 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 95 %27 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %26, align 32 %28 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %27, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %28, %struct.wait_queue_entry* %19) #78 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %31 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 1 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %24, i64 0, i32 0, i32 0 br label %34 store i32 -10, i32* %29, align 8 %35 = load i32, i32* %30, align 8 %36 = icmp ult i32 %35, 4 br i1 %36, label %37, label %45 %38 = load %struct.pid.48786*, %struct.pid.48786** %2, align 8 %39 = icmp eq %struct.pid.48786* %38, null br i1 %39, label %155, label %40 %41 = zext i32 %35 to i64 %42 = getelementptr %struct.pid.48786, %struct.pid.48786* %38, i64 0, i32 3, i64 %41, i32 0 %43 = load volatile %struct.hlist_node*, %struct.hlist_node** %42, align 8 %44 = icmp eq %struct.hlist_node* %43, null br i1 %44, label %155, label %45 %46 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %31, i32 1, i32* %31) #6, !srcloc !10 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #78 %47 = load i32, i32* %30, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %93 %94 = phi %struct.task_struct.49224* [ %136, %132 ], [ %24, %45 ] %95 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 58 %96 = bitcast %struct.list_head* %95 to i8** %97 = load i8*, i8** %96, align 8 %98 = bitcast i8* %97 to %struct.list_head* %99 = icmp eq %struct.list_head* %95, %98 br i1 %99, label %111, label %100 %101 = phi i8* [ %108, %106 ], [ %97, %93 ] %102 = getelementptr i8, i8* %101, i64 -1320 %103 = bitcast i8* %102 to %struct.task_struct.49224* %104 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.49224* %103) #78 %105 = icmp eq i32 %104, 0 br i1 %105, label %106, label %155 %107 = bitcast i8* %101 to i8** %108 = load i8*, i8** %107, align 8 %109 = bitcast i8* %108 to %struct.list_head* %110 = icmp eq %struct.list_head* %95, %109 br i1 %110, label %111, label %100 %112 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %94, i64 0, i32 61 %113 = bitcast %struct.list_head* %112 to i8** %114 = load i8*, i8** %113, align 16 %115 = bitcast i8* %114 to %struct.list_head* %116 = icmp eq %struct.list_head* %112, %115 br i1 %116, label %128, label %117 %118 = phi i8* [ %125, %123 ], [ %114, %111 ] %119 = getelementptr i8, i8* %118, i64 -1360 %120 = bitcast i8* %119 to %struct.task_struct.49224* %121 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.49224* %120) #78 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 42 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %594, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %17 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %16, align 32 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.49189, %struct.signal_struct.49189* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.48786** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.48786*, %struct.pid.48786** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.48786*, %struct.pid.48786** %23, align 8 %25 = icmp ne %struct.pid.48786* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 16 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %59 = load %struct.task_struct.49224*, %struct.task_struct.49224** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %61 = load %struct.task_struct.49224*, %struct.task_struct.49224** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %59, i64 0, i32 95 %63 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %62, align 32 %64 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %61, i64 0, i32 95 %65 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %64, align 32 %66 = icmp eq %struct.signal_struct.49189* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %389 %72 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 44 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %80 %76 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 65 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 0 %78 = load volatile %struct.list_head*, %struct.list_head** %77, align 8 %79 = icmp eq %struct.list_head* %78, %76 br i1 %79, label %80, label %382 %81 = icmp eq i32 %69, 0 br i1 %81, label %82, label %86, !prof !6, !misexpect !5 %87 = tail call i32 bitcast (i32 (%struct.task_struct*, i32, %struct.pid_namespace*)* @__task_pid_nr_ns to i32 (%struct.task_struct.49224*, i32, %struct.pid_namespace.48784*)*)(%struct.task_struct.49224* %2, i32 0, %struct.pid_namespace.48784* null) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %88 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 84 %89 = load volatile %struct.cred*, %struct.cred** %88, align 8 %90 = getelementptr inbounds %struct.cred, %struct.cred* %89, i64 0, i32 1, i32 0 %91 = load i32, i32* %90, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %92 = icmp eq i32 %91, -1 %93 = load i32, i32* @overflowuid, align 4 %94 = select i1 %92, i32 %93, i32 %91 %95 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %96 = load i32, i32* %95, align 4 %97 = and i32 %96, 4 %98 = icmp eq i32 %97, 0 br i1 %98, label %594, label %99, !prof !4, !misexpect !7 %100 = and i32 %96, 16777216 %101 = icmp eq i32 %100, 0 br i1 %101, label %130, label %102, !prof !6, !misexpect !5 %131 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 56 %132 = load %struct.task_struct.49224*, %struct.task_struct.49224** %131, align 8 %133 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 57 %134 = load %struct.task_struct.49224*, %struct.task_struct.49224** %133, align 16 %135 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %132, i64 0, i32 95 %136 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %135, align 32 %137 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %134, i64 0, i32 95 %138 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %137, align 32 %139 = icmp eq %struct.signal_struct.49189* %136, %138 br i1 %139, label %144, label %140 %141 = load i32, i32* %72, align 4 %142 = icmp sgt i32 %141, -1 %143 = select i1 %142, i32 48, i32 16 br label %144 %145 = phi i1 [ false, %130 ], [ %142, %140 ] %146 = phi i32 [ 16, %130 ], [ %143, %140 ] %147 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %146, i32 32, i32* %6) #6, !srcloc !15 %148 = icmp eq i32 %147, 32 br i1 %148, label %149, label %594 %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %145, label %334, label %151 %152 = load i32, i32* %72, align 4 %153 = icmp sgt i32 %152, -1 br i1 %153, label %154, label %334 %155 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %156 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %155, align 32 %157 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.49224** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.49224**)) #11, !srcloc !16 %158 = inttoptr i64 %157 to %struct.task_struct.49224* %159 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 95 %160 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %159, align 32 %161 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %162 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 call void bitcast (void (%struct.task_struct*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.49224*, i64*, i64*)*)(%struct.task_struct.49224* %2, i64* nonnull %4, i64* nonnull %5) #78 %163 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %158, i64 0, i32 96 %164 = load %struct.sighand_struct*, %struct.sighand_struct** %163, align 8 %165 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %164, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %165) #78 %166 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %166) #78 %167 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 0, i32 0, i32 0 %168 = load i32, i32* %167, align 4 %169 = add i32 %168, 1 store i32 %169, i32* %167, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %170 = load i64, i64* %4, align 8 %171 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 28 %172 = load i64, i64* %171, align 8 %173 = add i64 %172, %170 %174 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 28 %175 = load i64, i64* %174, align 8 %176 = add i64 %173, %175 store i64 %176, i64* %174, align 8 %177 = load i64, i64* %5, align 8 %178 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 29 %179 = load i64, i64* %178, align 8 %180 = add i64 %179, %177 %181 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 29 %182 = load i64, i64* %181, align 8 %183 = add i64 %180, %182 store i64 %183, i64* %181, align 8 %184 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 73 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 30 %187 = load i64, i64* %186, align 8 %188 = add i64 %187, %185 %189 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 31 %190 = load i64, i64* %189, align 8 %191 = add i64 %188, %190 %192 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 31 %193 = load i64, i64* %192, align 8 %194 = add i64 %191, %193 store i64 %194, i64* %192, align 8 %195 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 79 %196 = load i64, i64* %195, align 8 %197 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 37 %198 = load i64, i64* %197, align 8 %199 = add i64 %198, %196 %200 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 39 %201 = load i64, i64* %200, align 8 %202 = add i64 %199, %201 %203 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 39 %204 = load i64, i64* %203, align 8 %205 = add i64 %202, %204 store i64 %205, i64* %203, align 8 %206 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 80 %207 = load i64, i64* %206, align 64 %208 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 38 %209 = load i64, i64* %208, align 8 %210 = add i64 %209, %207 %211 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 40 %212 = load i64, i64* %211, align 8 %213 = add i64 %210, %212 %214 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 40 %215 = load i64, i64* %214, align 8 %216 = add i64 %213, %215 store i64 %216, i64* %214, align 8 %217 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 75 %218 = load i64, i64* %217, align 8 %219 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 33 %220 = load i64, i64* %219, align 8 %221 = add i64 %220, %218 %222 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 35 %223 = load i64, i64* %222, align 8 %224 = add i64 %221, %223 %225 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 35 %226 = load i64, i64* %225, align 8 %227 = add i64 %224, %226 store i64 %227, i64* %225, align 8 %228 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 76 %229 = load i64, i64* %228, align 32 %230 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 34 %231 = load i64, i64* %230, align 8 %232 = add i64 %231, %229 %233 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 36 %234 = load i64, i64* %233, align 8 %235 = add i64 %232, %234 %236 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 36 %237 = load i64, i64* %236, align 8 %238 = add i64 %235, %237 store i64 %238, i64* %236, align 8 %239 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 4 %240 = load i64, i64* %239, align 8 %241 = lshr i64 %240, 9 %242 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 41 %243 = load i64, i64* %242, align 8 %244 = add i64 %241, %243 %245 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 43 %246 = load i64, i64* %245, align 8 %247 = add i64 %244, %246 %248 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 43 %249 = load i64, i64* %248, align 8 %250 = add i64 %247, %249 store i64 %250, i64* %248, align 8 %251 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 5 %252 = load i64, i64* %251, align 8 %253 = lshr i64 %252, 9 %254 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 42 %255 = load i64, i64* %254, align 8 %256 = add i64 %253, %255 %257 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 44 %258 = load i64, i64* %257, align 8 %259 = add i64 %256, %258 %260 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 44 %261 = load i64, i64* %260, align 8 %262 = add i64 %259, %261 store i64 %262, i64* %260, align 8 %263 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 45 %264 = load i64, i64* %263, align 8 %265 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 46 %266 = load i64, i64* %265, align 8 %267 = icmp ugt i64 %264, %266 %268 = select i1 %267, i64 %264, i64 %266 %269 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 46 %270 = load i64, i64* %269, align 8 %271 = icmp ult i64 %270, %268 br i1 %271, label %272, label %273 store i64 %268, i64* %269, align 8 br label %273 %274 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 0 %275 = load i64, i64* %274, align 8 %276 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 0 %277 = load i64, i64* %276, align 8 %278 = add i64 %277, %275 store i64 %278, i64* %276, align 8 %279 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 1 %280 = load i64, i64* %279, align 8 %281 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 1 %282 = load i64, i64* %281, align 8 %283 = add i64 %282, %280 store i64 %283, i64* %281, align 8 %284 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 2 %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 2 %287 = load i64, i64* %286, align 8 %288 = add i64 %287, %285 store i64 %288, i64* %286, align 8 %289 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 3 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 3 %292 = load i64, i64* %291, align 8 %293 = add i64 %292, %290 store i64 %293, i64* %291, align 8 %294 = load i64, i64* %239, align 8 %295 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 4 %296 = load i64, i64* %295, align 8 %297 = add i64 %296, %294 store i64 %297, i64* %295, align 8 %298 = load i64, i64* %251, align 8 %299 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 5 %300 = load i64, i64* %299, align 8 %301 = add i64 %300, %298 store i64 %301, i64* %299, align 8 %302 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 127, i32 6 %303 = load i64, i64* %302, align 8 %304 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 47, i32 6 %305 = load i64, i64* %304, align 8 %306 = add i64 %305, %303 store i64 %306, i64* %304, align 8 %307 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 0 %308 = load i64, i64* %307, align 8 %309 = add i64 %308, %278 store i64 %309, i64* %276, align 8 %310 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 1 %311 = load i64, i64* %310, align 8 %312 = add i64 %311, %283 store i64 %312, i64* %281, align 8 %313 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 2 %314 = load i64, i64* %313, align 8 %315 = add i64 %314, %288 store i64 %315, i64* %286, align 8 %316 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 3 %317 = load i64, i64* %316, align 8 %318 = add i64 %317, %293 store i64 %318, i64* %291, align 8 %319 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 4 %320 = load i64, i64* %319, align 8 %321 = add i64 %320, %297 store i64 %321, i64* %295, align 8 %322 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 5 %323 = load i64, i64* %322, align 8 %324 = add i64 %323, %301 store i64 %324, i64* %299, align 8 %325 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %156, i64 0, i32 47, i32 6 %326 = load i64, i64* %325, align 8 %327 = add i64 %326, %306 store i64 %327, i64* %304, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %328 = load i32, i32* %167, align 4 %329 = add i32 %328, 1 store i32 %329, i32* %167, align 4 %330 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %160, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %331 = bitcast %struct.spinlock* %330 to i8* store volatile i8 0, i8* %331, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %332 = bitcast %struct.sighand_struct** %163 to i8** %333 = load i8*, i8** %332, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %333, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %334 %335 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %336 = load %struct.rusage*, %struct.rusage** %335, align 8 %337 = icmp eq %struct.rusage* %336, null br i1 %337, label %339, label %338 call void bitcast (void (%struct.task_struct*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.49224*, i32, %struct.rusage*)*)(%struct.task_struct.49224* %2, i32 -2, %struct.rusage* nonnull %336) #78 br label %339 %340 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 95 %341 = load %struct.signal_struct.49189*, %struct.signal_struct.49189** %340, align 32 %342 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 12 %343 = load i32, i32* %342, align 4 %344 = and i32 %343, 4 %345 = icmp eq i32 %344, 0 %346 = getelementptr inbounds %struct.signal_struct.49189, %struct.signal_struct.49189* %341, i64 0, i32 8 %347 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 43 %348 = select i1 %345, i32* %347, i32* %346 %349 = load i32, i32* %348, align 8 %350 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %349, i32* %350, align 8 br i1 %145, label %351, label %360 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #78 %352 = getelementptr inbounds %struct.task_struct.49224, %struct.task_struct.49224* %2, i64 0, i32 5 %353 = load i32, i32* %352, align 16 %354 = icmp eq i32 %353, 0 br i1 %354, label %356, label %355, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct*)* @__ptrace_unlink to void (%struct.task_struct.49224*)*)(%struct.task_struct.49224* %2) #78 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 16 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 0, i32 1 %8 = bitcast i64* %7 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -5, i8* %8) #6, !srcloc !7 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %8, i32 -9, i8* %8) #6, !srcloc !7 %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 56 %10 = bitcast %struct.task_struct** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 57 %13 = bitcast %struct.task_struct** %12 to i64* store i64 %11, i64* %13, align 16 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62 %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 62, i32 1 %16 = load %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr inbounds %struct.list_head, %struct.list_head* %14, i64 0, i32 0 %18 = load %struct.list_head*, %struct.list_head** %17, align 8 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 1 store %struct.list_head* %16, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %16, i64 0, i32 0 store volatile %struct.list_head* %18, %struct.list_head** %20, align 8 store volatile %struct.list_head* %14, %struct.list_head** %17, align 8 store volatile %struct.list_head* %14, %struct.list_head** %15, align 8 %21 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 83 %22 = load %struct.cred*, %struct.cred** %21, align 16 store %struct.cred* null, %struct.cred** %21, align 16 %23 = icmp eq %struct.cred* %22, null br i1 %23, label %30, label %24 %25 = getelementptr inbounds %struct.cred, %struct.cred* %22, i64 0, i32 0, i32 0 %26 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32* %25) #6, !srcloc !8 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %30, label %29 tail call void @__put_cred(%struct.cred* nonnull %22) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_get_keyring_ID 4 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %22 = tail call i64 @keyctl_get_keyring_ID(i32 %17, i32 %18) #78 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 4) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_update_key 4 __se_sys_keyctl 5 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #78 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #78 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_update_key 4 __se_sys_keyctl 5 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %293 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %153 i32 13, label %173 i32 14, label %178 i32 15, label %207 i32 16, label %211 i32 17, label %214 i32 18, label %218 i32 19, label %220 i32 20, label %226 i32 21, label %245 i32 31, label %278 i32 30, label %272 i32 29, label %248 i32 24, label %253 i32 25, label %260 i32 26, label %260 i32 27, label %260 i32 28, label %266 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #78 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #78 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #78 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 3) #78 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.270142, align 8 %5 = alloca %struct.key.269734*, align 8 %6 = alloca %struct.key.269734*, align 8 %7 = bitcast %struct.keyring_search_context.270142* %4 to i8* %8 = bitcast %struct.key.269734** %5 to i8* store %struct.key.269734* null, %struct.key.269734** %5, align 8 %9 = bitcast %struct.key.269734** %6 to i8* store %struct.key.269734* null, %struct.key.269734** %6, align 8 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.270024** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.270024**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.270024* %12 = getelementptr inbounds %struct.task_struct.270024, %struct.task_struct.270024* %11, i64 0, i32 85 %13 = getelementptr inbounds %struct.keyring_search_context.270142, %struct.keyring_search_context.270142* %4, i64 0, i32 1 %14 = and i64 %1, 1 %15 = icmp eq i64 %14, 0 br label %16 %17 = load %struct.cred.269844*, %struct.cred.269844** %12, align 64 %18 = icmp eq %struct.cred.269844* %17, null br i1 %18, label %23, label %19 store %struct.cred.269844* %17, %struct.cred.269844** %13, align 8 switch i32 %0, label %255 [ i32 -1, label %24 i32 -2, label %74 i32 -3, label %124 i32 -4, label %177 i32 -5, label %185 i32 -6, label %346 i32 -7, label %193 i32 -8, label %213 ] %347 = phi %struct.cred.269844* [ %345, %343 ], [ %17, %213 ], [ %17, %255 ], [ %17, %23 ] %348 = phi %struct.__key_reference_with_attributes* [ %344, %343 ], [ inttoptr (i64 -126 to %struct.__key_reference_with_attributes*), %213 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %255 ], [ inttoptr (i64 -22 to %struct.__key_reference_with_attributes*), %23 ] %349 = icmp eq %struct.cred.269844* %347, null br i1 %349, label %356, label %350 %351 = getelementptr inbounds %struct.cred.269844, %struct.cred.269844* %347, i64 0, i32 0, i32 0 %352 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %351, i32* %351) #6, !srcloc !13 %353 = and i8 %352, 1 %354 = icmp eq i8 %353, 0 br i1 %354, label %356, label %355 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.269844*)*)(%struct.cred.269844* nonnull %347) #78 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !7 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 85 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = icmp eq %struct.cred* %10, %0 br i1 %11, label %12, label %13, !prof !8, !misexpect !5 %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 84 %15 = load %struct.cred*, %struct.cred** %14, align 8 %16 = icmp eq %struct.cred* %15, %0 br i1 %16, label %17, label %18, !prof !8, !misexpect !5 %19 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 25 %20 = bitcast %union.anon.46* %19 to i32* %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, 0 %23 = getelementptr %union.anon.46, %union.anon.46* %19, i64 0, i32 0 br i1 %22, label %25, label %24 tail call void @put_cred_rcu(%struct.callback_head* %23) #78 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10 %3 = bitcast %struct.callback_head* %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6742, i64 0, i64 0), %struct.callback_head* %2, i32 %7) #78 ------------- Good: 773 Bad: 45 Ignored: 547 Check Use of Function:i915_driver_release Check Use of Function:ext4_handle_dirty_dirblock Check Use of Function:rate_control_rate_init Check Use of Function:__SCT__tp_func_drv_mgd_complete_tx Check Use of Function:ieee80211_recalc_min_chandef Check Use of Function:drm_mode_object_get_properties Check Use of Function:cfg80211_process_wdev_events Check Use of Function:cgroup_cancel_fork Check Use of Function:io_submit_flush_completions Check Use of Function:rdev_stop_nan Check Use of Function:cfg80211_stop_p2p_device Check Use of Function:intel_overlay_flip_prepare Check Use of Function:e1000e_set_interrupt_capability Check Use of Function:drv_get_tsf Check Use of Function:ieee80211_if_remove Check Use of Function:isolate_huge_page Check Use of Function:stack_trace_save_tsk Check Use of Function:netlbl_cipsov4_genl_init Check Use of Function:intel_overlay_switch_off Check Use of Function:enable_swap_slots_cache Check Use of Function:netlink_register_notifier Check Use of Function:block_commit_write Check Use of Function:alloc_workqueue Check Use of Function:local_bh_enable.67041 Check Use of Function:drm_mode_object_lease_required Check Use of Function:debugfs_create_dir Check Use of Function:unregister_pernet_subsys Check Use of Function:seg6_exit Check Use of Function:blk_rq_map_kern Check Use of Function:ioam6_exit Check Use of Function:igmp6_late_init Check Use of Function:cfg80211_report_obss_beacon_khz Check Use of Function:genl_ctrl_event Check Use of Function:do_madvise Use: =BAD PATH= Call Stack: 0 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 ------------- Good: 6 Bad: 2 Ignored: 2 Check Use of Function:wiphy_sysfs_exit Check Use of Function:reg_process_self_managed_hints Check Use of Function:ip6_route_add Check Use of Function:wiphy_all_share_dfs_chan_state Check Use of Function:mod_delayed_work_on Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 kmalloc_large_node 12 __kmalloc_node 13 rb_alloc_aux 14 perf_mmap ------------- Path:  Function:perf_mmap %3 = getelementptr inbounds %struct.file.115111, %struct.file.115111* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.perf_event.115424** %5 = load %struct.perf_event.115424*, %struct.perf_event.115424** %4, align 8 %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.115588** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.115588**)) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct.115588* %8 = getelementptr inbounds %struct.task_struct.115588, %struct.task_struct.115588* %7, i64 0, i32 85 %9 = load %struct.cred.115109*, %struct.cred.115109** %8, align 64 %10 = getelementptr inbounds %struct.cred.115109, %struct.cred.115109* %9, i64 0, i32 21 %11 = load %struct.user_struct*, %struct.user_struct** %10, align 8 %12 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 34 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, -1 br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 21, i32 6 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 2 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %320 %21 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 8 %22 = load i64, i64* %21, align 8 %23 = and i64 %22, 8 %24 = icmp eq i64 %23, 0 br i1 %24, label %320, label %25 %26 = tail call i32 bitcast (i32 (%struct.perf_event*)* @security_perf_event_read to i32 (%struct.perf_event.115424*)*)(%struct.perf_event.115424* %5) #78 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %320 %29 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = sub i64 %30, %32 %34 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 13 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %47 %38 = lshr i64 %33, 12 %39 = add nsw i64 %38, -1 %40 = icmp eq i64 %39, 0 %42 = icmp eq i64 %41, 1 %43 = or i1 %40, %42 %44 = and i64 %33, -4096 %45 = icmp eq i64 %33, %44 %46 = and i1 %45, %43 br i1 %46, label %117, label %320 %118 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 26 %119 = load %struct.perf_event_context.115401*, %struct.perf_event_context.115401** %118, align 8 %120 = getelementptr inbounds %struct.perf_event_context.115401, %struct.perf_event_context.115401* %119, i64 0, i32 21 %121 = load %struct.perf_event_context.115401*, %struct.perf_event_context.115401** %120, align 8 %122 = icmp eq %struct.perf_event_context.115401* %121, null br i1 %122, label %124, label %123, !prof !10, !misexpect !7 %125 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 37 tail call void @mutex_lock(%struct.mutex* %125) #78 %126 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 39 %127 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %128 = icmp eq %struct.perf_buffer* %127, null br i1 %128, label %152, label %129 %130 = phi %struct.perf_buffer* [ %150, %149 ], [ %127, %124 ] %131 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 2 %132 = load i32, i32* %131, align 8 %133 = sext i32 %132 to i64 %134 = icmp eq i64 %39, %133 br i1 %134, label %135, label %306 %136 = getelementptr inbounds %struct.perf_buffer, %struct.perf_buffer* %130, i64 0, i32 15, i32 0 %137 = load volatile i32, i32* %136, align 4 %138 = icmp eq i32 %137, 0 br i1 %138, label %149, label %139, !prof !6, !misexpect !7 %140 = phi i32 [ %147, %146 ], [ %137, %135 ] %141 = add i32 %140, 1 %142 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %136, i32 %141, i32* %136, i32 %140) #6, !srcloc !8 %143 = extractvalue { i8, i32 } %142, 0 %144 = and i8 %143, 1 %145 = icmp eq i8 %144, 0 br i1 %145, label %146, label %292, !prof !6, !misexpect !7 %147 = extractvalue { i8, i32 } %142, 1 %148 = icmp eq i32 %147, 0 br i1 %148, label %149, label %139, !prof !6, !misexpect !7 tail call fastcc void @ring_buffer_attach(%struct.perf_event.115424* %5, %struct.perf_buffer* null) #79 tail call void @mutex_unlock(%struct.mutex* %125) #78 tail call void @mutex_lock(%struct.mutex* %125) #78 %150 = load %struct.perf_buffer*, %struct.perf_buffer** %126, align 8 %151 = icmp eq %struct.perf_buffer* %150, null br i1 %151, label %152, label %129 %153 = phi i64 [ %52, %115 ], [ %38, %124 ], [ %38, %149 ] %154 = phi i1 [ false, %115 ], [ true, %124 ], [ true, %149 ] %155 = phi i32 [ -22, %115 ], [ 0, %124 ], [ 0, %149 ] %156 = phi i64 [ %52, %115 ], [ %39, %124 ], [ %39, %149 ] %157 = phi %struct.perf_buffer* [ %54, %115 ], [ null, %124 ], [ null, %149 ] %158 = load i32, i32* @sysctl_perf_event_mlock, align 4 %159 = ashr i32 %158, 2 %160 = sext i32 %159 to i64 %161 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %162 = zext i32 %161 to i64 %163 = mul nsw i64 %160, %162 %164 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %11, i64 0, i32 6, i32 0 %165 = load volatile i64, i64* %164, align 8 %166 = icmp ugt i64 %165, %163 %167 = select i1 %166, i64 %163, i64 %165 %168 = add i64 %167, %153 %170 = sub i64 %153, %169 %171 = getelementptr inbounds %struct.task_struct.115588, %struct.task_struct.115588* %7, i64 0, i32 95 %172 = load %struct.signal_struct.115544*, %struct.signal_struct.115544** %171, align 32 %173 = getelementptr %struct.signal_struct.115544, %struct.signal_struct.115544* %172, i64 0, i32 49, i64 8, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = lshr i64 %174, 12 %176 = getelementptr inbounds %struct.vm_area_struct.115485, %struct.vm_area_struct.115485* %1, i64 0, i32 6 %177 = load %struct.mm_struct.115498*, %struct.mm_struct.115498** %176, align 8 %178 = getelementptr inbounds %struct.mm_struct.115498, %struct.mm_struct.115498* %177, i64 0, i32 0, i32 23, i32 0 %179 = load volatile i64, i64* %178, align 8 %180 = add i64 %169, %179 %181 = icmp ule i64 %180, %175 %182 = load i32, i32* @sysctl_perf_event_paranoid, align 4 %183 = icmp slt i32 %182, 0 %184 = or i1 %183, %181 br i1 %184, label %187, label %185 %188 = icmp eq %struct.perf_buffer* %157, null br i1 %188, label %189, label %277 %278 = load i64, i64* %21, align 8 %279 = lshr i64 %278, 1 %280 = trunc i64 %279 to i32 %281 = and i32 %280, 1 %282 = load i64, i64* %34, align 8 %283 = trunc i64 %156 to i32 %284 = getelementptr inbounds %struct.perf_event.115424, %struct.perf_event.115424* %5, i64 0, i32 21, i32 16 %285 = load i32, i32* %284, align 8 %286 = zext i32 %285 to i64 %287 = tail call i32 bitcast (i32 (%struct.perf_buffer*, %struct.perf_event*, i64, i32, i64, i32)* @rb_alloc_aux to i32 (%struct.perf_buffer*, %struct.perf_event.115424*, i64, i32, i64, i32)*)(%struct.perf_buffer* nonnull %157, %struct.perf_event.115424* %5, i64 %282, i32 %283, i64 %286, i32 %281) #78 Function:rb_alloc_aux %7 = and i32 %5, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 34 %10 = load i32, i32* %9, align 4 %11 = icmp eq i32 %10, -1 br i1 %11, label %19, label %12 %20 = phi i32 [ %18, %12 ], [ -1, %6 ] %21 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %1, i64 0, i32 12 %22 = load %struct.pmu*, %struct.pmu** %21, align 8 %23 = getelementptr inbounds %struct.pmu, %struct.pmu* %22, i64 0, i32 31 %24 = load i8* (%struct.perf_event*, i8**, i32, i1)*, i8* (%struct.perf_event*, i8**, i32, i1)** %23, align 8 %25 = icmp eq i8* (%struct.perf_event*, i8**, i32, i1)* %24, null br i1 %25, label %162, label %26 br i1 %8, label %36, label %27 %28 = icmp eq i64 %4, 0 %29 = shl i32 %3, 11 %30 = sext i32 %29 to i64 %31 = select i1 %28, i64 %30, i64 %4 %32 = add i64 %31, -1 %33 = lshr i64 %32, 12 %34 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %33, i32 -1) #4, !srcloc !4 %35 = add i32 %34, 1 br label %38 %39 = phi i32 [ %37, %36 ], [ %35, %27 ] %40 = phi i64 [ 0, %36 ], [ %31, %27 ] %41 = sext i32 %3 to i64 %43 = extractvalue { i64, i1 } %42, 1 br i1 %43, label %44, label %47, !prof !6, !misexpect !7 %48 = extractvalue { i64, i1 } %42, 0 %49 = tail call noalias align 8 i8* @__kmalloc_node(i64 %48, i32 3520, i32 %20) #78 Function:__kmalloc_node %4 = icmp ugt i64 %0, 8192 br i1 %4, label %5, label %29, !prof !4, !misexpect !5 %6 = tail call fastcc i8* @kmalloc_large_node(i64 %0, i32 %1, i32 %2) #78 Function:kmalloc_large_node %4 = add i64 %0, -1 %5 = lshr i64 %4, 12 %6 = tail call i32 asm "bsrq $1,${0:q}", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i64 %5, i32 -1) #4, !srcloc !4 %7 = add i32 %6, 1 %8 = or i32 %1, 262144 %9 = icmp eq i32 %2, -1 br i1 %9, label %10, label %12 %13 = phi i32 [ %11, %10 ], [ %2, %3 ] %14 = tail call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %8, i32 %7, i32 %13, %struct.cpumask* null) #78 Function:__alloc_pages %5 = alloca %struct.alloc_context.136342, align 8 %6 = bitcast %struct.alloc_context.136342* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136212** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136212**)) #11, !srcloc !7 %16 = inttoptr i64 %15 to %struct.task_struct.136212* %17 = getelementptr inbounds %struct.task_struct.136212, %struct.task_struct.136212* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !8, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.136176*], [0 x %struct.pglist_data.136176*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.136176*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 0 store %struct.zonelist.136172* %50, %struct.zonelist.136172** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !8 %58 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !9 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #78 br label %76 %77 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.136172, %struct.zonelist.136172* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !8 %84 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !11 %90 = phi %struct.zoneref.136171* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 2 store %struct.zoneref.136171* %90, %struct.zoneref.136171** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %90, i64 0, i32 0 %93 = load %struct.zone.136180*, %struct.zone.136180** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.136180* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.136327* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.136342* nonnull %5) #79 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 1 br label %20 %21 = phi i32 [ %2, %4 ], [ %420, %418 ] %22 = phi %struct.pglist_data.136176* [ null, %4 ], [ %419, %418 ] %23 = and i32 %21, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %25, i64 0, i32 0 %27 = load %struct.zone.136180*, %struct.zone.136180** %26, align 8 %28 = icmp eq %struct.zone.136180* %27, null br i1 %28, label %416, label %29 %30 = and i32 %21, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %21, 3 %33 = zext i32 %32 to i64 %34 = and i32 %21, 24 %35 = and i32 %21, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %21, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %21, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %21, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %21, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.136180* [ %414, %411 ], [ %27, %29 ] %48 = phi %struct.pglist_data.136176* [ %400, %411 ], [ %22, %29 ] %49 = phi %struct.zoneref.136171* [ %412, %411 ], [ %25, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %74, i64 0, i32 0 %76 = load %struct.zone.136180*, %struct.zone.136180** %75, align 8 %77 = icmp eq %struct.zone.136180* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %109 %110 = phi i32 [ %35, %99 ], [ %34, %84 ] %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %116, !prof !6, !misexpect !7 %113 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %114 = load i64, i64* %113, align 32 %115 = add i64 %114, %11 br label %116 %117 = phi i64 [ %115, %112 ], [ %11, %109 ] %118 = sub i64 %94, %117 br i1 %38, label %122, label %119 %120 = sdiv i64 %89, -2 %121 = add i64 %120, %89 br label %122 %123 = phi i64 [ %121, %119 ], [ %89, %116 ] br i1 %111, label %131, label %124, !prof !6, !misexpect !8 br i1 %40, label %128, label %125 %129 = sdiv i64 %123, -4 %130 = add i64 %129, %123 br label %131 %132 = phi i64 [ %127, %125 ], [ %130, %128 ], [ %123, %122 ] %133 = sext i32 %90 to i64 %134 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 3, i64 %133 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %132 %137 = icmp sgt i64 %118, %136 br i1 %137, label %138, label %169 br i1 %8, label %254, label %139 br i1 %12, label %140, label %230 %141 = phi i64 [ %161, %160 ], [ %13, %139 ] %142 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 1 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %160, label %145 %146 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 0 %147 = getelementptr inbounds %struct.list_head, %struct.list_head* %146, i64 0, i32 0 %148 = load volatile %struct.list_head*, %struct.list_head** %147, align 8 %149 = icmp eq %struct.list_head* %148, %146 br i1 %149, label %150, label %254 %151 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 1 %152 = getelementptr inbounds %struct.list_head, %struct.list_head* %151, i64 0, i32 0 %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %163, label %254 %164 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 2 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 0 %166 = load volatile %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %164 br i1 %167, label %168, label %254 br i1 %111, label %160, label %155 %161 = add nsw i64 %141, 1 %162 = icmp eq i64 %161, 11 br i1 %162, label %169, label %140 %170 = icmp eq i64 %88, 0 %171 = or i1 %41, %170 %172 = or i1 %17, %171 br i1 %172, label %230, label %173, !prof !9 %174 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 64 br i1 %111, label %176, label %180, !prof !6, !misexpect !7 %177 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %178 = load i64, i64* %177, align 32 %179 = add i64 %178, %11 br label %180 %181 = phi i64 [ %179, %176 ], [ %11, %173 ] %182 = sub i64 %94, %181 br i1 %38, label %186, label %183 %184 = sdiv i64 %175, -2 %185 = add i64 %184, %175 br label %186 %187 = phi i64 [ %185, %183 ], [ %175, %180 ] br i1 %111, label %195, label %188, !prof !6, !misexpect !8 br i1 %43, label %192, label %189 %193 = sdiv i64 %187, -4 %194 = add i64 %193, %187 br label %195 %196 = phi i64 [ %191, %189 ], [ %194, %192 ], [ %187, %186 ] %197 = add i64 %196, %135 %198 = icmp sgt i64 %182, %197 br i1 %198, label %199, label %230 br i1 %8, label %254, label %200 br i1 %12, label %201, label %230 %202 = phi i64 [ %222, %221 ], [ %13, %200 ] %203 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 1 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %221, label %206 %207 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 0 %208 = getelementptr inbounds %struct.list_head, %struct.list_head* %207, i64 0, i32 0 %209 = load volatile %struct.list_head*, %struct.list_head** %208, align 8 %210 = icmp eq %struct.list_head* %209, %207 br i1 %210, label %211, label %254 %212 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 1 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %212, i64 0, i32 0 %214 = load volatile %struct.list_head*, %struct.list_head** %213, align 8 %215 = icmp eq %struct.list_head* %214, %212 br i1 %215, label %224, label %254 %225 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 2 %226 = getelementptr inbounds %struct.list_head, %struct.list_head* %225, i64 0, i32 0 %227 = load volatile %struct.list_head*, %struct.list_head** %226, align 8 %228 = icmp eq %struct.list_head* %227, %225 br i1 %228, label %229, label %254 br i1 %111, label %221, label %216 %222 = add nsw i64 %202, 1 %223 = icmp eq i64 %222, 11 br i1 %223, label %230, label %201 br i1 %45, label %231, label %254 %232 = load i32, i32* @node_reclaim_mode, align 4 %233 = and i32 %232, 7 %234 = icmp eq i32 %233, 0 br i1 %234, label %399, label %235 %236 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %237 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %236, i64 0, i32 0 %238 = load %struct.zone.136180*, %struct.zone.136180** %237, align 8 %239 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %238, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 4 %242 = load i32, i32* %241, align 8 %243 = tail call i32 @__node_distance(i32 %240, i32 %242) #78 %244 = load i32, i32* @node_reclaim_distance, align 4 %245 = icmp sgt i32 %243, %244 br i1 %245, label %399, label %246 %247 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 5 %248 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %247, align 16 %249 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.136176*, i32, i32)*)(%struct.pglist_data.136176* %248, i32 %0, i32 %1) #78 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #78 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #79 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %11 = icmp ugt i64 %6, 32 %12 = select i1 %11, i64 %6, i64 32 %13 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %14 = bitcast %struct.cpumask** %13 to i8* store i64 %12, i64* %10, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #78 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %91 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %92 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #79 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %560, %679 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #78 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #78 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #78 %157 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #78 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #78 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #78 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #78 %217 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %218 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %693, label %688 %689 = load i64, i64* %71, align 16 %690 = load i64, i64* %72, align 8 %691 = add i64 %689, %226 %692 = add i64 %691, %690 br label %693 %694 = phi i64 [ %692, %688 ], [ %226, %225 ] %695 = load volatile i64, i64* %73, align 8 %696 = icmp eq i64 %695, 0 br i1 %696, label %702, label %697 %698 = load i64, i64* %74, align 16 %699 = load i64, i64* %75, align 8 %700 = add i64 %698, %694 %701 = add i64 %700, %699 br label %702 %703 = phi i64 [ %701, %697 ], [ %694, %693 ] %704 = load volatile i64, i64* %76, align 8 %705 = icmp eq i64 %704, 0 br i1 %705, label %711, label %706 %707 = load i64, i64* %77, align 16 %708 = load i64, i64* %78, align 8 %709 = add i64 %707, %703 %710 = add i64 %709, %708 br label %711 %712 = phi i64 [ %710, %706 ], [ %703, %702 ] %713 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #78 %714 = add i64 %217, %216 %715 = add i64 %714, %218 %716 = icmp ule i64 %715, %712 %717 = load i16, i16* %22, align 8 %718 = and i16 %717, 1 %719 = icmp eq i16 %718, 0 %720 = and i1 %716, %719 br i1 %720, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %711 ] %238 = and i16 %717, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #78 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #78 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %291 = phi i64 [ %283, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %721 %722 = load volatile i64, i64* %84, align 8 %723 = icmp eq i64 %722, 0 br i1 %723, label %729, label %724 %725 = load volatile i64, i64* %86, align 8 %726 = icmp sgt i64 %725, 0 %727 = select i1 %726, i64 %725, i64 0 %728 = add nuw i64 %727, %313 br label %729 %730 = phi i64 [ %728, %724 ], [ %313, %721 ] %731 = icmp eq i32 %301, 2 br i1 %731, label %315, label %732 %733 = load volatile i64, i64* %88, align 8 %734 = icmp eq i64 %733, 0 br i1 %734, label %740, label %735 %736 = load volatile i64, i64* %90, align 8 %737 = icmp sgt i64 %736, 0 %738 = select i1 %737, i64 %736, i64 0 %739 = add i64 %738, %730 br label %740 %741 = phi i64 [ %739, %735 ], [ %730, %732 ] %742 = icmp eq i32 %301, 3 br i1 %742, label %315, label %743 %744 = load volatile i64, i64* %92, align 8 %745 = icmp eq i64 %744, 0 br i1 %745, label %315, label %746 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %730, %729 ], [ %741, %740 ], [ %750, %746 ], [ %741, %743 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %453, label %463 %454 = load volatile i64, i64* %96, align 8 %455 = icmp eq i64 %454, 0 br i1 %455, label %460, label %456 %457 = load volatile i64, i64* %98, align 8 %458 = icmp sgt i64 %457, 0 %459 = select i1 %458, i64 %457, i64 0 br label %460 %461 = phi i64 [ %459, %456 ], [ 0, %453 ] %462 = icmp eq i32 %300, 0 br i1 %462, label %463, label %751 %752 = load volatile i64, i64* %100, align 8 %753 = icmp eq i64 %752, 0 br i1 %753, label %759, label %754 %755 = load volatile i64, i64* %102, align 8 %756 = icmp sgt i64 %755, 0 %757 = select i1 %756, i64 %755, i64 0 %758 = add nuw i64 %757, %461 br label %759 %760 = phi i64 [ %758, %754 ], [ %461, %751 ] %761 = icmp eq i32 %301, 2 br i1 %761, label %463, label %762 %763 = load volatile i64, i64* %104, align 8 %764 = icmp eq i64 %763, 0 br i1 %764, label %770, label %765 %766 = load volatile i64, i64* %106, align 8 %767 = icmp sgt i64 %766, 0 %768 = select i1 %767, i64 %766, i64 0 %769 = add i64 %768, %760 br label %770 %771 = phi i64 [ %769, %765 ], [ %760, %762 ] %772 = icmp eq i32 %301, 3 br i1 %772, label %463, label %773 %774 = load volatile i64, i64* %108, align 8 %775 = icmp eq i64 %774, 0 br i1 %775, label %463, label %776 %464 = phi i64 [ 0, %324 ], [ %461, %460 ], [ %760, %759 ], [ %771, %770 ], [ %780, %776 ], [ %771, %773 ] %465 = lshr i64 %464, %304 switch i32 %294, label %323 [ i32 0, label %471 i32 1, label %468 i32 3, label %466 i32 2, label %466 ] %469 = mul i64 %465, %291 %470 = udiv i64 %469, %295 br label %471 %472 = phi i64 [ %470, %468 ], [ %465, %463 ], [ %467, %466 ] store i64 %472, i64* %38, align 8 br i1 %298, label %473, label %483 %474 = load volatile i64, i64* %112, align 8 %475 = icmp eq i64 %474, 0 br i1 %475, label %480, label %476 %477 = load volatile i64, i64* %114, align 8 %478 = icmp sgt i64 %477, 0 %479 = select i1 %478, i64 %477, i64 0 br label %480 %481 = phi i64 [ %479, %476 ], [ 0, %473 ] %482 = icmp eq i32 %300, 0 br i1 %482, label %483, label %781 %782 = load volatile i64, i64* %116, align 8 %783 = icmp eq i64 %782, 0 br i1 %783, label %789, label %784 %785 = load volatile i64, i64* %118, align 8 %786 = icmp sgt i64 %785, 0 %787 = select i1 %786, i64 %785, i64 0 %788 = add nuw i64 %787, %481 br label %789 %790 = phi i64 [ %788, %784 ], [ %481, %781 ] %791 = icmp eq i32 %301, 2 br i1 %791, label %483, label %792 %793 = load volatile i64, i64* %120, align 8 %794 = icmp eq i64 %793, 0 br i1 %794, label %800, label %795 %796 = load volatile i64, i64* %122, align 8 %797 = icmp sgt i64 %796, 0 %798 = select i1 %797, i64 %796, i64 0 %799 = add i64 %798, %790 br label %800 %801 = phi i64 [ %799, %795 ], [ %790, %792 ] %802 = icmp eq i32 %301, 3 br i1 %802, label %483, label %803 %804 = load volatile i64, i64* %124, align 8 %805 = icmp eq i64 %804, 0 br i1 %805, label %483, label %806 %484 = phi i64 [ 0, %471 ], [ %481, %480 ], [ %790, %789 ], [ %801, %800 ], [ %810, %806 ], [ %801, %803 ] %485 = lshr i64 %484, %304 switch i32 %294, label %323 [ i32 0, label %491 i32 1, label %488 i32 3, label %486 i32 2, label %486 ] %489 = mul i64 %485, %290 %490 = udiv i64 %489, %295 br label %491 %492 = phi i64 [ %490, %488 ], [ %485, %483 ], [ %487, %486 ] store i64 %492, i64* %39, align 16 br i1 %298, label %493, label %503 %494 = load volatile i64, i64* %128, align 8 %495 = icmp eq i64 %494, 0 br i1 %495, label %500, label %496 %497 = load volatile i64, i64* %130, align 8 %498 = icmp sgt i64 %497, 0 %499 = select i1 %498, i64 %497, i64 0 br label %500 %501 = phi i64 [ %499, %496 ], [ 0, %493 ] %502 = icmp eq i32 %300, 0 br i1 %502, label %503, label %811 %812 = load volatile i64, i64* %132, align 8 %813 = icmp eq i64 %812, 0 br i1 %813, label %819, label %814 %815 = load volatile i64, i64* %134, align 8 %816 = icmp sgt i64 %815, 0 %817 = select i1 %816, i64 %815, i64 0 %818 = add nuw i64 %817, %501 br label %819 %820 = phi i64 [ %818, %814 ], [ %501, %811 ] %821 = icmp eq i32 %301, 2 br i1 %821, label %503, label %822 %823 = load volatile i64, i64* %136, align 8 %824 = icmp eq i64 %823, 0 br i1 %824, label %830, label %825 %826 = load volatile i64, i64* %138, align 8 %827 = icmp sgt i64 %826, 0 %828 = select i1 %827, i64 %826, i64 0 %829 = add i64 %828, %820 br label %830 %831 = phi i64 [ %829, %825 ], [ %820, %822 ] %832 = icmp eq i32 %301, 3 br i1 %832, label %503, label %833 %834 = load volatile i64, i64* %140, align 8 %835 = icmp eq i64 %834, 0 br i1 %835, label %503, label %836 %504 = phi i64 [ 0, %491 ], [ %501, %500 ], [ %820, %819 ], [ %831, %830 ], [ %840, %836 ], [ %831, %833 ] %505 = lshr i64 %504, %304 switch i32 %294, label %323 [ i32 0, label %511 i32 1, label %508 i32 3, label %506 i32 2, label %506 ] %509 = mul i64 %505, %290 %510 = udiv i64 %509, %295 br label %511 %512 = phi i64 [ %510, %508 ], [ %505, %503 ], [ %507, %506 ] store i64 %512, i64* %40, align 8 %513 = load i32, i32* %42, align 4 %514 = and i32 %513, 131072 %515 = icmp eq i32 %514, 0 %516 = icmp eq i8 %302, 12 %517 = and i1 %516, %515 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #78 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %492, %325 %527 = or i64 %526, %512 %528 = icmp eq i64 %527, 0 br i1 %528, label %421, label %326 %327 = phi i64 [ %365, %364 ], [ %325, %511 ] %328 = phi i64 [ %366, %364 ], [ 0, %511 ] %329 = phi i64 [ %358, %364 ], [ 0, %511 ] %330 = icmp eq i64 %327, 0 br i1 %330, label %357, label %331 %332 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %328 %333 = icmp ult i64 %327, 32 %334 = select i1 %333, i64 %327, i64 32 %335 = sub i64 %327, %334 store i64 %335, i64* %332, align 8 %336 = trunc i64 %328 to i32 %337 = and i32 %336, 2147483645 %338 = icmp eq i32 %337, 1 br i1 %338, label %339, label %352 %353 = call fastcc i64 @shrink_inactive_list(i64 %334, %struct.lruvec* %11, %struct.scan_control* %1, i32 %336) #78 br label %354 %355 = phi i64 [ %353, %352 ], [ 0, %350 ], [ 0, %349 ] %356 = add i64 %355, %329 br label %357 %358 = phi i64 [ %356, %354 ], [ %329, %326 ] %359 = add nuw nsw i64 %328, 1 %360 = icmp eq i64 %359, 4 br i1 %360, label %367, label %361 %368 = call i32 @__cond_resched() #78 %369 = icmp ult i64 %358, %241 %370 = or i1 %517, %369 br i1 %370, label %414, label %371 %372 = load i64, i64* %39, align 16 %373 = load i64, i64* %40, align 8 %374 = add i64 %373, %372 %375 = load i64, i64* %33, align 16 %376 = load i64, i64* %38, align 8 %377 = add i64 %376, %375 %378 = icmp ne i64 %374, 0 %379 = icmp ne i64 %377, 0 %380 = and i1 %378, %379 br i1 %380, label %381, label %421 %382 = icmp ugt i64 %374, %377 %383 = select i1 %382, i64 %377, i64 %374 %384 = select i1 %382, i64 %525, i64 %521 %385 = select i1 %382, i32 2, i32 0 %386 = select i1 %382, i32 0, i32 2 %387 = mul i64 %383, 100 %388 = udiv i64 %387, %384 %389 = zext i32 %386 to i64 %390 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %389 store i64 0, i64* %390, align 16 %391 = or i32 %386, 1 %392 = zext i32 %391 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 8 %394 = zext i32 %385 to i64 %395 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %394 %396 = load i64, i64* %395, align 16 %397 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %394 %398 = load i64, i64* %397, align 16 %399 = sub i64 %396, %398 %400 = sub i64 100, %388 %401 = mul i64 %396, %400 %402 = udiv i64 %401, 100 store i64 %403, i64* %397, align 16 %404 = or i32 %385, 1 %405 = zext i32 %404 to i64 %406 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %405 %407 = load i64, i64* %406, align 8 %408 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %405 %409 = load i64, i64* %408, align 8 %410 = sub i64 %407, %409 %411 = mul i64 %407, %400 %412 = udiv i64 %411, 100 store i64 %413, i64* %408, align 8 br label %414 %415 = load i64, i64* %33, align 16 %416 = load i64, i64* %40, align 8 %417 = load i64, i64* %39, align 16 %418 = or i64 %416, %415 %419 = or i64 %418, %417 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %364 %422 = phi i64 [ 0, %511 ], [ %358, %371 ], [ %358, %414 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 allocate_slab 12 ___slab_alloc 13 kmem_cache_alloc_node 14 create_task_io_context 15 get_task_io_context 16 set_task_ioprio 17 __se_sys_ioprio_set 18 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #78 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #78 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #78 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #78 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295739* (%struct.task_struct.295774*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #78 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %14 = load %struct.io_context.295739*, %struct.io_context.295739** %10, align 8 %15 = icmp eq %struct.io_context.295739* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295774* %0, i32 %1, i32 %2) #79 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %270, label %268, !prof !5, !misexpect !6 %269 = call i32 @kmalloc_fix_flags(i32 %1) #78 br label %270 %271 = phi i32 [ %269, %268 ], [ %1, %267 ] %272 = load void (i8*)*, void (i8*)** %16, align 8 %273 = icmp ne void (i8*)* %272, null %274 = and i32 %271, 256 %275 = icmp ne i32 %274, 0 %276 = and i1 %273, %275 br i1 %276, label %277, label %278, !prof !29, !misexpect !6 %279 = and i32 %271, 3927776 %280 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %279, i32 %203) #78 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %31 = tail call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %25, i32 %15, i32 %2, %struct.cpumask* null) #78 %32 = icmp eq %struct.page* %31, null br i1 %32, label %38, label %49, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %40 = load i32, i32* %39, align 8 %41 = lshr i32 %40, 16 %42 = tail call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %10, i32 %41, i32 %2, %struct.cpumask* null) #78 Function:__alloc_pages %5 = alloca %struct.alloc_context.136342, align 8 %6 = bitcast %struct.alloc_context.136342* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136212** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136212**)) #11, !srcloc !7 %16 = inttoptr i64 %15 to %struct.task_struct.136212* %17 = getelementptr inbounds %struct.task_struct.136212, %struct.task_struct.136212* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !8, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.136176*], [0 x %struct.pglist_data.136176*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.136176*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 0 store %struct.zonelist.136172* %50, %struct.zonelist.136172** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !8 %58 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !9 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #78 br label %76 %77 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.136172, %struct.zonelist.136172* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !8 %84 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !11 %90 = phi %struct.zoneref.136171* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 2 store %struct.zoneref.136171* %90, %struct.zoneref.136171** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %90, i64 0, i32 0 %93 = load %struct.zone.136180*, %struct.zone.136180** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.136180* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.136327* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.136342* nonnull %5) #79 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 1 br label %20 %21 = phi i32 [ %2, %4 ], [ %420, %418 ] %22 = phi %struct.pglist_data.136176* [ null, %4 ], [ %419, %418 ] %23 = and i32 %21, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %25, i64 0, i32 0 %27 = load %struct.zone.136180*, %struct.zone.136180** %26, align 8 %28 = icmp eq %struct.zone.136180* %27, null br i1 %28, label %416, label %29 %30 = and i32 %21, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %21, 3 %33 = zext i32 %32 to i64 %34 = and i32 %21, 24 %35 = and i32 %21, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %21, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %21, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %21, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %21, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.136180* [ %414, %411 ], [ %27, %29 ] %48 = phi %struct.pglist_data.136176* [ %400, %411 ], [ %22, %29 ] %49 = phi %struct.zoneref.136171* [ %412, %411 ], [ %25, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %74, i64 0, i32 0 %76 = load %struct.zone.136180*, %struct.zone.136180** %75, align 8 %77 = icmp eq %struct.zone.136180* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %109 %110 = phi i32 [ %35, %99 ], [ %34, %84 ] %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %116, !prof !6, !misexpect !7 %113 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %114 = load i64, i64* %113, align 32 %115 = add i64 %114, %11 br label %116 %117 = phi i64 [ %115, %112 ], [ %11, %109 ] %118 = sub i64 %94, %117 br i1 %38, label %122, label %119 %120 = sdiv i64 %89, -2 %121 = add i64 %120, %89 br label %122 %123 = phi i64 [ %121, %119 ], [ %89, %116 ] br i1 %111, label %131, label %124, !prof !6, !misexpect !8 br i1 %40, label %128, label %125 %129 = sdiv i64 %123, -4 %130 = add i64 %129, %123 br label %131 %132 = phi i64 [ %127, %125 ], [ %130, %128 ], [ %123, %122 ] %133 = sext i32 %90 to i64 %134 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 3, i64 %133 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %132 %137 = icmp sgt i64 %118, %136 br i1 %137, label %138, label %169 br i1 %8, label %254, label %139 br i1 %12, label %140, label %230 %141 = phi i64 [ %161, %160 ], [ %13, %139 ] %142 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 1 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %160, label %145 %146 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 0 %147 = getelementptr inbounds %struct.list_head, %struct.list_head* %146, i64 0, i32 0 %148 = load volatile %struct.list_head*, %struct.list_head** %147, align 8 %149 = icmp eq %struct.list_head* %148, %146 br i1 %149, label %150, label %254 %151 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 1 %152 = getelementptr inbounds %struct.list_head, %struct.list_head* %151, i64 0, i32 0 %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %163, label %254 %164 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 2 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 0 %166 = load volatile %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %164 br i1 %167, label %168, label %254 br i1 %111, label %160, label %155 %161 = add nsw i64 %141, 1 %162 = icmp eq i64 %161, 11 br i1 %162, label %169, label %140 %170 = icmp eq i64 %88, 0 %171 = or i1 %41, %170 %172 = or i1 %17, %171 br i1 %172, label %230, label %173, !prof !9 %174 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 64 br i1 %111, label %176, label %180, !prof !6, !misexpect !7 %177 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %178 = load i64, i64* %177, align 32 %179 = add i64 %178, %11 br label %180 %181 = phi i64 [ %179, %176 ], [ %11, %173 ] %182 = sub i64 %94, %181 br i1 %38, label %186, label %183 %184 = sdiv i64 %175, -2 %185 = add i64 %184, %175 br label %186 %187 = phi i64 [ %185, %183 ], [ %175, %180 ] br i1 %111, label %195, label %188, !prof !6, !misexpect !8 br i1 %43, label %192, label %189 %193 = sdiv i64 %187, -4 %194 = add i64 %193, %187 br label %195 %196 = phi i64 [ %191, %189 ], [ %194, %192 ], [ %187, %186 ] %197 = add i64 %196, %135 %198 = icmp sgt i64 %182, %197 br i1 %198, label %199, label %230 br i1 %8, label %254, label %200 br i1 %12, label %201, label %230 %202 = phi i64 [ %222, %221 ], [ %13, %200 ] %203 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 1 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %221, label %206 %207 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 0 %208 = getelementptr inbounds %struct.list_head, %struct.list_head* %207, i64 0, i32 0 %209 = load volatile %struct.list_head*, %struct.list_head** %208, align 8 %210 = icmp eq %struct.list_head* %209, %207 br i1 %210, label %211, label %254 %212 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 1 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %212, i64 0, i32 0 %214 = load volatile %struct.list_head*, %struct.list_head** %213, align 8 %215 = icmp eq %struct.list_head* %214, %212 br i1 %215, label %224, label %254 %225 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 2 %226 = getelementptr inbounds %struct.list_head, %struct.list_head* %225, i64 0, i32 0 %227 = load volatile %struct.list_head*, %struct.list_head** %226, align 8 %228 = icmp eq %struct.list_head* %227, %225 br i1 %228, label %229, label %254 br i1 %111, label %221, label %216 %222 = add nsw i64 %202, 1 %223 = icmp eq i64 %222, 11 br i1 %223, label %230, label %201 br i1 %45, label %231, label %254 %232 = load i32, i32* @node_reclaim_mode, align 4 %233 = and i32 %232, 7 %234 = icmp eq i32 %233, 0 br i1 %234, label %399, label %235 %236 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %237 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %236, i64 0, i32 0 %238 = load %struct.zone.136180*, %struct.zone.136180** %237, align 8 %239 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %238, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 4 %242 = load i32, i32* %241, align 8 %243 = tail call i32 @__node_distance(i32 %240, i32 %242) #78 %244 = load i32, i32* @node_reclaim_distance, align 4 %245 = icmp sgt i32 %243, %244 br i1 %245, label %399, label %246 %247 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 5 %248 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %247, align 16 %249 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.136176*, i32, i32)*)(%struct.pglist_data.136176* %248, i32 %0, i32 %1) #78 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #78 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #79 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %11 = icmp ugt i64 %6, 32 %12 = select i1 %11, i64 %6, i64 32 %13 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %14 = bitcast %struct.cpumask** %13 to i8* store i64 %12, i64* %10, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #78 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %91 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %92 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #79 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %560, %679 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #78 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #78 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #78 %157 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #78 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #78 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #78 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #78 %217 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %218 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %693, label %688 %689 = load i64, i64* %71, align 16 %690 = load i64, i64* %72, align 8 %691 = add i64 %689, %226 %692 = add i64 %691, %690 br label %693 %694 = phi i64 [ %692, %688 ], [ %226, %225 ] %695 = load volatile i64, i64* %73, align 8 %696 = icmp eq i64 %695, 0 br i1 %696, label %702, label %697 %698 = load i64, i64* %74, align 16 %699 = load i64, i64* %75, align 8 %700 = add i64 %698, %694 %701 = add i64 %700, %699 br label %702 %703 = phi i64 [ %701, %697 ], [ %694, %693 ] %704 = load volatile i64, i64* %76, align 8 %705 = icmp eq i64 %704, 0 br i1 %705, label %711, label %706 %707 = load i64, i64* %77, align 16 %708 = load i64, i64* %78, align 8 %709 = add i64 %707, %703 %710 = add i64 %709, %708 br label %711 %712 = phi i64 [ %710, %706 ], [ %703, %702 ] %713 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #78 %714 = add i64 %217, %216 %715 = add i64 %714, %218 %716 = icmp ule i64 %715, %712 %717 = load i16, i16* %22, align 8 %718 = and i16 %717, 1 %719 = icmp eq i16 %718, 0 %720 = and i1 %716, %719 br i1 %720, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %711 ] %238 = and i16 %717, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #78 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #78 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %291 = phi i64 [ %283, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %721 %722 = load volatile i64, i64* %84, align 8 %723 = icmp eq i64 %722, 0 br i1 %723, label %729, label %724 %725 = load volatile i64, i64* %86, align 8 %726 = icmp sgt i64 %725, 0 %727 = select i1 %726, i64 %725, i64 0 %728 = add nuw i64 %727, %313 br label %729 %730 = phi i64 [ %728, %724 ], [ %313, %721 ] %731 = icmp eq i32 %301, 2 br i1 %731, label %315, label %732 %733 = load volatile i64, i64* %88, align 8 %734 = icmp eq i64 %733, 0 br i1 %734, label %740, label %735 %736 = load volatile i64, i64* %90, align 8 %737 = icmp sgt i64 %736, 0 %738 = select i1 %737, i64 %736, i64 0 %739 = add i64 %738, %730 br label %740 %741 = phi i64 [ %739, %735 ], [ %730, %732 ] %742 = icmp eq i32 %301, 3 br i1 %742, label %315, label %743 %744 = load volatile i64, i64* %92, align 8 %745 = icmp eq i64 %744, 0 br i1 %745, label %315, label %746 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %730, %729 ], [ %741, %740 ], [ %750, %746 ], [ %741, %743 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %453, label %463 %454 = load volatile i64, i64* %96, align 8 %455 = icmp eq i64 %454, 0 br i1 %455, label %460, label %456 %457 = load volatile i64, i64* %98, align 8 %458 = icmp sgt i64 %457, 0 %459 = select i1 %458, i64 %457, i64 0 br label %460 %461 = phi i64 [ %459, %456 ], [ 0, %453 ] %462 = icmp eq i32 %300, 0 br i1 %462, label %463, label %751 %752 = load volatile i64, i64* %100, align 8 %753 = icmp eq i64 %752, 0 br i1 %753, label %759, label %754 %755 = load volatile i64, i64* %102, align 8 %756 = icmp sgt i64 %755, 0 %757 = select i1 %756, i64 %755, i64 0 %758 = add nuw i64 %757, %461 br label %759 %760 = phi i64 [ %758, %754 ], [ %461, %751 ] %761 = icmp eq i32 %301, 2 br i1 %761, label %463, label %762 %763 = load volatile i64, i64* %104, align 8 %764 = icmp eq i64 %763, 0 br i1 %764, label %770, label %765 %766 = load volatile i64, i64* %106, align 8 %767 = icmp sgt i64 %766, 0 %768 = select i1 %767, i64 %766, i64 0 %769 = add i64 %768, %760 br label %770 %771 = phi i64 [ %769, %765 ], [ %760, %762 ] %772 = icmp eq i32 %301, 3 br i1 %772, label %463, label %773 %774 = load volatile i64, i64* %108, align 8 %775 = icmp eq i64 %774, 0 br i1 %775, label %463, label %776 %464 = phi i64 [ 0, %324 ], [ %461, %460 ], [ %760, %759 ], [ %771, %770 ], [ %780, %776 ], [ %771, %773 ] %465 = lshr i64 %464, %304 switch i32 %294, label %323 [ i32 0, label %471 i32 1, label %468 i32 3, label %466 i32 2, label %466 ] %469 = mul i64 %465, %291 %470 = udiv i64 %469, %295 br label %471 %472 = phi i64 [ %470, %468 ], [ %465, %463 ], [ %467, %466 ] store i64 %472, i64* %38, align 8 br i1 %298, label %473, label %483 %474 = load volatile i64, i64* %112, align 8 %475 = icmp eq i64 %474, 0 br i1 %475, label %480, label %476 %477 = load volatile i64, i64* %114, align 8 %478 = icmp sgt i64 %477, 0 %479 = select i1 %478, i64 %477, i64 0 br label %480 %481 = phi i64 [ %479, %476 ], [ 0, %473 ] %482 = icmp eq i32 %300, 0 br i1 %482, label %483, label %781 %782 = load volatile i64, i64* %116, align 8 %783 = icmp eq i64 %782, 0 br i1 %783, label %789, label %784 %785 = load volatile i64, i64* %118, align 8 %786 = icmp sgt i64 %785, 0 %787 = select i1 %786, i64 %785, i64 0 %788 = add nuw i64 %787, %481 br label %789 %790 = phi i64 [ %788, %784 ], [ %481, %781 ] %791 = icmp eq i32 %301, 2 br i1 %791, label %483, label %792 %793 = load volatile i64, i64* %120, align 8 %794 = icmp eq i64 %793, 0 br i1 %794, label %800, label %795 %796 = load volatile i64, i64* %122, align 8 %797 = icmp sgt i64 %796, 0 %798 = select i1 %797, i64 %796, i64 0 %799 = add i64 %798, %790 br label %800 %801 = phi i64 [ %799, %795 ], [ %790, %792 ] %802 = icmp eq i32 %301, 3 br i1 %802, label %483, label %803 %804 = load volatile i64, i64* %124, align 8 %805 = icmp eq i64 %804, 0 br i1 %805, label %483, label %806 %484 = phi i64 [ 0, %471 ], [ %481, %480 ], [ %790, %789 ], [ %801, %800 ], [ %810, %806 ], [ %801, %803 ] %485 = lshr i64 %484, %304 switch i32 %294, label %323 [ i32 0, label %491 i32 1, label %488 i32 3, label %486 i32 2, label %486 ] %489 = mul i64 %485, %290 %490 = udiv i64 %489, %295 br label %491 %492 = phi i64 [ %490, %488 ], [ %485, %483 ], [ %487, %486 ] store i64 %492, i64* %39, align 16 br i1 %298, label %493, label %503 %494 = load volatile i64, i64* %128, align 8 %495 = icmp eq i64 %494, 0 br i1 %495, label %500, label %496 %497 = load volatile i64, i64* %130, align 8 %498 = icmp sgt i64 %497, 0 %499 = select i1 %498, i64 %497, i64 0 br label %500 %501 = phi i64 [ %499, %496 ], [ 0, %493 ] %502 = icmp eq i32 %300, 0 br i1 %502, label %503, label %811 %812 = load volatile i64, i64* %132, align 8 %813 = icmp eq i64 %812, 0 br i1 %813, label %819, label %814 %815 = load volatile i64, i64* %134, align 8 %816 = icmp sgt i64 %815, 0 %817 = select i1 %816, i64 %815, i64 0 %818 = add nuw i64 %817, %501 br label %819 %820 = phi i64 [ %818, %814 ], [ %501, %811 ] %821 = icmp eq i32 %301, 2 br i1 %821, label %503, label %822 %823 = load volatile i64, i64* %136, align 8 %824 = icmp eq i64 %823, 0 br i1 %824, label %830, label %825 %826 = load volatile i64, i64* %138, align 8 %827 = icmp sgt i64 %826, 0 %828 = select i1 %827, i64 %826, i64 0 %829 = add i64 %828, %820 br label %830 %831 = phi i64 [ %829, %825 ], [ %820, %822 ] %832 = icmp eq i32 %301, 3 br i1 %832, label %503, label %833 %834 = load volatile i64, i64* %140, align 8 %835 = icmp eq i64 %834, 0 br i1 %835, label %503, label %836 %504 = phi i64 [ 0, %491 ], [ %501, %500 ], [ %820, %819 ], [ %831, %830 ], [ %840, %836 ], [ %831, %833 ] %505 = lshr i64 %504, %304 switch i32 %294, label %323 [ i32 0, label %511 i32 1, label %508 i32 3, label %506 i32 2, label %506 ] %509 = mul i64 %505, %290 %510 = udiv i64 %509, %295 br label %511 %512 = phi i64 [ %510, %508 ], [ %505, %503 ], [ %507, %506 ] store i64 %512, i64* %40, align 8 %513 = load i32, i32* %42, align 4 %514 = and i32 %513, 131072 %515 = icmp eq i32 %514, 0 %516 = icmp eq i8 %302, 12 %517 = and i1 %516, %515 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #78 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %492, %325 %527 = or i64 %526, %512 %528 = icmp eq i64 %527, 0 br i1 %528, label %421, label %326 %327 = phi i64 [ %365, %364 ], [ %325, %511 ] %328 = phi i64 [ %366, %364 ], [ 0, %511 ] %329 = phi i64 [ %358, %364 ], [ 0, %511 ] %330 = icmp eq i64 %327, 0 br i1 %330, label %357, label %331 %332 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %328 %333 = icmp ult i64 %327, 32 %334 = select i1 %333, i64 %327, i64 32 %335 = sub i64 %327, %334 store i64 %335, i64* %332, align 8 %336 = trunc i64 %328 to i32 %337 = and i32 %336, 2147483645 %338 = icmp eq i32 %337, 1 br i1 %338, label %339, label %352 %353 = call fastcc i64 @shrink_inactive_list(i64 %334, %struct.lruvec* %11, %struct.scan_control* %1, i32 %336) #78 br label %354 %355 = phi i64 [ %353, %352 ], [ 0, %350 ], [ 0, %349 ] %356 = add i64 %355, %329 br label %357 %358 = phi i64 [ %356, %354 ], [ %329, %326 ] %359 = add nuw nsw i64 %328, 1 %360 = icmp eq i64 %359, 4 br i1 %360, label %367, label %361 %368 = call i32 @__cond_resched() #78 %369 = icmp ult i64 %358, %241 %370 = or i1 %517, %369 br i1 %370, label %414, label %371 %372 = load i64, i64* %39, align 16 %373 = load i64, i64* %40, align 8 %374 = add i64 %373, %372 %375 = load i64, i64* %33, align 16 %376 = load i64, i64* %38, align 8 %377 = add i64 %376, %375 %378 = icmp ne i64 %374, 0 %379 = icmp ne i64 %377, 0 %380 = and i1 %378, %379 br i1 %380, label %381, label %421 %382 = icmp ugt i64 %374, %377 %383 = select i1 %382, i64 %377, i64 %374 %384 = select i1 %382, i64 %525, i64 %521 %385 = select i1 %382, i32 2, i32 0 %386 = select i1 %382, i32 0, i32 2 %387 = mul i64 %383, 100 %388 = udiv i64 %387, %384 %389 = zext i32 %386 to i64 %390 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %389 store i64 0, i64* %390, align 16 %391 = or i32 %386, 1 %392 = zext i32 %391 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 8 %394 = zext i32 %385 to i64 %395 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %394 %396 = load i64, i64* %395, align 16 %397 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %394 %398 = load i64, i64* %397, align 16 %399 = sub i64 %396, %398 %400 = sub i64 100, %388 %401 = mul i64 %396, %400 %402 = udiv i64 %401, 100 store i64 %403, i64* %397, align 16 %404 = or i32 %385, 1 %405 = zext i32 %404 to i64 %406 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %405 %407 = load i64, i64* %406, align 8 %408 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %405 %409 = load i64, i64* %408, align 8 %410 = sub i64 %407, %409 %411 = mul i64 %407, %400 %412 = udiv i64 %411, 100 store i64 %413, i64* %408, align 8 br label %414 %415 = load i64, i64* %33, align 16 %416 = load i64, i64* %40, align 8 %417 = load i64, i64* %39, align 16 %418 = or i64 %416, %415 %419 = or i64 %418, %417 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %364 %422 = phi i64 [ 0, %511 ], [ %358, %371 ], [ %358, %414 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 allocate_slab 12 ___slab_alloc 13 kmem_cache_alloc_node 14 create_task_io_context 15 get_task_io_context 16 set_task_ioprio 17 __se_sys_ioprio_set 18 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = lshr i32 %6, 13 %8 = and i32 %7, 7 %9 = and i32 %6, 8191 switch i32 %8, label %167 [ i32 1, label %10 i32 2, label %14 i32 3, label %18 i32 0, label %16 ] %17 = icmp eq i32 %9, 0 br i1 %17, label %18, label %167 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %164 [ i32 1, label %19 i32 2, label %31 i32 3, label %94 ] %95 = icmp eq i32 %5, -1 br i1 %95, label %164, label %96 %97 = icmp eq i32 %5, 0 br i1 %97, label %98, label %105 %106 = tail call %struct.user_struct* @find_user(i32 %5) #78 br label %107 %108 = phi %struct.user_struct* [ %106, %105 ], [ %104, %98 ] %109 = icmp eq %struct.user_struct* %108, null br i1 %109, label %164, label %110 %111 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.task_struct, %struct.task_struct* bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.task_struct*), i64 0, i32 35, i32 0), align 16 %112 = getelementptr %struct.list_head, %struct.list_head* %111, i64 -63 %113 = icmp eq %struct.list_head* %112, bitcast ({ %struct.thread_info, i32, i8*, %struct.seqcount_spinlock, i32, i32, i32, %struct.__call_single_node, i32, i32, i64, %struct.task_struct*, i32, i32, i32, i32, i32, i32, i32, %struct.sched_class*, [56 x i8], %struct.sched_entity, %struct.sched_rt_entity, %struct.sched_dl_entity, %struct.task_group*, i32, i32, i32, %struct.cpumask*, %struct.cpumask*, %struct.cpumask, i8*, i16, i16, %struct.sched_info, %struct.list_head, %struct.plist_node, %struct.rb_node, %struct.mm_struct*, %struct.mm_struct*, %struct.vmacache, %struct.task_rss_stat, i32, i32, i32, i32, i64, i32, i8, [3 x i8], i8, i64, %struct.restart_block, i32, i32, i64, %struct.task_struct*, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.task_struct*, %struct.list_head, %struct.list_head, %struct.pid*, [4 x %struct.hlist_node], %struct.list_head, %struct.list_head, %struct.completion*, i32*, i32*, i8*, i64, i64, i64, %struct.prev_cputime, i64, i64, i64, i64, i64, i64, %struct.posix_cputimers, %struct.posix_cputimers_work, %struct.cred*, %struct.cred*, %struct.cred*, %struct.key*, [16 x i8], %struct.nameidata*, %struct.sysv_sem, %struct.sysv_shm, %struct.fs_struct*, %struct.files_struct*, %struct.io_uring_task*, %struct.nsproxy*, %struct.signal_struct*, %struct.sighand_struct*, %struct.cpumask, %struct.cpumask, %struct.cpumask, %struct.sigpending, i64, i64, i32, %struct.callback_head*, %struct.audit_context*, %struct.kuid_t, i32, %struct.seccomp, %struct.syscall_user_dispatch, i64, i64, %struct.spinlock, %struct.raw_spinlock, %struct.wake_q_node, %struct.rb_root_cached, %struct.task_struct*, %struct.rt_mutex_waiter*, i8*, %struct.bio_list*, %struct.blk_plug*, %struct.reclaim_state*, %struct.backing_dev_info*, %struct.io_context*, %struct.capture_control*, i64, %struct.kernel_siginfo*, %struct.task_io_accounting, i64, i64, i64, %struct.cpumask, %struct.seqcount_spinlock, i32, i32, %struct.css_set*, %struct.list_head, %struct.robust_list_head*, %struct.compat_robust_list_head*, %struct.list_head, %struct.futex_pi_state*, %struct.mutex, i32, [2 x %struct.perf_event_context*], %struct.mutex, %struct.list_head, %struct.mempolicy*, i16, i16, %struct.rseq*, i32, i64, %struct.tlbflush_unmap_batch, %union.anon.46, %struct.pipe_inode_info*, %struct.page_frag, %struct.task_delay_info*, i32, i32, i64, i64, i64, i64, i64, %struct.uprobe_task*, %struct.lock_class_key, i32, %struct.task_struct*, %struct.timer_list, %struct.vm_struct*, %struct.seqcount_spinlock, i8*, i8*, i64, i64, i8, i8, i8, i8, i8, i8, i8, i8, %struct.callback_head, i32, %struct.llist_node, %struct.callback_head, [40 x i8], %struct.thread_struct }* @init_task to %struct.list_head*) br i1 %113, label %161, label %120 %121 = phi %struct.list_head* [ %117, %114 ], [ %111, %110 ] %122 = phi i32 [ %115, %114 ], [ -3, %110 ] %123 = getelementptr %struct.list_head, %struct.list_head* %121, i64 51 %124 = bitcast %struct.list_head* %123 to %struct.signal_struct** %125 = load %struct.signal_struct*, %struct.signal_struct** %124, align 32 %126 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3, i32 0 %127 = load volatile %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr %struct.list_head, %struct.list_head* %127, i64 -92, i32 1 %129 = getelementptr inbounds %struct.list_head*, %struct.list_head** %128, i64 183 %130 = bitcast %struct.list_head** %129 to %struct.list_head* %131 = getelementptr inbounds %struct.signal_struct, %struct.signal_struct* %125, i64 0, i32 3 %132 = icmp eq %struct.list_head* %131, %130 br i1 %132, label %114, label %133 %134 = phi %struct.list_head** [ %156, %152 ], [ %129, %120 ] %135 = phi %struct.list_head** [ %155, %152 ], [ %128, %120 ] %136 = phi %struct.list_head* [ %154, %152 ], [ %127, %120 ] %137 = phi i32 [ %153, %152 ], [ %122, %120 ] %138 = getelementptr %struct.list_head, %struct.list_head* %136, i64 -92, i32 1 %139 = bitcast %struct.list_head** %135 to %struct.task_struct* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %140 = getelementptr inbounds %struct.list_head*, %struct.list_head** %138, i64 215 %141 = bitcast %struct.list_head** %140 to %struct.cred** %142 = load volatile %struct.cred*, %struct.cred** %141, align 8 %143 = getelementptr inbounds %struct.cred, %struct.cred* %142, i64 0, i32 1, i32 0 %144 = load i32, i32* %143, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 %145 = icmp eq i32 %144, %5 br i1 %145, label %146, label %152 %147 = tail call i32 @__task_pid_nr_ns(%struct.task_struct* %139, i32 0, %struct.pid_namespace* null) #78 %148 = icmp eq i32 %147, 0 br i1 %148, label %152, label %149 %150 = tail call i32 @set_task_ioprio(%struct.task_struct* %139, i32 %6) #78 Function:set_task_ioprio %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct* %5 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %4, i64 0, i32 85 %6 = load %struct.cred*, %struct.cred** %5, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %0, i64 0, i32 84 %8 = load volatile %struct.cred*, %struct.cred** %7, align 8 %9 = getelementptr inbounds %struct.cred, %struct.cred* %8, i64 0, i32 1, i32 0 %10 = load i32, i32* %9, align 4 %11 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 5, i32 0 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %10, %12 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.cred, %struct.cred* %6, i64 0, i32 1, i32 0 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %10, %16 br i1 %17, label %21, label %18 %19 = tail call zeroext i1 @capable(i32 23) #78 br i1 %19, label %21, label %20 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 %22 = tail call i32 @security_task_setioprio(%struct.task_struct* %0, i32 %1) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %30 %25 = tail call %struct.io_context* bitcast (%struct.io_context.295739* (%struct.task_struct.295774*, i32, i32)* @get_task_io_context to %struct.io_context* (%struct.task_struct*, i32, i32)*)(%struct.task_struct* %0, i32 2592, i32 -1) #78 Function:get_task_io_context %4 = and i32 %1, 1024 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %9 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112, i32 0, i32 0 %10 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 123 %11 = getelementptr inbounds %struct.task_struct.295774, %struct.task_struct.295774* %0, i64 0, i32 112 %12 = bitcast %struct.spinlock* %11 to i8* br label %13 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #78 %14 = load %struct.io_context.295739*, %struct.io_context.295739** %10, align 8 %15 = icmp eq %struct.io_context.295739* %14, null br i1 %15, label %22, label %16, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %12, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %23 = tail call i32 @create_task_io_context(%struct.task_struct.295774* %0, i32 %1, i32 %2) #79 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %270, label %268, !prof !5, !misexpect !6 %269 = call i32 @kmalloc_fix_flags(i32 %1) #78 br label %270 %271 = phi i32 [ %269, %268 ], [ %1, %267 ] %272 = load void (i8*)*, void (i8*)** %16, align 8 %273 = icmp ne void (i8*)* %272, null %274 = and i32 %271, 256 %275 = icmp ne i32 %274, 0 %276 = and i1 %273, %275 br i1 %276, label %277, label %278, !prof !29, !misexpect !6 %279 = and i32 %271, 3927776 %280 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %279, i32 %203) #78 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %31 = tail call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %25, i32 %15, i32 %2, %struct.cpumask* null) #78 %32 = icmp eq %struct.page* %31, null br i1 %32, label %38, label %49, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %40 = load i32, i32* %39, align 8 %41 = lshr i32 %40, 16 %42 = tail call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %10, i32 %41, i32 %2, %struct.cpumask* null) #78 Function:__alloc_pages %5 = alloca %struct.alloc_context.136342, align 8 %6 = bitcast %struct.alloc_context.136342* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136212** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136212**)) #11, !srcloc !7 %16 = inttoptr i64 %15 to %struct.task_struct.136212* %17 = getelementptr inbounds %struct.task_struct.136212, %struct.task_struct.136212* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !8, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.136176*], [0 x %struct.pglist_data.136176*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.136176*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 0 store %struct.zonelist.136172* %50, %struct.zonelist.136172** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !8 %58 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !9 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #78 br label %76 %77 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.136172, %struct.zonelist.136172* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !8 %84 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !11 %90 = phi %struct.zoneref.136171* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 2 store %struct.zoneref.136171* %90, %struct.zoneref.136171** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %90, i64 0, i32 0 %93 = load %struct.zone.136180*, %struct.zone.136180** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.136180* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.136327* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.136342* nonnull %5) #79 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 1 br label %20 %21 = phi i32 [ %2, %4 ], [ %420, %418 ] %22 = phi %struct.pglist_data.136176* [ null, %4 ], [ %419, %418 ] %23 = and i32 %21, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %25, i64 0, i32 0 %27 = load %struct.zone.136180*, %struct.zone.136180** %26, align 8 %28 = icmp eq %struct.zone.136180* %27, null br i1 %28, label %416, label %29 %30 = and i32 %21, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %21, 3 %33 = zext i32 %32 to i64 %34 = and i32 %21, 24 %35 = and i32 %21, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %21, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %21, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %21, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %21, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.136180* [ %414, %411 ], [ %27, %29 ] %48 = phi %struct.pglist_data.136176* [ %400, %411 ], [ %22, %29 ] %49 = phi %struct.zoneref.136171* [ %412, %411 ], [ %25, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %74, i64 0, i32 0 %76 = load %struct.zone.136180*, %struct.zone.136180** %75, align 8 %77 = icmp eq %struct.zone.136180* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %109 %110 = phi i32 [ %35, %99 ], [ %34, %84 ] %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %116, !prof !6, !misexpect !7 %113 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %114 = load i64, i64* %113, align 32 %115 = add i64 %114, %11 br label %116 %117 = phi i64 [ %115, %112 ], [ %11, %109 ] %118 = sub i64 %94, %117 br i1 %38, label %122, label %119 %120 = sdiv i64 %89, -2 %121 = add i64 %120, %89 br label %122 %123 = phi i64 [ %121, %119 ], [ %89, %116 ] br i1 %111, label %131, label %124, !prof !6, !misexpect !8 br i1 %40, label %128, label %125 %129 = sdiv i64 %123, -4 %130 = add i64 %129, %123 br label %131 %132 = phi i64 [ %127, %125 ], [ %130, %128 ], [ %123, %122 ] %133 = sext i32 %90 to i64 %134 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 3, i64 %133 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %132 %137 = icmp sgt i64 %118, %136 br i1 %137, label %138, label %169 br i1 %8, label %254, label %139 br i1 %12, label %140, label %230 %141 = phi i64 [ %161, %160 ], [ %13, %139 ] %142 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 1 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %160, label %145 %146 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 0 %147 = getelementptr inbounds %struct.list_head, %struct.list_head* %146, i64 0, i32 0 %148 = load volatile %struct.list_head*, %struct.list_head** %147, align 8 %149 = icmp eq %struct.list_head* %148, %146 br i1 %149, label %150, label %254 %151 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 1 %152 = getelementptr inbounds %struct.list_head, %struct.list_head* %151, i64 0, i32 0 %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %163, label %254 %164 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 2 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 0 %166 = load volatile %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %164 br i1 %167, label %168, label %254 br i1 %111, label %160, label %155 %161 = add nsw i64 %141, 1 %162 = icmp eq i64 %161, 11 br i1 %162, label %169, label %140 %170 = icmp eq i64 %88, 0 %171 = or i1 %41, %170 %172 = or i1 %17, %171 br i1 %172, label %230, label %173, !prof !9 %174 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 64 br i1 %111, label %176, label %180, !prof !6, !misexpect !7 %177 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %178 = load i64, i64* %177, align 32 %179 = add i64 %178, %11 br label %180 %181 = phi i64 [ %179, %176 ], [ %11, %173 ] %182 = sub i64 %94, %181 br i1 %38, label %186, label %183 %184 = sdiv i64 %175, -2 %185 = add i64 %184, %175 br label %186 %187 = phi i64 [ %185, %183 ], [ %175, %180 ] br i1 %111, label %195, label %188, !prof !6, !misexpect !8 br i1 %43, label %192, label %189 %193 = sdiv i64 %187, -4 %194 = add i64 %193, %187 br label %195 %196 = phi i64 [ %191, %189 ], [ %194, %192 ], [ %187, %186 ] %197 = add i64 %196, %135 %198 = icmp sgt i64 %182, %197 br i1 %198, label %199, label %230 br i1 %8, label %254, label %200 br i1 %12, label %201, label %230 %202 = phi i64 [ %222, %221 ], [ %13, %200 ] %203 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 1 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %221, label %206 %207 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 0 %208 = getelementptr inbounds %struct.list_head, %struct.list_head* %207, i64 0, i32 0 %209 = load volatile %struct.list_head*, %struct.list_head** %208, align 8 %210 = icmp eq %struct.list_head* %209, %207 br i1 %210, label %211, label %254 %212 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 1 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %212, i64 0, i32 0 %214 = load volatile %struct.list_head*, %struct.list_head** %213, align 8 %215 = icmp eq %struct.list_head* %214, %212 br i1 %215, label %224, label %254 %225 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 2 %226 = getelementptr inbounds %struct.list_head, %struct.list_head* %225, i64 0, i32 0 %227 = load volatile %struct.list_head*, %struct.list_head** %226, align 8 %228 = icmp eq %struct.list_head* %227, %225 br i1 %228, label %229, label %254 br i1 %111, label %221, label %216 %222 = add nsw i64 %202, 1 %223 = icmp eq i64 %222, 11 br i1 %223, label %230, label %201 br i1 %45, label %231, label %254 %232 = load i32, i32* @node_reclaim_mode, align 4 %233 = and i32 %232, 7 %234 = icmp eq i32 %233, 0 br i1 %234, label %399, label %235 %236 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %237 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %236, i64 0, i32 0 %238 = load %struct.zone.136180*, %struct.zone.136180** %237, align 8 %239 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %238, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 4 %242 = load i32, i32* %241, align 8 %243 = tail call i32 @__node_distance(i32 %240, i32 %242) #78 %244 = load i32, i32* @node_reclaim_distance, align 4 %245 = icmp sgt i32 %243, %244 br i1 %245, label %399, label %246 %247 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 5 %248 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %247, align 16 %249 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.136176*, i32, i32)*)(%struct.pglist_data.136176* %248, i32 %0, i32 %1) #78 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #78 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #79 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %11 = icmp ugt i64 %6, 32 %12 = select i1 %11, i64 %6, i64 32 %13 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %14 = bitcast %struct.cpumask** %13 to i8* store i64 %12, i64* %10, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #78 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %91 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %92 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #79 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %560, %679 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #78 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #78 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #78 %157 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #78 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #78 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #78 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #78 %217 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %218 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %693, label %688 %689 = load i64, i64* %71, align 16 %690 = load i64, i64* %72, align 8 %691 = add i64 %689, %226 %692 = add i64 %691, %690 br label %693 %694 = phi i64 [ %692, %688 ], [ %226, %225 ] %695 = load volatile i64, i64* %73, align 8 %696 = icmp eq i64 %695, 0 br i1 %696, label %702, label %697 %698 = load i64, i64* %74, align 16 %699 = load i64, i64* %75, align 8 %700 = add i64 %698, %694 %701 = add i64 %700, %699 br label %702 %703 = phi i64 [ %701, %697 ], [ %694, %693 ] %704 = load volatile i64, i64* %76, align 8 %705 = icmp eq i64 %704, 0 br i1 %705, label %711, label %706 %707 = load i64, i64* %77, align 16 %708 = load i64, i64* %78, align 8 %709 = add i64 %707, %703 %710 = add i64 %709, %708 br label %711 %712 = phi i64 [ %710, %706 ], [ %703, %702 ] %713 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #78 %714 = add i64 %217, %216 %715 = add i64 %714, %218 %716 = icmp ule i64 %715, %712 %717 = load i16, i16* %22, align 8 %718 = and i16 %717, 1 %719 = icmp eq i16 %718, 0 %720 = and i1 %716, %719 br i1 %720, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %711 ] %238 = and i16 %717, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #78 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #78 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %291 = phi i64 [ %283, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %721 %722 = load volatile i64, i64* %84, align 8 %723 = icmp eq i64 %722, 0 br i1 %723, label %729, label %724 %725 = load volatile i64, i64* %86, align 8 %726 = icmp sgt i64 %725, 0 %727 = select i1 %726, i64 %725, i64 0 %728 = add nuw i64 %727, %313 br label %729 %730 = phi i64 [ %728, %724 ], [ %313, %721 ] %731 = icmp eq i32 %301, 2 br i1 %731, label %315, label %732 %733 = load volatile i64, i64* %88, align 8 %734 = icmp eq i64 %733, 0 br i1 %734, label %740, label %735 %736 = load volatile i64, i64* %90, align 8 %737 = icmp sgt i64 %736, 0 %738 = select i1 %737, i64 %736, i64 0 %739 = add i64 %738, %730 br label %740 %741 = phi i64 [ %739, %735 ], [ %730, %732 ] %742 = icmp eq i32 %301, 3 br i1 %742, label %315, label %743 %744 = load volatile i64, i64* %92, align 8 %745 = icmp eq i64 %744, 0 br i1 %745, label %315, label %746 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %730, %729 ], [ %741, %740 ], [ %750, %746 ], [ %741, %743 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %453, label %463 %454 = load volatile i64, i64* %96, align 8 %455 = icmp eq i64 %454, 0 br i1 %455, label %460, label %456 %457 = load volatile i64, i64* %98, align 8 %458 = icmp sgt i64 %457, 0 %459 = select i1 %458, i64 %457, i64 0 br label %460 %461 = phi i64 [ %459, %456 ], [ 0, %453 ] %462 = icmp eq i32 %300, 0 br i1 %462, label %463, label %751 %752 = load volatile i64, i64* %100, align 8 %753 = icmp eq i64 %752, 0 br i1 %753, label %759, label %754 %755 = load volatile i64, i64* %102, align 8 %756 = icmp sgt i64 %755, 0 %757 = select i1 %756, i64 %755, i64 0 %758 = add nuw i64 %757, %461 br label %759 %760 = phi i64 [ %758, %754 ], [ %461, %751 ] %761 = icmp eq i32 %301, 2 br i1 %761, label %463, label %762 %763 = load volatile i64, i64* %104, align 8 %764 = icmp eq i64 %763, 0 br i1 %764, label %770, label %765 %766 = load volatile i64, i64* %106, align 8 %767 = icmp sgt i64 %766, 0 %768 = select i1 %767, i64 %766, i64 0 %769 = add i64 %768, %760 br label %770 %771 = phi i64 [ %769, %765 ], [ %760, %762 ] %772 = icmp eq i32 %301, 3 br i1 %772, label %463, label %773 %774 = load volatile i64, i64* %108, align 8 %775 = icmp eq i64 %774, 0 br i1 %775, label %463, label %776 %464 = phi i64 [ 0, %324 ], [ %461, %460 ], [ %760, %759 ], [ %771, %770 ], [ %780, %776 ], [ %771, %773 ] %465 = lshr i64 %464, %304 switch i32 %294, label %323 [ i32 0, label %471 i32 1, label %468 i32 3, label %466 i32 2, label %466 ] %469 = mul i64 %465, %291 %470 = udiv i64 %469, %295 br label %471 %472 = phi i64 [ %470, %468 ], [ %465, %463 ], [ %467, %466 ] store i64 %472, i64* %38, align 8 br i1 %298, label %473, label %483 %474 = load volatile i64, i64* %112, align 8 %475 = icmp eq i64 %474, 0 br i1 %475, label %480, label %476 %477 = load volatile i64, i64* %114, align 8 %478 = icmp sgt i64 %477, 0 %479 = select i1 %478, i64 %477, i64 0 br label %480 %481 = phi i64 [ %479, %476 ], [ 0, %473 ] %482 = icmp eq i32 %300, 0 br i1 %482, label %483, label %781 %782 = load volatile i64, i64* %116, align 8 %783 = icmp eq i64 %782, 0 br i1 %783, label %789, label %784 %785 = load volatile i64, i64* %118, align 8 %786 = icmp sgt i64 %785, 0 %787 = select i1 %786, i64 %785, i64 0 %788 = add nuw i64 %787, %481 br label %789 %790 = phi i64 [ %788, %784 ], [ %481, %781 ] %791 = icmp eq i32 %301, 2 br i1 %791, label %483, label %792 %793 = load volatile i64, i64* %120, align 8 %794 = icmp eq i64 %793, 0 br i1 %794, label %800, label %795 %796 = load volatile i64, i64* %122, align 8 %797 = icmp sgt i64 %796, 0 %798 = select i1 %797, i64 %796, i64 0 %799 = add i64 %798, %790 br label %800 %801 = phi i64 [ %799, %795 ], [ %790, %792 ] %802 = icmp eq i32 %301, 3 br i1 %802, label %483, label %803 %804 = load volatile i64, i64* %124, align 8 %805 = icmp eq i64 %804, 0 br i1 %805, label %483, label %806 %484 = phi i64 [ 0, %471 ], [ %481, %480 ], [ %790, %789 ], [ %801, %800 ], [ %810, %806 ], [ %801, %803 ] %485 = lshr i64 %484, %304 switch i32 %294, label %323 [ i32 0, label %491 i32 1, label %488 i32 3, label %486 i32 2, label %486 ] %489 = mul i64 %485, %290 %490 = udiv i64 %489, %295 br label %491 %492 = phi i64 [ %490, %488 ], [ %485, %483 ], [ %487, %486 ] store i64 %492, i64* %39, align 16 br i1 %298, label %493, label %503 %494 = load volatile i64, i64* %128, align 8 %495 = icmp eq i64 %494, 0 br i1 %495, label %500, label %496 %497 = load volatile i64, i64* %130, align 8 %498 = icmp sgt i64 %497, 0 %499 = select i1 %498, i64 %497, i64 0 br label %500 %501 = phi i64 [ %499, %496 ], [ 0, %493 ] %502 = icmp eq i32 %300, 0 br i1 %502, label %503, label %811 %812 = load volatile i64, i64* %132, align 8 %813 = icmp eq i64 %812, 0 br i1 %813, label %819, label %814 %815 = load volatile i64, i64* %134, align 8 %816 = icmp sgt i64 %815, 0 %817 = select i1 %816, i64 %815, i64 0 %818 = add nuw i64 %817, %501 br label %819 %820 = phi i64 [ %818, %814 ], [ %501, %811 ] %821 = icmp eq i32 %301, 2 br i1 %821, label %503, label %822 %823 = load volatile i64, i64* %136, align 8 %824 = icmp eq i64 %823, 0 br i1 %824, label %830, label %825 %826 = load volatile i64, i64* %138, align 8 %827 = icmp sgt i64 %826, 0 %828 = select i1 %827, i64 %826, i64 0 %829 = add i64 %828, %820 br label %830 %831 = phi i64 [ %829, %825 ], [ %820, %822 ] %832 = icmp eq i32 %301, 3 br i1 %832, label %503, label %833 %834 = load volatile i64, i64* %140, align 8 %835 = icmp eq i64 %834, 0 br i1 %835, label %503, label %836 %504 = phi i64 [ 0, %491 ], [ %501, %500 ], [ %820, %819 ], [ %831, %830 ], [ %840, %836 ], [ %831, %833 ] %505 = lshr i64 %504, %304 switch i32 %294, label %323 [ i32 0, label %511 i32 1, label %508 i32 3, label %506 i32 2, label %506 ] %509 = mul i64 %505, %290 %510 = udiv i64 %509, %295 br label %511 %512 = phi i64 [ %510, %508 ], [ %505, %503 ], [ %507, %506 ] store i64 %512, i64* %40, align 8 %513 = load i32, i32* %42, align 4 %514 = and i32 %513, 131072 %515 = icmp eq i32 %514, 0 %516 = icmp eq i8 %302, 12 %517 = and i1 %516, %515 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #78 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %492, %325 %527 = or i64 %526, %512 %528 = icmp eq i64 %527, 0 br i1 %528, label %421, label %326 %327 = phi i64 [ %365, %364 ], [ %325, %511 ] %328 = phi i64 [ %366, %364 ], [ 0, %511 ] %329 = phi i64 [ %358, %364 ], [ 0, %511 ] %330 = icmp eq i64 %327, 0 br i1 %330, label %357, label %331 %332 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %328 %333 = icmp ult i64 %327, 32 %334 = select i1 %333, i64 %327, i64 32 %335 = sub i64 %327, %334 store i64 %335, i64* %332, align 8 %336 = trunc i64 %328 to i32 %337 = and i32 %336, 2147483645 %338 = icmp eq i32 %337, 1 br i1 %338, label %339, label %352 %353 = call fastcc i64 @shrink_inactive_list(i64 %334, %struct.lruvec* %11, %struct.scan_control* %1, i32 %336) #78 br label %354 %355 = phi i64 [ %353, %352 ], [ 0, %350 ], [ 0, %349 ] %356 = add i64 %355, %329 br label %357 %358 = phi i64 [ %356, %354 ], [ %329, %326 ] %359 = add nuw nsw i64 %328, 1 %360 = icmp eq i64 %359, 4 br i1 %360, label %367, label %361 %368 = call i32 @__cond_resched() #78 %369 = icmp ult i64 %358, %241 %370 = or i1 %517, %369 br i1 %370, label %414, label %371 %372 = load i64, i64* %39, align 16 %373 = load i64, i64* %40, align 8 %374 = add i64 %373, %372 %375 = load i64, i64* %33, align 16 %376 = load i64, i64* %38, align 8 %377 = add i64 %376, %375 %378 = icmp ne i64 %374, 0 %379 = icmp ne i64 %377, 0 %380 = and i1 %378, %379 br i1 %380, label %381, label %421 %382 = icmp ugt i64 %374, %377 %383 = select i1 %382, i64 %377, i64 %374 %384 = select i1 %382, i64 %525, i64 %521 %385 = select i1 %382, i32 2, i32 0 %386 = select i1 %382, i32 0, i32 2 %387 = mul i64 %383, 100 %388 = udiv i64 %387, %384 %389 = zext i32 %386 to i64 %390 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %389 store i64 0, i64* %390, align 16 %391 = or i32 %386, 1 %392 = zext i32 %391 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 8 %394 = zext i32 %385 to i64 %395 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %394 %396 = load i64, i64* %395, align 16 %397 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %394 %398 = load i64, i64* %397, align 16 %399 = sub i64 %396, %398 %400 = sub i64 100, %388 %401 = mul i64 %396, %400 %402 = udiv i64 %401, 100 store i64 %403, i64* %397, align 16 %404 = or i32 %385, 1 %405 = zext i32 %404 to i64 %406 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %405 %407 = load i64, i64* %406, align 8 %408 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %405 %409 = load i64, i64* %408, align 8 %410 = sub i64 %407, %409 %411 = mul i64 %407, %400 %412 = udiv i64 %411, 100 store i64 %413, i64* %408, align 8 br label %414 %415 = load i64, i64* %33, align 16 %416 = load i64, i64* %40, align 8 %417 = load i64, i64* %39, align 16 %418 = or i64 %416, %415 %419 = or i64 %418, %417 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %364 %422 = phi i64 [ 0, %511 ], [ %358, %371 ], [ %358, %414 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 allocate_slab 12 ___slab_alloc 13 kmem_cache_alloc_node 14 create_task_io_context 15 submit_bio_checks 16 __submit_bio 17 submit_bio_noacct 18 __blk_queue_split 19 blk_queue_split 20 dm_submit_bio ------------- Path:  Function:dm_submit_bio %2 = alloca %struct.bio.705679*, align 8 store %struct.bio.705679* %0, %struct.bio.705679** %2, align 8 %3 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 1 %4 = load %struct.block_device.705676*, %struct.block_device.705676** %3, align 8 %5 = getelementptr inbounds %struct.block_device.705676, %struct.block_device.705676* %4, i64 0, i32 16 %6 = load %struct.gendisk.705501*, %struct.gendisk.705501** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.705501, %struct.gendisk.705501* %6, i64 0, i32 10 %8 = bitcast i8** %7 to %struct.mapped_device** %9 = load %struct.mapped_device*, %struct.mapped_device** %8, align 8 %10 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 39 %11 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %10) #78 %12 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 3 %13 = load volatile i8*, i8** %12, align 8 %14 = bitcast i8* %13 to %struct.dm_table* %15 = getelementptr inbounds %struct.mapped_device, %struct.mapped_device* %9, i64 0, i32 4 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 1 %18 = icmp ne i64 %17, 0 %19 = icmp eq i8* %13, null %20 = or i1 %19, %18 %21 = getelementptr inbounds %struct.bio.705679, %struct.bio.705679* %0, i64 0, i32 2 %22 = load i32, i32* %21, align 8 br i1 %20, label %23, label %51, !prof !4, !misexpect !5 %52 = trunc i32 %22 to i8 switch i8 %52, label %55 [ i8 3, label %53 i8 5, label %53 i8 7, label %53 i8 9, label %53 ] call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.705679**)*)(%struct.bio.705679** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.296195* %0) #79 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = tail call i32 @__cond_resched() #78 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.296233* %12 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 4096 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 123 %178 = load %struct.io_context.296155*, %struct.io_context.296155** %177, align 8 %179 = icmp eq %struct.io_context.296155* %178, null br i1 %179, label %180, label %185, !prof !14, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295774*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.296233*, i32, i32)*)(%struct.task_struct.296233* %11, i32 2592, i32 %182) #78 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %270, label %268, !prof !5, !misexpect !6 %269 = call i32 @kmalloc_fix_flags(i32 %1) #78 br label %270 %271 = phi i32 [ %269, %268 ], [ %1, %267 ] %272 = load void (i8*)*, void (i8*)** %16, align 8 %273 = icmp ne void (i8*)* %272, null %274 = and i32 %271, 256 %275 = icmp ne i32 %274, 0 %276 = and i1 %273, %275 br i1 %276, label %277, label %278, !prof !29, !misexpect !6 %279 = and i32 %271, 3927776 %280 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %279, i32 %203) #78 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %31 = tail call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %25, i32 %15, i32 %2, %struct.cpumask* null) #78 %32 = icmp eq %struct.page* %31, null br i1 %32, label %38, label %49, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %40 = load i32, i32* %39, align 8 %41 = lshr i32 %40, 16 %42 = tail call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %10, i32 %41, i32 %2, %struct.cpumask* null) #78 Function:__alloc_pages %5 = alloca %struct.alloc_context.136342, align 8 %6 = bitcast %struct.alloc_context.136342* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136212** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136212**)) #11, !srcloc !7 %16 = inttoptr i64 %15 to %struct.task_struct.136212* %17 = getelementptr inbounds %struct.task_struct.136212, %struct.task_struct.136212* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !8, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.136176*], [0 x %struct.pglist_data.136176*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.136176*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 0 store %struct.zonelist.136172* %50, %struct.zonelist.136172** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !8 %58 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !9 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #78 br label %76 %77 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.136172, %struct.zonelist.136172* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !8 %84 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !11 %90 = phi %struct.zoneref.136171* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 2 store %struct.zoneref.136171* %90, %struct.zoneref.136171** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %90, i64 0, i32 0 %93 = load %struct.zone.136180*, %struct.zone.136180** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.136180* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.136327* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.136342* nonnull %5) #79 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 1 br label %20 %21 = phi i32 [ %2, %4 ], [ %420, %418 ] %22 = phi %struct.pglist_data.136176* [ null, %4 ], [ %419, %418 ] %23 = and i32 %21, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %25, i64 0, i32 0 %27 = load %struct.zone.136180*, %struct.zone.136180** %26, align 8 %28 = icmp eq %struct.zone.136180* %27, null br i1 %28, label %416, label %29 %30 = and i32 %21, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %21, 3 %33 = zext i32 %32 to i64 %34 = and i32 %21, 24 %35 = and i32 %21, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %21, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %21, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %21, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %21, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.136180* [ %414, %411 ], [ %27, %29 ] %48 = phi %struct.pglist_data.136176* [ %400, %411 ], [ %22, %29 ] %49 = phi %struct.zoneref.136171* [ %412, %411 ], [ %25, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %74, i64 0, i32 0 %76 = load %struct.zone.136180*, %struct.zone.136180** %75, align 8 %77 = icmp eq %struct.zone.136180* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %109 %110 = phi i32 [ %35, %99 ], [ %34, %84 ] %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %116, !prof !6, !misexpect !7 %113 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %114 = load i64, i64* %113, align 32 %115 = add i64 %114, %11 br label %116 %117 = phi i64 [ %115, %112 ], [ %11, %109 ] %118 = sub i64 %94, %117 br i1 %38, label %122, label %119 %120 = sdiv i64 %89, -2 %121 = add i64 %120, %89 br label %122 %123 = phi i64 [ %121, %119 ], [ %89, %116 ] br i1 %111, label %131, label %124, !prof !6, !misexpect !8 br i1 %40, label %128, label %125 %129 = sdiv i64 %123, -4 %130 = add i64 %129, %123 br label %131 %132 = phi i64 [ %127, %125 ], [ %130, %128 ], [ %123, %122 ] %133 = sext i32 %90 to i64 %134 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 3, i64 %133 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %132 %137 = icmp sgt i64 %118, %136 br i1 %137, label %138, label %169 br i1 %8, label %254, label %139 br i1 %12, label %140, label %230 %141 = phi i64 [ %161, %160 ], [ %13, %139 ] %142 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 1 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %160, label %145 %146 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 0 %147 = getelementptr inbounds %struct.list_head, %struct.list_head* %146, i64 0, i32 0 %148 = load volatile %struct.list_head*, %struct.list_head** %147, align 8 %149 = icmp eq %struct.list_head* %148, %146 br i1 %149, label %150, label %254 %151 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 1 %152 = getelementptr inbounds %struct.list_head, %struct.list_head* %151, i64 0, i32 0 %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %163, label %254 %164 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 2 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 0 %166 = load volatile %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %164 br i1 %167, label %168, label %254 br i1 %111, label %160, label %155 %161 = add nsw i64 %141, 1 %162 = icmp eq i64 %161, 11 br i1 %162, label %169, label %140 %170 = icmp eq i64 %88, 0 %171 = or i1 %41, %170 %172 = or i1 %17, %171 br i1 %172, label %230, label %173, !prof !9 %174 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 64 br i1 %111, label %176, label %180, !prof !6, !misexpect !7 %177 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %178 = load i64, i64* %177, align 32 %179 = add i64 %178, %11 br label %180 %181 = phi i64 [ %179, %176 ], [ %11, %173 ] %182 = sub i64 %94, %181 br i1 %38, label %186, label %183 %184 = sdiv i64 %175, -2 %185 = add i64 %184, %175 br label %186 %187 = phi i64 [ %185, %183 ], [ %175, %180 ] br i1 %111, label %195, label %188, !prof !6, !misexpect !8 br i1 %43, label %192, label %189 %193 = sdiv i64 %187, -4 %194 = add i64 %193, %187 br label %195 %196 = phi i64 [ %191, %189 ], [ %194, %192 ], [ %187, %186 ] %197 = add i64 %196, %135 %198 = icmp sgt i64 %182, %197 br i1 %198, label %199, label %230 br i1 %8, label %254, label %200 br i1 %12, label %201, label %230 %202 = phi i64 [ %222, %221 ], [ %13, %200 ] %203 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 1 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %221, label %206 %207 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 0 %208 = getelementptr inbounds %struct.list_head, %struct.list_head* %207, i64 0, i32 0 %209 = load volatile %struct.list_head*, %struct.list_head** %208, align 8 %210 = icmp eq %struct.list_head* %209, %207 br i1 %210, label %211, label %254 %212 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 1 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %212, i64 0, i32 0 %214 = load volatile %struct.list_head*, %struct.list_head** %213, align 8 %215 = icmp eq %struct.list_head* %214, %212 br i1 %215, label %224, label %254 %225 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 2 %226 = getelementptr inbounds %struct.list_head, %struct.list_head* %225, i64 0, i32 0 %227 = load volatile %struct.list_head*, %struct.list_head** %226, align 8 %228 = icmp eq %struct.list_head* %227, %225 br i1 %228, label %229, label %254 br i1 %111, label %221, label %216 %222 = add nsw i64 %202, 1 %223 = icmp eq i64 %222, 11 br i1 %223, label %230, label %201 br i1 %45, label %231, label %254 %232 = load i32, i32* @node_reclaim_mode, align 4 %233 = and i32 %232, 7 %234 = icmp eq i32 %233, 0 br i1 %234, label %399, label %235 %236 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %237 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %236, i64 0, i32 0 %238 = load %struct.zone.136180*, %struct.zone.136180** %237, align 8 %239 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %238, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 4 %242 = load i32, i32* %241, align 8 %243 = tail call i32 @__node_distance(i32 %240, i32 %242) #78 %244 = load i32, i32* @node_reclaim_distance, align 4 %245 = icmp sgt i32 %243, %244 br i1 %245, label %399, label %246 %247 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 5 %248 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %247, align 16 %249 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.136176*, i32, i32)*)(%struct.pglist_data.136176* %248, i32 %0, i32 %1) #78 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #78 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #79 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %11 = icmp ugt i64 %6, 32 %12 = select i1 %11, i64 %6, i64 32 %13 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %14 = bitcast %struct.cpumask** %13 to i8* store i64 %12, i64* %10, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #78 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %91 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %92 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #79 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %560, %679 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #78 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #78 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #78 %157 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #78 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #78 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #78 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #78 %217 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %218 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %693, label %688 %689 = load i64, i64* %71, align 16 %690 = load i64, i64* %72, align 8 %691 = add i64 %689, %226 %692 = add i64 %691, %690 br label %693 %694 = phi i64 [ %692, %688 ], [ %226, %225 ] %695 = load volatile i64, i64* %73, align 8 %696 = icmp eq i64 %695, 0 br i1 %696, label %702, label %697 %698 = load i64, i64* %74, align 16 %699 = load i64, i64* %75, align 8 %700 = add i64 %698, %694 %701 = add i64 %700, %699 br label %702 %703 = phi i64 [ %701, %697 ], [ %694, %693 ] %704 = load volatile i64, i64* %76, align 8 %705 = icmp eq i64 %704, 0 br i1 %705, label %711, label %706 %707 = load i64, i64* %77, align 16 %708 = load i64, i64* %78, align 8 %709 = add i64 %707, %703 %710 = add i64 %709, %708 br label %711 %712 = phi i64 [ %710, %706 ], [ %703, %702 ] %713 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #78 %714 = add i64 %217, %216 %715 = add i64 %714, %218 %716 = icmp ule i64 %715, %712 %717 = load i16, i16* %22, align 8 %718 = and i16 %717, 1 %719 = icmp eq i16 %718, 0 %720 = and i1 %716, %719 br i1 %720, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %711 ] %238 = and i16 %717, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #78 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #78 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %291 = phi i64 [ %283, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %721 %722 = load volatile i64, i64* %84, align 8 %723 = icmp eq i64 %722, 0 br i1 %723, label %729, label %724 %725 = load volatile i64, i64* %86, align 8 %726 = icmp sgt i64 %725, 0 %727 = select i1 %726, i64 %725, i64 0 %728 = add nuw i64 %727, %313 br label %729 %730 = phi i64 [ %728, %724 ], [ %313, %721 ] %731 = icmp eq i32 %301, 2 br i1 %731, label %315, label %732 %733 = load volatile i64, i64* %88, align 8 %734 = icmp eq i64 %733, 0 br i1 %734, label %740, label %735 %736 = load volatile i64, i64* %90, align 8 %737 = icmp sgt i64 %736, 0 %738 = select i1 %737, i64 %736, i64 0 %739 = add i64 %738, %730 br label %740 %741 = phi i64 [ %739, %735 ], [ %730, %732 ] %742 = icmp eq i32 %301, 3 br i1 %742, label %315, label %743 %744 = load volatile i64, i64* %92, align 8 %745 = icmp eq i64 %744, 0 br i1 %745, label %315, label %746 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %730, %729 ], [ %741, %740 ], [ %750, %746 ], [ %741, %743 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %453, label %463 %454 = load volatile i64, i64* %96, align 8 %455 = icmp eq i64 %454, 0 br i1 %455, label %460, label %456 %457 = load volatile i64, i64* %98, align 8 %458 = icmp sgt i64 %457, 0 %459 = select i1 %458, i64 %457, i64 0 br label %460 %461 = phi i64 [ %459, %456 ], [ 0, %453 ] %462 = icmp eq i32 %300, 0 br i1 %462, label %463, label %751 %752 = load volatile i64, i64* %100, align 8 %753 = icmp eq i64 %752, 0 br i1 %753, label %759, label %754 %755 = load volatile i64, i64* %102, align 8 %756 = icmp sgt i64 %755, 0 %757 = select i1 %756, i64 %755, i64 0 %758 = add nuw i64 %757, %461 br label %759 %760 = phi i64 [ %758, %754 ], [ %461, %751 ] %761 = icmp eq i32 %301, 2 br i1 %761, label %463, label %762 %763 = load volatile i64, i64* %104, align 8 %764 = icmp eq i64 %763, 0 br i1 %764, label %770, label %765 %766 = load volatile i64, i64* %106, align 8 %767 = icmp sgt i64 %766, 0 %768 = select i1 %767, i64 %766, i64 0 %769 = add i64 %768, %760 br label %770 %771 = phi i64 [ %769, %765 ], [ %760, %762 ] %772 = icmp eq i32 %301, 3 br i1 %772, label %463, label %773 %774 = load volatile i64, i64* %108, align 8 %775 = icmp eq i64 %774, 0 br i1 %775, label %463, label %776 %464 = phi i64 [ 0, %324 ], [ %461, %460 ], [ %760, %759 ], [ %771, %770 ], [ %780, %776 ], [ %771, %773 ] %465 = lshr i64 %464, %304 switch i32 %294, label %323 [ i32 0, label %471 i32 1, label %468 i32 3, label %466 i32 2, label %466 ] %469 = mul i64 %465, %291 %470 = udiv i64 %469, %295 br label %471 %472 = phi i64 [ %470, %468 ], [ %465, %463 ], [ %467, %466 ] store i64 %472, i64* %38, align 8 br i1 %298, label %473, label %483 %474 = load volatile i64, i64* %112, align 8 %475 = icmp eq i64 %474, 0 br i1 %475, label %480, label %476 %477 = load volatile i64, i64* %114, align 8 %478 = icmp sgt i64 %477, 0 %479 = select i1 %478, i64 %477, i64 0 br label %480 %481 = phi i64 [ %479, %476 ], [ 0, %473 ] %482 = icmp eq i32 %300, 0 br i1 %482, label %483, label %781 %782 = load volatile i64, i64* %116, align 8 %783 = icmp eq i64 %782, 0 br i1 %783, label %789, label %784 %785 = load volatile i64, i64* %118, align 8 %786 = icmp sgt i64 %785, 0 %787 = select i1 %786, i64 %785, i64 0 %788 = add nuw i64 %787, %481 br label %789 %790 = phi i64 [ %788, %784 ], [ %481, %781 ] %791 = icmp eq i32 %301, 2 br i1 %791, label %483, label %792 %793 = load volatile i64, i64* %120, align 8 %794 = icmp eq i64 %793, 0 br i1 %794, label %800, label %795 %796 = load volatile i64, i64* %122, align 8 %797 = icmp sgt i64 %796, 0 %798 = select i1 %797, i64 %796, i64 0 %799 = add i64 %798, %790 br label %800 %801 = phi i64 [ %799, %795 ], [ %790, %792 ] %802 = icmp eq i32 %301, 3 br i1 %802, label %483, label %803 %804 = load volatile i64, i64* %124, align 8 %805 = icmp eq i64 %804, 0 br i1 %805, label %483, label %806 %484 = phi i64 [ 0, %471 ], [ %481, %480 ], [ %790, %789 ], [ %801, %800 ], [ %810, %806 ], [ %801, %803 ] %485 = lshr i64 %484, %304 switch i32 %294, label %323 [ i32 0, label %491 i32 1, label %488 i32 3, label %486 i32 2, label %486 ] %489 = mul i64 %485, %290 %490 = udiv i64 %489, %295 br label %491 %492 = phi i64 [ %490, %488 ], [ %485, %483 ], [ %487, %486 ] store i64 %492, i64* %39, align 16 br i1 %298, label %493, label %503 %494 = load volatile i64, i64* %128, align 8 %495 = icmp eq i64 %494, 0 br i1 %495, label %500, label %496 %497 = load volatile i64, i64* %130, align 8 %498 = icmp sgt i64 %497, 0 %499 = select i1 %498, i64 %497, i64 0 br label %500 %501 = phi i64 [ %499, %496 ], [ 0, %493 ] %502 = icmp eq i32 %300, 0 br i1 %502, label %503, label %811 %812 = load volatile i64, i64* %132, align 8 %813 = icmp eq i64 %812, 0 br i1 %813, label %819, label %814 %815 = load volatile i64, i64* %134, align 8 %816 = icmp sgt i64 %815, 0 %817 = select i1 %816, i64 %815, i64 0 %818 = add nuw i64 %817, %501 br label %819 %820 = phi i64 [ %818, %814 ], [ %501, %811 ] %821 = icmp eq i32 %301, 2 br i1 %821, label %503, label %822 %823 = load volatile i64, i64* %136, align 8 %824 = icmp eq i64 %823, 0 br i1 %824, label %830, label %825 %826 = load volatile i64, i64* %138, align 8 %827 = icmp sgt i64 %826, 0 %828 = select i1 %827, i64 %826, i64 0 %829 = add i64 %828, %820 br label %830 %831 = phi i64 [ %829, %825 ], [ %820, %822 ] %832 = icmp eq i32 %301, 3 br i1 %832, label %503, label %833 %834 = load volatile i64, i64* %140, align 8 %835 = icmp eq i64 %834, 0 br i1 %835, label %503, label %836 %504 = phi i64 [ 0, %491 ], [ %501, %500 ], [ %820, %819 ], [ %831, %830 ], [ %840, %836 ], [ %831, %833 ] %505 = lshr i64 %504, %304 switch i32 %294, label %323 [ i32 0, label %511 i32 1, label %508 i32 3, label %506 i32 2, label %506 ] %509 = mul i64 %505, %290 %510 = udiv i64 %509, %295 br label %511 %512 = phi i64 [ %510, %508 ], [ %505, %503 ], [ %507, %506 ] store i64 %512, i64* %40, align 8 %513 = load i32, i32* %42, align 4 %514 = and i32 %513, 131072 %515 = icmp eq i32 %514, 0 %516 = icmp eq i8 %302, 12 %517 = and i1 %516, %515 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #78 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %492, %325 %527 = or i64 %526, %512 %528 = icmp eq i64 %527, 0 br i1 %528, label %421, label %326 %327 = phi i64 [ %365, %364 ], [ %325, %511 ] %328 = phi i64 [ %366, %364 ], [ 0, %511 ] %329 = phi i64 [ %358, %364 ], [ 0, %511 ] %330 = icmp eq i64 %327, 0 br i1 %330, label %357, label %331 %332 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %328 %333 = icmp ult i64 %327, 32 %334 = select i1 %333, i64 %327, i64 32 %335 = sub i64 %327, %334 store i64 %335, i64* %332, align 8 %336 = trunc i64 %328 to i32 %337 = and i32 %336, 2147483645 %338 = icmp eq i32 %337, 1 br i1 %338, label %339, label %352 %353 = call fastcc i64 @shrink_inactive_list(i64 %334, %struct.lruvec* %11, %struct.scan_control* %1, i32 %336) #78 br label %354 %355 = phi i64 [ %353, %352 ], [ 0, %350 ], [ 0, %349 ] %356 = add i64 %355, %329 br label %357 %358 = phi i64 [ %356, %354 ], [ %329, %326 ] %359 = add nuw nsw i64 %328, 1 %360 = icmp eq i64 %359, 4 br i1 %360, label %367, label %361 %368 = call i32 @__cond_resched() #78 %369 = icmp ult i64 %358, %241 %370 = or i1 %517, %369 br i1 %370, label %414, label %371 %372 = load i64, i64* %39, align 16 %373 = load i64, i64* %40, align 8 %374 = add i64 %373, %372 %375 = load i64, i64* %33, align 16 %376 = load i64, i64* %38, align 8 %377 = add i64 %376, %375 %378 = icmp ne i64 %374, 0 %379 = icmp ne i64 %377, 0 %380 = and i1 %378, %379 br i1 %380, label %381, label %421 %382 = icmp ugt i64 %374, %377 %383 = select i1 %382, i64 %377, i64 %374 %384 = select i1 %382, i64 %525, i64 %521 %385 = select i1 %382, i32 2, i32 0 %386 = select i1 %382, i32 0, i32 2 %387 = mul i64 %383, 100 %388 = udiv i64 %387, %384 %389 = zext i32 %386 to i64 %390 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %389 store i64 0, i64* %390, align 16 %391 = or i32 %386, 1 %392 = zext i32 %391 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 8 %394 = zext i32 %385 to i64 %395 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %394 %396 = load i64, i64* %395, align 16 %397 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %394 %398 = load i64, i64* %397, align 16 %399 = sub i64 %396, %398 %400 = sub i64 100, %388 %401 = mul i64 %396, %400 %402 = udiv i64 %401, 100 store i64 %403, i64* %397, align 16 %404 = or i32 %385, 1 %405 = zext i32 %404 to i64 %406 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %405 %407 = load i64, i64* %406, align 8 %408 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %405 %409 = load i64, i64* %408, align 8 %410 = sub i64 %407, %409 %411 = mul i64 %407, %400 %412 = udiv i64 %411, 100 store i64 %413, i64* %408, align 8 br label %414 %415 = load i64, i64* %33, align 16 %416 = load i64, i64* %40, align 8 %417 = load i64, i64* %39, align 16 %418 = or i64 %416, %415 %419 = or i64 %418, %417 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %364 %422 = phi i64 [ 0, %511 ], [ %358, %371 ], [ %358, %414 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 allocate_slab 12 ___slab_alloc 13 kmem_cache_alloc_node 14 create_task_io_context 15 submit_bio_checks 16 __submit_bio 17 submit_bio_noacct 18 __blk_queue_split 19 blk_queue_split 20 md_submit_bio ------------- Path:  Function:md_submit_bio %2 = alloca %struct.bio.296195*, align 8 store %struct.bio.296195* %0, %struct.bio.296195** %2, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp ne i32 %5, 0 %7 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %8 = load %struct.block_device.296192*, %struct.block_device.296192** %7, align 8 %9 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %8, i64 0, i32 16 %10 = load %struct.gendisk.296190*, %struct.gendisk.296190** %9, align 8 %11 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %10, i64 0, i32 10 %12 = bitcast i8** %11 to %struct.mddev** %13 = load %struct.mddev*, %struct.mddev** %12, align 8 %14 = icmp eq %struct.mddev* %13, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 1 %17 = load %struct.md_personality*, %struct.md_personality** %16, align 8 %18 = icmp eq %struct.md_personality* %17, null br i1 %18, label %19, label %21 %22 = getelementptr inbounds %struct.mddev, %struct.mddev* %13, i64 0, i32 5 %23 = load volatile i64, i64* %22, align 8 %24 = and i64 %23, 2048 %25 = icmp ne i64 %24, 0 %26 = and i1 %6, %25 br i1 %26, label %27, label %29 call void bitcast (void (%struct.bio.295430**)* @blk_queue_split to void (%struct.bio.296195**)*)(%struct.bio.296195** nonnull %2) #78 Function:blk_queue_split %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 call void @__blk_queue_split(%struct.bio.295430** %0, i32* nonnull %2) #78 Function:__blk_queue_split %3 = alloca %struct.bio_vec.295429, align 8 %4 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %5 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 1 %6 = load %struct.block_device.295427*, %struct.block_device.295427** %5, align 8 %7 = getelementptr inbounds %struct.block_device.295427, %struct.block_device.295427* %6, i64 0, i32 16 %8 = load %struct.gendisk.295256*, %struct.gendisk.295256** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.295256, %struct.gendisk.295256* %8, i64 0, i32 9 %10 = load %struct.request_queue.295280*, %struct.request_queue.295280** %9, align 8 %11 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 2 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i8 switch i8 %13, label %85 [ i8 3, label %14 i8 5, label %14 i8 9, label %61 i8 7, label %73 ] %74 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 52 store i32 1, i32* %1, align 4 %75 = getelementptr inbounds %struct.request_queue.295280, %struct.request_queue.295280* %10, i64 0, i32 33, i32 15 %76 = load i32, i32* %75, align 8 %77 = icmp eq i32 %76, 0 br i1 %77, label %344, label %78 %79 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %4, i64 0, i32 8, i32 1 %80 = load i32, i32* %79, align 8 %81 = lshr i32 %80, 9 %82 = icmp ugt i32 %81, %76 br i1 %82, label %83, label %344 %84 = tail call %struct.bio.295430* @bio_split(%struct.bio.295430* %4, i32 %76, i32 3072, %struct.bio_set.295434* %74) #78 br label %315 %316 = phi %struct.bio.295430* [ %312, %306 ], [ %60, %43 ], [ %72, %71 ], [ %84, %83 ] %317 = icmp eq %struct.bio.295430* %316, null br i1 %317, label %344, label %318 %319 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %316, i64 0, i32 2 %320 = load i32, i32* %319, align 8 %321 = or i32 %320, 16384 store i32 %321, i32* %319, align 8 %322 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 call void @bio_chain(%struct.bio.295430* nonnull %316, %struct.bio.295430* %322) #78 %323 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %324 = getelementptr inbounds %struct.bio.295430, %struct.bio.295430* %323, i64 0, i32 8, i32 0 %325 = load i64, i64* %324, align 8 %326 = trunc i64 %325 to i32 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_split to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__blk_queue_split, %327)) #6 to label %341 [label %327], !srcloc !9 %342 = load %struct.bio.295430*, %struct.bio.295430** %0, align 8 %343 = call i32 bitcast (i32 (%struct.bio.296195*)* @submit_bio_noacct to i32 (%struct.bio.295430*)*)(%struct.bio.295430* %342) #78 Function:submit_bio_noacct %2 = alloca [2 x %struct.bio_list.296196], align 16 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 119 %6 = load %struct.bio_list.296196*, %struct.bio_list.296196** %5, align 8 %7 = icmp eq %struct.bio_list.296196* %6, null br i1 %7, label %16, label %8 %17 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %18 = load %struct.block_device.296192*, %struct.block_device.296192** %17, align 8 %19 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %18, i64 0, i32 16 %20 = load %struct.gendisk.296190*, %struct.gendisk.296190** %19, align 8 %21 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %20, i64 0, i32 8 %22 = load %struct.block_device_operations.296131*, %struct.block_device_operations.296131** %21, align 8 %23 = getelementptr inbounds %struct.block_device_operations.296131, %struct.block_device_operations.296131* %22, i64 0, i32 0 %24 = load i32 (%struct.bio.296195*)*, i32 (%struct.bio.296195*)** %23, align 8 %25 = icmp eq i32 (%struct.bio.296195*)* %24, null %26 = bitcast [2 x %struct.bio_list.296196]* %2 to i8* br i1 %25, label %27, label %47 %48 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 0 %49 = load %struct.bio.296195*, %struct.bio.296195** %48, align 8 %50 = icmp eq %struct.bio.296195* %49, null br i1 %50, label %52, label %51, !prof !5, !misexpect !6 %53 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0 store %struct.bio_list.296196* %53, %struct.bio_list.296196** %5, align 8 %54 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1 %55 = bitcast %struct.bio_list.296196* %54 to i8* %56 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 0 %57 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 0, i32 1 %58 = bitcast %struct.bio.296195** %57 to i64* %59 = getelementptr inbounds %struct.bio_list.296196, %struct.bio_list.296196* %54, i64 0, i32 0 %60 = getelementptr inbounds [2 x %struct.bio_list.296196], [2 x %struct.bio_list.296196]* %2, i64 0, i64 1, i32 1 %61 = bitcast %struct.bio.296195** %60 to i64* br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 %74 = phi %struct.bio.296195* [ %112, %107 ], [ %71, %62 ] %75 = phi i64 [ %111, %107 ], [ 0, %62 ] %76 = phi %struct.bio.296195* [ %110, %107 ], [ null, %62 ] %77 = phi i64 [ %109, %107 ], [ 0, %62 ] %78 = phi %struct.bio.296195* [ %108, %107 ], [ null, %62 ] %79 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 0 %80 = load %struct.bio.296195*, %struct.bio.296195** %79, align 8 store %struct.bio.296195* %80, %struct.bio.296195** %56, align 16 %81 = icmp eq %struct.bio.296195* %80, null br i1 %81, label %82, label %83 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %83 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 %84 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %74, i64 0, i32 1 %85 = load %struct.block_device.296192*, %struct.block_device.296192** %84, align 8 %86 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %85, i64 0, i32 16 %87 = load %struct.gendisk.296190*, %struct.gendisk.296190** %86, align 8 %88 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %87, i64 0, i32 9 %89 = load %struct.request_queue.296182*, %struct.request_queue.296182** %88, align 8 %90 = icmp eq %struct.request_queue.296182* %69, %89 store %struct.bio.296195* null, %struct.bio.296195** %79, align 8 br i1 %90, label %91, label %99 %100 = icmp eq i64 %77, 0 br i1 %100, label %104, label %101 %102 = inttoptr i64 %77 to %struct.bio.296195* %103 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %102, i64 0, i32 0 store %struct.bio.296195* %74, %struct.bio.296195** %103, align 8 br label %104 %105 = phi %struct.bio.296195* [ %78, %101 ], [ %74, %99 ] %106 = ptrtoint %struct.bio.296195* %74 to i64 br label %107 %108 = phi %struct.bio.296195* [ %78, %96 ], [ %105, %104 ] %109 = phi i64 [ %77, %96 ], [ %106, %104 ] %110 = phi %struct.bio.296195* [ %97, %96 ], [ %76, %104 ] %111 = phi i64 [ %98, %96 ], [ %75, %104 ] %112 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %113 = icmp eq %struct.bio.296195* %112, null br i1 %113, label %114, label %73 %115 = icmp eq %struct.bio.296195* %108, null br i1 %115, label %123, label %116 %117 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %118 = icmp eq %struct.bio.296195* %117, null br i1 %118, label %121, label %119 store %struct.bio.296195* %108, %struct.bio.296195** %56, align 16 br label %122 store i64 %109, i64* %58, align 8 br label %123 %124 = icmp eq %struct.bio.296195* %110, null br i1 %124, label %132, label %125 %126 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %127 = icmp eq %struct.bio.296195* %126, null br i1 %127, label %130, label %128 store %struct.bio.296195* %110, %struct.bio.296195** %56, align 16 br label %131 store i64 %111, i64* %58, align 8 br label %132 %133 = load %struct.bio.296195*, %struct.bio.296195** %59, align 16 %134 = icmp eq %struct.bio.296195* %133, null br i1 %134, label %143, label %135 %136 = load %struct.bio.296195*, %struct.bio.296195** %57, align 8 %137 = icmp eq %struct.bio.296195* %136, null br i1 %137, label %140, label %138 store %struct.bio.296195* %133, %struct.bio.296195** %56, align 16 br label %141 %142 = load i64, i64* %61, align 8 store i64 %142, i64* %58, align 8 br label %143 %144 = load %struct.bio.296195*, %struct.bio.296195** %56, align 16 %145 = icmp eq %struct.bio.296195* %144, null br i1 %145, label %152, label %146 %147 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %144, i64 0, i32 0 %148 = load %struct.bio.296195*, %struct.bio.296195** %147, align 8 store %struct.bio.296195* %148, %struct.bio.296195** %56, align 16 %149 = icmp eq %struct.bio.296195* %148, null br i1 %149, label %150, label %151 store %struct.bio.296195* null, %struct.bio.296195** %57, align 8 br label %151 store %struct.bio.296195* null, %struct.bio.296195** %147, align 8 br label %62 %63 = phi %struct.bio.296195* [ %0, %52 ], [ %144, %151 ] %64 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %63, i64 0, i32 1 %65 = load %struct.block_device.296192*, %struct.block_device.296192** %64, align 8 %66 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %65, i64 0, i32 16 %67 = load %struct.gendisk.296190*, %struct.gendisk.296190** %66, align 8 %68 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %67, i64 0, i32 9 %69 = load %struct.request_queue.296182*, %struct.request_queue.296182** %68, align 8 %70 = call fastcc i32 @__submit_bio(%struct.bio.296195* %63) #78 Function:__submit_bio %2 = alloca %struct.wait_queue_entry, align 8 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 46 %11 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 18 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 12, i32 0 %13 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 12 %14 = bitcast %struct.wait_queue_entry* %2 to i8* %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 48 br label %16 %17 = call fastcc zeroext i1 @blk_try_enter_queue(%struct.request_queue.296182* %8, i1 zeroext false) #78 br i1 %17, label %72, label %18 %73 = call fastcc zeroext i1 @submit_bio_checks(%struct.bio.296195* %0) #79 Function:submit_bio_checks %2 = alloca [32 x i8], align 16 %3 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 1 %4 = load %struct.block_device.296192*, %struct.block_device.296192** %3, align 8 %5 = getelementptr inbounds %struct.block_device.296192, %struct.block_device.296192* %4, i64 0, i32 16 %6 = load %struct.gendisk.296190*, %struct.gendisk.296190** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %6, i64 0, i32 9 %8 = load %struct.request_queue.296182*, %struct.request_queue.296182** %7, align 8 %9 = tail call i32 @__cond_resched() #78 %10 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %11 = inttoptr i64 %10 to %struct.task_struct.296233* %12 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 120 %13 = load %struct.blk_plug*, %struct.blk_plug** %12, align 16 %14 = icmp eq %struct.blk_plug* %13, null br i1 %14, label %23, label %15 %16 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %13, i64 0, i32 4 %17 = load i8, i8* %16, align 1, !range !5 %18 = icmp eq i8 %17, 0 br i1 %18, label %23, label %19 %24 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 2 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 2097152 %27 = icmp eq i32 %26, 0 br i1 %27, label %33, label %28 %29 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %30 = load volatile i64, i64* %29, align 8 %31 = and i64 %30, 536870912 %32 = icmp eq i64 %31, 0 br i1 %32, label %207, label %33 %34 = and i32 %25, 1 %35 = icmp eq i32 %34, 0 br i1 %35, label %58, label %36 %59 = getelementptr inbounds %struct.bio.296195, %struct.bio.296195* %0, i64 0, i32 3 %60 = load i16, i16* %59, align 4 %61 = and i16 %60, 4096 %62 = icmp eq i16 %61, 0 br i1 %62, label %63, label %132 %133 = phi i16 [ %60, %58 ], [ %60, %99 ], [ %131, %129 ] %134 = load i32, i32* %24, align 8 %135 = and i32 %134, 393216 %136 = icmp eq i32 %135, 0 br i1 %136, label %147, label %137 %138 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %139 = load volatile i64, i64* %138, align 8 %140 = and i64 %139, 131072 %141 = icmp eq i64 %140, 0 br i1 %141, label %142, label %147 %148 = phi i32 [ %134, %137 ], [ %134, %132 ], [ %143, %142 ] %149 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 11 %150 = load volatile i64, i64* %149, align 8 %151 = and i64 %150, 65536 %152 = icmp eq i64 %151, 0 br i1 %152, label %153, label %156 %157 = phi i16 [ %133, %147 ], [ %154, %153 ] %158 = phi i32 [ %148, %147 ], [ %155, %153 ] %159 = trunc i32 %158 to i8 switch i8 %159, label %176 [ i8 3, label %160 i8 5, label %164 i8 7, label %168 i8 13, label %207 i8 15, label %207 i8 10, label %207 i8 11, label %207 i8 12, label %207 i8 17, label %207 i8 9, label %172 ] %161 = load volatile i64, i64* %149, align 8 %162 = and i64 %161, 256 %163 = icmp eq i64 %162, 0 br i1 %163, label %207, label %176 %177 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %11, i64 0, i32 123 %178 = load %struct.io_context.296155*, %struct.io_context.296155** %177, align 8 %179 = icmp eq %struct.io_context.296155* %178, null br i1 %179, label %180, label %185, !prof !14, !misexpect !7 %181 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %8, i64 0, i32 35 %182 = load i32, i32* %181, align 4 %183 = call i32 bitcast (i32 (%struct.task_struct.295774*, i32, i32)* @create_task_io_context to i32 (%struct.task_struct.296233*, i32, i32)*)(%struct.task_struct.296233* %11, i32 2592, i32 %182) #78 Function:create_task_io_context %4 = load %struct.kmem_cache*, %struct.kmem_cache** @iocontext_cachep, align 8 %5 = or i32 %1, 256 %6 = tail call noalias align 8 i8* @kmem_cache_alloc_node(%struct.kmem_cache* %4, i32 %5, i32 %2) #78 Function:kmem_cache_alloc_node %5 = ptrtoint i8* %4 to i64 %6 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 4 %7 = load i32, i32* @gfp_allowed_mask, align 4 %8 = and i32 %7, %1 %9 = and i32 %8, 1024 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %12 = tail call i32 @__cond_resched() #78 br label %13 %14 = tail call i32 @should_failslab(%struct.kmem_cache* %0, i32 %8) #78 %15 = icmp ne i32 %14, 0 %16 = icmp eq %struct.kmem_cache* %0, null %17 = or i1 %16, %15 br i1 %17, label %109, label %18 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %20 = icmp eq i32 %2, -1 %21 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 br label %22 %23 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %19, align 8 %24 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.kmem_cache_cpu* %23) #6, !srcloc !4 %25 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %26 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 1 %27 = load volatile i64, i64* %26, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %28 = inttoptr i64 %24 to i8** %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %25, i64 0, i32 2 %31 = load %struct.page*, %struct.page** %30, align 8 %32 = icmp ne i8* %29, null %33 = icmp ne %struct.page* %31, null %34 = and i1 %32, %33 %35 = bitcast i8* %29 to i8** br i1 %34, label %36, label %43, !prof !6 br i1 %20, label %46, label %37 %38 = getelementptr inbounds %struct.page, %struct.page* %31, i64 0, i32 0 %39 = load i64, i64* %38, align 16 %40 = lshr i64 %39, 58 %41 = trunc i64 %40 to i32 %42 = icmp eq i32 %41, %2 br i1 %42, label %46, label %43 %44 = inttoptr i64 %24 to %struct.kmem_cache_cpu* %45 = tail call fastcc i8* @___slab_alloc(%struct.kmem_cache* %0, i32 %1, i32 %2, i64 %5, %struct.kmem_cache_cpu* %44) #78 Function:___slab_alloc %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = alloca %struct.page*, align 8 %11 = bitcast %struct.page** %10 to i8* store %struct.page* null, %struct.page** %10, align 8 %12 = bitcast i64* %7 to i8* %13 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 0 %14 = and i32 %1, -33554426 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 13 %17 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 1 %18 = bitcast i64* %8 to i8* %19 = bitcast i64* %9 to i8* br label %20 %21 = phi %struct.kmem_cache_cpu* [ %4, %5 ], [ %227, %226 ] %22 = phi i32 [ %2, %5 ], [ %228, %226 ] %23 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %21, i64 0, i32 2 %24 = load volatile %struct.page*, %struct.page** %23, align 8 store %struct.page* %24, %struct.page** %10, align 8 %25 = icmp eq %struct.page* %24, null br i1 %25, label %37, label %26 %27 = phi %struct.page* [ %24, %20 ], [ %230, %239 ], [ %230, %250 ] %28 = phi %struct.kmem_cache_cpu* [ %21, %20 ], [ %207, %239 ], [ %207, %250 ] %29 = phi i32 [ %22, %20 ], [ %203, %239 ], [ %203, %250 ] %30 = icmp eq i32 %29, -1 br i1 %30, label %50, label %31 %32 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 %33 = load i64, i64* %32, align 16 %34 = lshr i64 %33, 58 %35 = trunc i64 %34 to i32 %36 = icmp eq i32 %29, %35 br i1 %36, label %50, label %45 %46 = sext i32 %29 to i64 %47 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @slab_nodes, i64 0, i32 0, i64 0), i64 %46) #6, !srcloc !4 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %50, label %170 %51 = phi i32 [ -1, %26 ], [ %29, %31 ], [ -1, %45 ] %52 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1 %53 = bitcast %union.anon.20* %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = and i64 %54, 1 %56 = icmp eq i64 %55, 0 %57 = add i64 %54, -1 %58 = ptrtoint %struct.page* %27 to i64 %59 = select i1 %56, i64 %58, i64 %57, !prof !5 %60 = inttoptr i64 %59 to %struct.page* %61 = getelementptr inbounds %struct.page, %struct.page* %60, i64 0, i32 0 %62 = load volatile i64, i64* %61, align 8 %63 = and i64 %62, 32 %64 = icmp eq i64 %63, 0 br i1 %64, label %67, label %65, !prof !5, !misexpect !6 store i64 0, i64* %9, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %9) #6, !srcloc !7 %68 = load i64, i64* %9, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %69 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %70 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %69, i64 0, i32 4 %71 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %70) #6, !srcloc !9 %72 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 2 %73 = load %struct.page*, %struct.page** %72, align 8 %74 = icmp eq %struct.page* %27, %73 br i1 %74, label %82, label %75, !prof !5, !misexpect !6 %83 = bitcast %struct.kmem_cache_cpu* %28 to i8** %84 = load i8*, i8** %83, align 8 %85 = icmp eq i8* %84, null br i1 %85, label %86, label %147 %87 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %88 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %87, i64 0, i32 4 %89 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %88) #6, !srcloc !12 %90 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 2 %91 = bitcast i64* %90 to i8** %92 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 1, i32 0, i32 3 %93 = getelementptr inbounds %struct.page, %struct.page* %27, i64 0, i32 0 br label %94 %95 = load i8*, i8** %91, align 8 %96 = load i64, i64* %92, align 8 %97 = and i64 %96, -4294967296 %98 = lshr i64 %96, 16 %99 = and i64 %98, 32767 %100 = and i64 %96, 2147418112 %101 = icmp eq i8* %95, null %102 = select i1 %101, i64 0, i64 2147483648 %103 = or i64 %100, %102 %104 = or i64 %103, %97 %105 = or i64 %104, %99 %106 = load i32, i32* %17, align 8 %107 = and i32 %106, 1073741824 %108 = icmp eq i32 %107, 0 br i1 %108, label %114, label %109 %110 = call { i8, i8*, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchg${5:c}b $1\0A\09/* output condition code e*/\0A", "={@cce},=*m,=*m,={ax},={dx},i,{bx},{cx},*m,*m,3,4,~{dirflag},~{fpsr},~{flags}"(i8** %91, i64* %92, i64 16, i8* null, i64 %105, i8** %91, i64* %92, i8* %95, i64 %96) #6, !srcloc !13 %111 = extractvalue { i8, i8*, i64 } %110, 0 %112 = and i8 %111, 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %135, label %136 br i1 %101, label %137, label %147 store %struct.page* null, %struct.page** %72, align 8 %138 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %28, i64 0, i32 1 %139 = load i64, i64* %138, align 8 %140 = add i64 %139, 1 store i64 %140, i64* %138, align 8 %141 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %142 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %141, i64 0, i32 4 %143 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %142) #6, !srcloc !21 %144 = and i64 %68, 512 %145 = icmp eq i64 %144, 0 br i1 %145, label %201, label %146 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %201 %202 = phi %struct.kmem_cache_cpu* [ %28, %199 ], [ %21, %39 ], [ %21, %37 ], [ %28, %137 ], [ %28, %146 ] %203 = phi i32 [ %171, %199 ], [ %44, %39 ], [ -1, %37 ], [ %51, %137 ], [ %51, %146 ] %204 = icmp eq i32 %203, -1 %205 = icmp ne i32 %203, -1 br label %206 %207 = phi %struct.kmem_cache_cpu* [ %292, %300 ], [ %202, %201 ] %208 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 3 %209 = load %struct.page*, %struct.page** %208, align 8 %210 = icmp eq %struct.page* %209, null br i1 %210, label %251, label %211 store i64 0, i64* %7, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %7) #6, !srcloc !7 %212 = load i64, i64* %7, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %213 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %214 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %213, i64 0, i32 4 %215 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %214) #6, !srcloc !27 %216 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %207, i64 0, i32 2 %217 = load %struct.page*, %struct.page** %216, align 8 %218 = icmp eq %struct.page* %217, null br i1 %218, label %229, label %219, !prof !5, !misexpect !6 %230 = load %struct.page*, %struct.page** %208, align 8 %231 = icmp eq %struct.page* %230, null br i1 %231, label %232, label %239, !prof !29, !misexpect !6 %233 = load %struct.kmem_cache_cpu*, %struct.kmem_cache_cpu** %13, align 8 %234 = getelementptr inbounds %struct.kmem_cache_cpu, %struct.kmem_cache_cpu* %233, i64 0, i32 4 %235 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.lock_class_key* %234) #6, !srcloc !30 %236 = and i64 %212, 512 %237 = icmp eq i64 %236, 0 br i1 %237, label %251, label %238 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %251 br i1 %204, label %252, label %254 %253 = call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @numa_node) #4, !srcloc !32 br label %254 %255 = phi i32 [ %253, %252 ], [ %203, %251 ] %256 = sext i32 %255 to i64 %257 = getelementptr %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 23, i64 %256 %258 = load %struct.kmem_cache_node*, %struct.kmem_cache_node** %257, align 8 %259 = call fastcc i8* @get_partial_node(%struct.kmem_cache* %0, %struct.kmem_cache_node* %258, %struct.page** nonnull %10, i32 %1) #78 %260 = icmp ne i8* %259, null %261 = or i1 %205, %260 br i1 %261, label %264, label %262 %265 = phi i8* [ %263, %262 ], [ %259, %254 ] %266 = icmp eq i8* %265, null br i1 %266, label %267, label %290 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !33 br i1 %15, label %270, label %268, !prof !5, !misexpect !6 %269 = call i32 @kmalloc_fix_flags(i32 %1) #78 br label %270 %271 = phi i32 [ %269, %268 ], [ %1, %267 ] %272 = load void (i8*)*, void (i8*)** %16, align 8 %273 = icmp ne void (i8*)* %272, null %274 = and i32 %271, 256 %275 = icmp ne i32 %274, 0 %276 = and i1 %273, %275 br i1 %276, label %277, label %278, !prof !29, !misexpect !6 %279 = and i32 %271, 3927776 %280 = call fastcc %struct.page* @allocate_slab(%struct.kmem_cache* %0, i32 %279, i32 %203) #78 Function:allocate_slab %4 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 8, i32 0 %5 = load i32, i32* %4, align 8 %6 = load i32, i32* @gfp_allowed_mask, align 4 %7 = and i32 %6, %1 %8 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 11 %9 = load i32, i32* %8, align 4 %10 = or i32 %7, %9 %11 = and i32 %10, -106497 %12 = or i32 %11, 73728 %13 = and i32 %10, 1024 %14 = icmp eq i32 %13, 0 %15 = lshr i32 %5, 16 br i1 %14, label %24, label %16 %25 = phi i32 [ %23, %21 ], [ %12, %16 ], [ %12, %3 ] %26 = icmp eq i32 %2, -1 br i1 %26, label %27, label %30 %31 = tail call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %25, i32 %15, i32 %2, %struct.cpumask* null) #78 %32 = icmp eq %struct.page* %31, null br i1 %32, label %38, label %49, !prof !4, !misexpect !5 %39 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 10, i32 0 %40 = load i32, i32* %39, align 8 %41 = lshr i32 %40, 16 %42 = tail call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %10, i32 %41, i32 %2, %struct.cpumask* null) #78 Function:__alloc_pages %5 = alloca %struct.alloc_context.136342, align 8 %6 = bitcast %struct.alloc_context.136342* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136212** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136212**)) #11, !srcloc !7 %16 = inttoptr i64 %15 to %struct.task_struct.136212* %17 = getelementptr inbounds %struct.task_struct.136212, %struct.task_struct.136212* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !8, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.136176*], [0 x %struct.pglist_data.136176*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.136176*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 0 store %struct.zonelist.136172* %50, %struct.zonelist.136172** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !8 %58 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !9 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #78 br label %76 %77 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.136172, %struct.zonelist.136172* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !8 %84 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !11 %90 = phi %struct.zoneref.136171* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 2 store %struct.zoneref.136171* %90, %struct.zoneref.136171** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %90, i64 0, i32 0 %93 = load %struct.zone.136180*, %struct.zone.136180** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.136180* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.136327* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.136342* nonnull %5) #79 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 1 br label %20 %21 = phi i32 [ %2, %4 ], [ %420, %418 ] %22 = phi %struct.pglist_data.136176* [ null, %4 ], [ %419, %418 ] %23 = and i32 %21, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %25, i64 0, i32 0 %27 = load %struct.zone.136180*, %struct.zone.136180** %26, align 8 %28 = icmp eq %struct.zone.136180* %27, null br i1 %28, label %416, label %29 %30 = and i32 %21, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %21, 3 %33 = zext i32 %32 to i64 %34 = and i32 %21, 24 %35 = and i32 %21, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %21, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %21, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %21, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %21, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.136180* [ %414, %411 ], [ %27, %29 ] %48 = phi %struct.pglist_data.136176* [ %400, %411 ], [ %22, %29 ] %49 = phi %struct.zoneref.136171* [ %412, %411 ], [ %25, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %74, i64 0, i32 0 %76 = load %struct.zone.136180*, %struct.zone.136180** %75, align 8 %77 = icmp eq %struct.zone.136180* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %109 %110 = phi i32 [ %35, %99 ], [ %34, %84 ] %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %116, !prof !6, !misexpect !7 %113 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %114 = load i64, i64* %113, align 32 %115 = add i64 %114, %11 br label %116 %117 = phi i64 [ %115, %112 ], [ %11, %109 ] %118 = sub i64 %94, %117 br i1 %38, label %122, label %119 %120 = sdiv i64 %89, -2 %121 = add i64 %120, %89 br label %122 %123 = phi i64 [ %121, %119 ], [ %89, %116 ] br i1 %111, label %131, label %124, !prof !6, !misexpect !8 br i1 %40, label %128, label %125 %129 = sdiv i64 %123, -4 %130 = add i64 %129, %123 br label %131 %132 = phi i64 [ %127, %125 ], [ %130, %128 ], [ %123, %122 ] %133 = sext i32 %90 to i64 %134 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 3, i64 %133 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %132 %137 = icmp sgt i64 %118, %136 br i1 %137, label %138, label %169 br i1 %8, label %254, label %139 br i1 %12, label %140, label %230 %141 = phi i64 [ %161, %160 ], [ %13, %139 ] %142 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 1 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %160, label %145 %146 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 0 %147 = getelementptr inbounds %struct.list_head, %struct.list_head* %146, i64 0, i32 0 %148 = load volatile %struct.list_head*, %struct.list_head** %147, align 8 %149 = icmp eq %struct.list_head* %148, %146 br i1 %149, label %150, label %254 %151 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 1 %152 = getelementptr inbounds %struct.list_head, %struct.list_head* %151, i64 0, i32 0 %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %163, label %254 %164 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 2 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 0 %166 = load volatile %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %164 br i1 %167, label %168, label %254 br i1 %111, label %160, label %155 %161 = add nsw i64 %141, 1 %162 = icmp eq i64 %161, 11 br i1 %162, label %169, label %140 %170 = icmp eq i64 %88, 0 %171 = or i1 %41, %170 %172 = or i1 %17, %171 br i1 %172, label %230, label %173, !prof !9 %174 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 64 br i1 %111, label %176, label %180, !prof !6, !misexpect !7 %177 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %178 = load i64, i64* %177, align 32 %179 = add i64 %178, %11 br label %180 %181 = phi i64 [ %179, %176 ], [ %11, %173 ] %182 = sub i64 %94, %181 br i1 %38, label %186, label %183 %184 = sdiv i64 %175, -2 %185 = add i64 %184, %175 br label %186 %187 = phi i64 [ %185, %183 ], [ %175, %180 ] br i1 %111, label %195, label %188, !prof !6, !misexpect !8 br i1 %43, label %192, label %189 %193 = sdiv i64 %187, -4 %194 = add i64 %193, %187 br label %195 %196 = phi i64 [ %191, %189 ], [ %194, %192 ], [ %187, %186 ] %197 = add i64 %196, %135 %198 = icmp sgt i64 %182, %197 br i1 %198, label %199, label %230 br i1 %8, label %254, label %200 br i1 %12, label %201, label %230 %202 = phi i64 [ %222, %221 ], [ %13, %200 ] %203 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 1 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %221, label %206 %207 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 0 %208 = getelementptr inbounds %struct.list_head, %struct.list_head* %207, i64 0, i32 0 %209 = load volatile %struct.list_head*, %struct.list_head** %208, align 8 %210 = icmp eq %struct.list_head* %209, %207 br i1 %210, label %211, label %254 %212 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 1 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %212, i64 0, i32 0 %214 = load volatile %struct.list_head*, %struct.list_head** %213, align 8 %215 = icmp eq %struct.list_head* %214, %212 br i1 %215, label %224, label %254 %225 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 2 %226 = getelementptr inbounds %struct.list_head, %struct.list_head* %225, i64 0, i32 0 %227 = load volatile %struct.list_head*, %struct.list_head** %226, align 8 %228 = icmp eq %struct.list_head* %227, %225 br i1 %228, label %229, label %254 br i1 %111, label %221, label %216 %222 = add nsw i64 %202, 1 %223 = icmp eq i64 %222, 11 br i1 %223, label %230, label %201 br i1 %45, label %231, label %254 %232 = load i32, i32* @node_reclaim_mode, align 4 %233 = and i32 %232, 7 %234 = icmp eq i32 %233, 0 br i1 %234, label %399, label %235 %236 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %237 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %236, i64 0, i32 0 %238 = load %struct.zone.136180*, %struct.zone.136180** %237, align 8 %239 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %238, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 4 %242 = load i32, i32* %241, align 8 %243 = tail call i32 @__node_distance(i32 %240, i32 %242) #78 %244 = load i32, i32* @node_reclaim_distance, align 4 %245 = icmp sgt i32 %243, %244 br i1 %245, label %399, label %246 %247 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 5 %248 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %247, align 16 %249 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.136176*, i32, i32)*)(%struct.pglist_data.136176* %248, i32 %0, i32 %1) #78 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #78 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #79 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %11 = icmp ugt i64 %6, 32 %12 = select i1 %11, i64 %6, i64 32 %13 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %14 = bitcast %struct.cpumask** %13 to i8* store i64 %12, i64* %10, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #78 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %91 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %92 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #79 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %560, %679 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #78 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #78 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #78 %157 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #78 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #78 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #78 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #78 %217 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %218 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %693, label %688 %689 = load i64, i64* %71, align 16 %690 = load i64, i64* %72, align 8 %691 = add i64 %689, %226 %692 = add i64 %691, %690 br label %693 %694 = phi i64 [ %692, %688 ], [ %226, %225 ] %695 = load volatile i64, i64* %73, align 8 %696 = icmp eq i64 %695, 0 br i1 %696, label %702, label %697 %698 = load i64, i64* %74, align 16 %699 = load i64, i64* %75, align 8 %700 = add i64 %698, %694 %701 = add i64 %700, %699 br label %702 %703 = phi i64 [ %701, %697 ], [ %694, %693 ] %704 = load volatile i64, i64* %76, align 8 %705 = icmp eq i64 %704, 0 br i1 %705, label %711, label %706 %707 = load i64, i64* %77, align 16 %708 = load i64, i64* %78, align 8 %709 = add i64 %707, %703 %710 = add i64 %709, %708 br label %711 %712 = phi i64 [ %710, %706 ], [ %703, %702 ] %713 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #78 %714 = add i64 %217, %216 %715 = add i64 %714, %218 %716 = icmp ule i64 %715, %712 %717 = load i16, i16* %22, align 8 %718 = and i16 %717, 1 %719 = icmp eq i16 %718, 0 %720 = and i1 %716, %719 br i1 %720, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %711 ] %238 = and i16 %717, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #78 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #78 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %291 = phi i64 [ %283, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %721 %722 = load volatile i64, i64* %84, align 8 %723 = icmp eq i64 %722, 0 br i1 %723, label %729, label %724 %725 = load volatile i64, i64* %86, align 8 %726 = icmp sgt i64 %725, 0 %727 = select i1 %726, i64 %725, i64 0 %728 = add nuw i64 %727, %313 br label %729 %730 = phi i64 [ %728, %724 ], [ %313, %721 ] %731 = icmp eq i32 %301, 2 br i1 %731, label %315, label %732 %733 = load volatile i64, i64* %88, align 8 %734 = icmp eq i64 %733, 0 br i1 %734, label %740, label %735 %736 = load volatile i64, i64* %90, align 8 %737 = icmp sgt i64 %736, 0 %738 = select i1 %737, i64 %736, i64 0 %739 = add i64 %738, %730 br label %740 %741 = phi i64 [ %739, %735 ], [ %730, %732 ] %742 = icmp eq i32 %301, 3 br i1 %742, label %315, label %743 %744 = load volatile i64, i64* %92, align 8 %745 = icmp eq i64 %744, 0 br i1 %745, label %315, label %746 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %730, %729 ], [ %741, %740 ], [ %750, %746 ], [ %741, %743 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %453, label %463 %454 = load volatile i64, i64* %96, align 8 %455 = icmp eq i64 %454, 0 br i1 %455, label %460, label %456 %457 = load volatile i64, i64* %98, align 8 %458 = icmp sgt i64 %457, 0 %459 = select i1 %458, i64 %457, i64 0 br label %460 %461 = phi i64 [ %459, %456 ], [ 0, %453 ] %462 = icmp eq i32 %300, 0 br i1 %462, label %463, label %751 %752 = load volatile i64, i64* %100, align 8 %753 = icmp eq i64 %752, 0 br i1 %753, label %759, label %754 %755 = load volatile i64, i64* %102, align 8 %756 = icmp sgt i64 %755, 0 %757 = select i1 %756, i64 %755, i64 0 %758 = add nuw i64 %757, %461 br label %759 %760 = phi i64 [ %758, %754 ], [ %461, %751 ] %761 = icmp eq i32 %301, 2 br i1 %761, label %463, label %762 %763 = load volatile i64, i64* %104, align 8 %764 = icmp eq i64 %763, 0 br i1 %764, label %770, label %765 %766 = load volatile i64, i64* %106, align 8 %767 = icmp sgt i64 %766, 0 %768 = select i1 %767, i64 %766, i64 0 %769 = add i64 %768, %760 br label %770 %771 = phi i64 [ %769, %765 ], [ %760, %762 ] %772 = icmp eq i32 %301, 3 br i1 %772, label %463, label %773 %774 = load volatile i64, i64* %108, align 8 %775 = icmp eq i64 %774, 0 br i1 %775, label %463, label %776 %464 = phi i64 [ 0, %324 ], [ %461, %460 ], [ %760, %759 ], [ %771, %770 ], [ %780, %776 ], [ %771, %773 ] %465 = lshr i64 %464, %304 switch i32 %294, label %323 [ i32 0, label %471 i32 1, label %468 i32 3, label %466 i32 2, label %466 ] %469 = mul i64 %465, %291 %470 = udiv i64 %469, %295 br label %471 %472 = phi i64 [ %470, %468 ], [ %465, %463 ], [ %467, %466 ] store i64 %472, i64* %38, align 8 br i1 %298, label %473, label %483 %474 = load volatile i64, i64* %112, align 8 %475 = icmp eq i64 %474, 0 br i1 %475, label %480, label %476 %477 = load volatile i64, i64* %114, align 8 %478 = icmp sgt i64 %477, 0 %479 = select i1 %478, i64 %477, i64 0 br label %480 %481 = phi i64 [ %479, %476 ], [ 0, %473 ] %482 = icmp eq i32 %300, 0 br i1 %482, label %483, label %781 %782 = load volatile i64, i64* %116, align 8 %783 = icmp eq i64 %782, 0 br i1 %783, label %789, label %784 %785 = load volatile i64, i64* %118, align 8 %786 = icmp sgt i64 %785, 0 %787 = select i1 %786, i64 %785, i64 0 %788 = add nuw i64 %787, %481 br label %789 %790 = phi i64 [ %788, %784 ], [ %481, %781 ] %791 = icmp eq i32 %301, 2 br i1 %791, label %483, label %792 %793 = load volatile i64, i64* %120, align 8 %794 = icmp eq i64 %793, 0 br i1 %794, label %800, label %795 %796 = load volatile i64, i64* %122, align 8 %797 = icmp sgt i64 %796, 0 %798 = select i1 %797, i64 %796, i64 0 %799 = add i64 %798, %790 br label %800 %801 = phi i64 [ %799, %795 ], [ %790, %792 ] %802 = icmp eq i32 %301, 3 br i1 %802, label %483, label %803 %804 = load volatile i64, i64* %124, align 8 %805 = icmp eq i64 %804, 0 br i1 %805, label %483, label %806 %484 = phi i64 [ 0, %471 ], [ %481, %480 ], [ %790, %789 ], [ %801, %800 ], [ %810, %806 ], [ %801, %803 ] %485 = lshr i64 %484, %304 switch i32 %294, label %323 [ i32 0, label %491 i32 1, label %488 i32 3, label %486 i32 2, label %486 ] %489 = mul i64 %485, %290 %490 = udiv i64 %489, %295 br label %491 %492 = phi i64 [ %490, %488 ], [ %485, %483 ], [ %487, %486 ] store i64 %492, i64* %39, align 16 br i1 %298, label %493, label %503 %494 = load volatile i64, i64* %128, align 8 %495 = icmp eq i64 %494, 0 br i1 %495, label %500, label %496 %497 = load volatile i64, i64* %130, align 8 %498 = icmp sgt i64 %497, 0 %499 = select i1 %498, i64 %497, i64 0 br label %500 %501 = phi i64 [ %499, %496 ], [ 0, %493 ] %502 = icmp eq i32 %300, 0 br i1 %502, label %503, label %811 %812 = load volatile i64, i64* %132, align 8 %813 = icmp eq i64 %812, 0 br i1 %813, label %819, label %814 %815 = load volatile i64, i64* %134, align 8 %816 = icmp sgt i64 %815, 0 %817 = select i1 %816, i64 %815, i64 0 %818 = add nuw i64 %817, %501 br label %819 %820 = phi i64 [ %818, %814 ], [ %501, %811 ] %821 = icmp eq i32 %301, 2 br i1 %821, label %503, label %822 %823 = load volatile i64, i64* %136, align 8 %824 = icmp eq i64 %823, 0 br i1 %824, label %830, label %825 %826 = load volatile i64, i64* %138, align 8 %827 = icmp sgt i64 %826, 0 %828 = select i1 %827, i64 %826, i64 0 %829 = add i64 %828, %820 br label %830 %831 = phi i64 [ %829, %825 ], [ %820, %822 ] %832 = icmp eq i32 %301, 3 br i1 %832, label %503, label %833 %834 = load volatile i64, i64* %140, align 8 %835 = icmp eq i64 %834, 0 br i1 %835, label %503, label %836 %504 = phi i64 [ 0, %491 ], [ %501, %500 ], [ %820, %819 ], [ %831, %830 ], [ %840, %836 ], [ %831, %833 ] %505 = lshr i64 %504, %304 switch i32 %294, label %323 [ i32 0, label %511 i32 1, label %508 i32 3, label %506 i32 2, label %506 ] %509 = mul i64 %505, %290 %510 = udiv i64 %509, %295 br label %511 %512 = phi i64 [ %510, %508 ], [ %505, %503 ], [ %507, %506 ] store i64 %512, i64* %40, align 8 %513 = load i32, i32* %42, align 4 %514 = and i32 %513, 131072 %515 = icmp eq i32 %514, 0 %516 = icmp eq i8 %302, 12 %517 = and i1 %516, %515 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #78 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %492, %325 %527 = or i64 %526, %512 %528 = icmp eq i64 %527, 0 br i1 %528, label %421, label %326 %327 = phi i64 [ %365, %364 ], [ %325, %511 ] %328 = phi i64 [ %366, %364 ], [ 0, %511 ] %329 = phi i64 [ %358, %364 ], [ 0, %511 ] %330 = icmp eq i64 %327, 0 br i1 %330, label %357, label %331 %332 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %328 %333 = icmp ult i64 %327, 32 %334 = select i1 %333, i64 %327, i64 32 %335 = sub i64 %327, %334 store i64 %335, i64* %332, align 8 %336 = trunc i64 %328 to i32 %337 = and i32 %336, 2147483645 %338 = icmp eq i32 %337, 1 br i1 %338, label %339, label %352 %353 = call fastcc i64 @shrink_inactive_list(i64 %334, %struct.lruvec* %11, %struct.scan_control* %1, i32 %336) #78 br label %354 %355 = phi i64 [ %353, %352 ], [ 0, %350 ], [ 0, %349 ] %356 = add i64 %355, %329 br label %357 %358 = phi i64 [ %356, %354 ], [ %329, %326 ] %359 = add nuw nsw i64 %328, 1 %360 = icmp eq i64 %359, 4 br i1 %360, label %367, label %361 %368 = call i32 @__cond_resched() #78 %369 = icmp ult i64 %358, %241 %370 = or i1 %517, %369 br i1 %370, label %414, label %371 %372 = load i64, i64* %39, align 16 %373 = load i64, i64* %40, align 8 %374 = add i64 %373, %372 %375 = load i64, i64* %33, align 16 %376 = load i64, i64* %38, align 8 %377 = add i64 %376, %375 %378 = icmp ne i64 %374, 0 %379 = icmp ne i64 %377, 0 %380 = and i1 %378, %379 br i1 %380, label %381, label %421 %382 = icmp ugt i64 %374, %377 %383 = select i1 %382, i64 %377, i64 %374 %384 = select i1 %382, i64 %525, i64 %521 %385 = select i1 %382, i32 2, i32 0 %386 = select i1 %382, i32 0, i32 2 %387 = mul i64 %383, 100 %388 = udiv i64 %387, %384 %389 = zext i32 %386 to i64 %390 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %389 store i64 0, i64* %390, align 16 %391 = or i32 %386, 1 %392 = zext i32 %391 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 8 %394 = zext i32 %385 to i64 %395 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %394 %396 = load i64, i64* %395, align 16 %397 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %394 %398 = load i64, i64* %397, align 16 %399 = sub i64 %396, %398 %400 = sub i64 100, %388 %401 = mul i64 %396, %400 %402 = udiv i64 %401, 100 store i64 %403, i64* %397, align 16 %404 = or i32 %385, 1 %405 = zext i32 %404 to i64 %406 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %405 %407 = load i64, i64* %406, align 8 %408 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %405 %409 = load i64, i64* %408, align 8 %410 = sub i64 %407, %409 %411 = mul i64 %407, %400 %412 = udiv i64 %411, 100 store i64 %413, i64* %408, align 8 br label %414 %415 = load i64, i64* %33, align 16 %416 = load i64, i64* %40, align 8 %417 = load i64, i64* %39, align 16 %418 = or i64 %416, %415 %419 = or i64 %418, %417 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %364 %422 = phi i64 [ 0, %511 ], [ %358, %371 ], [ %358, %414 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 ring_buffer_alloc_read_page 12 tracing_buffers_read ------------- Path:  Function:tracing_buffers_read %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.ftrace_buffer_info** %7 = load %struct.ftrace_buffer_info*, %struct.ftrace_buffer_info** %6, align 8 %8 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0 %9 = icmp eq i64 %2, 0 br i1 %9, label %112, label %10 %11 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null br i1 %13, label %14, label %29 %15 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 2 %16 = load %struct.array_buffer*, %struct.array_buffer** %15, align 8 %17 = getelementptr inbounds %struct.array_buffer, %struct.array_buffer* %16, i64 0, i32 1 %18 = load %struct.trace_buffer*, %struct.trace_buffer** %17, align 8 %19 = getelementptr inbounds %struct.ftrace_buffer_info, %struct.ftrace_buffer_info* %7, i64 0, i32 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = tail call i8* @ring_buffer_alloc_read_page(%struct.trace_buffer* %18, i32 %20) #78 Function:ring_buffer_alloc_read_page %3 = alloca i64, align 8 %4 = zext i32 %1 to i64 %5 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 3, i64 0, i32 0, i64 0 %6 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 %4) #6, !srcloc !4 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %61, label %9 %10 = getelementptr inbounds %struct.trace_buffer, %struct.trace_buffer* %0, i64 0, i32 6 %11 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %10, align 8 %12 = sext i32 %1 to i64 %13 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %11, i64 %12 %14 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %13, align 8 %15 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %3) #6, !srcloc !5 %16 = load i64, i64* %3, align 8 call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 5 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 0, i32 0, i32 0, i32 0 %19 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18, i32 0) #6, !srcloc !7 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %25, !prof !8, !misexpect !9 %26 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %14, i64 0, i32 7 %27 = load %struct.buffer_data_page*, %struct.buffer_data_page** %26, align 8 %28 = icmp eq %struct.buffer_data_page* %27, null br i1 %28, label %30, label %29 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %31 = bitcast %struct.qspinlock* %17 to i8* store volatile i8 0, i8* %31, align 4 %32 = and i64 %16, 512 %33 = icmp eq i64 %32, 0 br i1 %33, label %35, label %34 br i1 %28, label %36, label %57 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %12 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (i32* @numa_node to i64) %40 = inttoptr i64 %39 to i32* %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, -1 br i1 %42, label %43, label %45 %46 = phi i32 [ %44, %43 ], [ %41, %36 ] %47 = call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 68800, i32 0, i32 %46, %struct.cpumask* null) #78 Function:__alloc_pages %5 = alloca %struct.alloc_context.136342, align 8 %6 = bitcast %struct.alloc_context.136342* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136212** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136212**)) #11, !srcloc !7 %16 = inttoptr i64 %15 to %struct.task_struct.136212* %17 = getelementptr inbounds %struct.task_struct.136212, %struct.task_struct.136212* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !8, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.136176*], [0 x %struct.pglist_data.136176*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.136176*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 0 store %struct.zonelist.136172* %50, %struct.zonelist.136172** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !8 %58 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !9 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #78 br label %76 %77 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.136172, %struct.zonelist.136172* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !8 %84 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !11 %90 = phi %struct.zoneref.136171* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 2 store %struct.zoneref.136171* %90, %struct.zoneref.136171** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %90, i64 0, i32 0 %93 = load %struct.zone.136180*, %struct.zone.136180** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.136180* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.136327* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.136342* nonnull %5) #79 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 1 br label %20 %21 = phi i32 [ %2, %4 ], [ %420, %418 ] %22 = phi %struct.pglist_data.136176* [ null, %4 ], [ %419, %418 ] %23 = and i32 %21, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %25, i64 0, i32 0 %27 = load %struct.zone.136180*, %struct.zone.136180** %26, align 8 %28 = icmp eq %struct.zone.136180* %27, null br i1 %28, label %416, label %29 %30 = and i32 %21, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %21, 3 %33 = zext i32 %32 to i64 %34 = and i32 %21, 24 %35 = and i32 %21, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %21, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %21, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %21, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %21, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.136180* [ %414, %411 ], [ %27, %29 ] %48 = phi %struct.pglist_data.136176* [ %400, %411 ], [ %22, %29 ] %49 = phi %struct.zoneref.136171* [ %412, %411 ], [ %25, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %74, i64 0, i32 0 %76 = load %struct.zone.136180*, %struct.zone.136180** %75, align 8 %77 = icmp eq %struct.zone.136180* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %109 %110 = phi i32 [ %35, %99 ], [ %34, %84 ] %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %116, !prof !6, !misexpect !7 %113 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %114 = load i64, i64* %113, align 32 %115 = add i64 %114, %11 br label %116 %117 = phi i64 [ %115, %112 ], [ %11, %109 ] %118 = sub i64 %94, %117 br i1 %38, label %122, label %119 %120 = sdiv i64 %89, -2 %121 = add i64 %120, %89 br label %122 %123 = phi i64 [ %121, %119 ], [ %89, %116 ] br i1 %111, label %131, label %124, !prof !6, !misexpect !8 br i1 %40, label %128, label %125 %129 = sdiv i64 %123, -4 %130 = add i64 %129, %123 br label %131 %132 = phi i64 [ %127, %125 ], [ %130, %128 ], [ %123, %122 ] %133 = sext i32 %90 to i64 %134 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 3, i64 %133 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %132 %137 = icmp sgt i64 %118, %136 br i1 %137, label %138, label %169 br i1 %8, label %254, label %139 br i1 %12, label %140, label %230 %141 = phi i64 [ %161, %160 ], [ %13, %139 ] %142 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 1 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %160, label %145 %146 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 0 %147 = getelementptr inbounds %struct.list_head, %struct.list_head* %146, i64 0, i32 0 %148 = load volatile %struct.list_head*, %struct.list_head** %147, align 8 %149 = icmp eq %struct.list_head* %148, %146 br i1 %149, label %150, label %254 %151 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 1 %152 = getelementptr inbounds %struct.list_head, %struct.list_head* %151, i64 0, i32 0 %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %163, label %254 %164 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 2 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 0 %166 = load volatile %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %164 br i1 %167, label %168, label %254 br i1 %111, label %160, label %155 %161 = add nsw i64 %141, 1 %162 = icmp eq i64 %161, 11 br i1 %162, label %169, label %140 %170 = icmp eq i64 %88, 0 %171 = or i1 %41, %170 %172 = or i1 %17, %171 br i1 %172, label %230, label %173, !prof !9 %174 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 64 br i1 %111, label %176, label %180, !prof !6, !misexpect !7 %177 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %178 = load i64, i64* %177, align 32 %179 = add i64 %178, %11 br label %180 %181 = phi i64 [ %179, %176 ], [ %11, %173 ] %182 = sub i64 %94, %181 br i1 %38, label %186, label %183 %184 = sdiv i64 %175, -2 %185 = add i64 %184, %175 br label %186 %187 = phi i64 [ %185, %183 ], [ %175, %180 ] br i1 %111, label %195, label %188, !prof !6, !misexpect !8 br i1 %43, label %192, label %189 %193 = sdiv i64 %187, -4 %194 = add i64 %193, %187 br label %195 %196 = phi i64 [ %191, %189 ], [ %194, %192 ], [ %187, %186 ] %197 = add i64 %196, %135 %198 = icmp sgt i64 %182, %197 br i1 %198, label %199, label %230 br i1 %8, label %254, label %200 br i1 %12, label %201, label %230 %202 = phi i64 [ %222, %221 ], [ %13, %200 ] %203 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 1 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %221, label %206 %207 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 0 %208 = getelementptr inbounds %struct.list_head, %struct.list_head* %207, i64 0, i32 0 %209 = load volatile %struct.list_head*, %struct.list_head** %208, align 8 %210 = icmp eq %struct.list_head* %209, %207 br i1 %210, label %211, label %254 %212 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 1 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %212, i64 0, i32 0 %214 = load volatile %struct.list_head*, %struct.list_head** %213, align 8 %215 = icmp eq %struct.list_head* %214, %212 br i1 %215, label %224, label %254 %225 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 2 %226 = getelementptr inbounds %struct.list_head, %struct.list_head* %225, i64 0, i32 0 %227 = load volatile %struct.list_head*, %struct.list_head** %226, align 8 %228 = icmp eq %struct.list_head* %227, %225 br i1 %228, label %229, label %254 br i1 %111, label %221, label %216 %222 = add nsw i64 %202, 1 %223 = icmp eq i64 %222, 11 br i1 %223, label %230, label %201 br i1 %45, label %231, label %254 %232 = load i32, i32* @node_reclaim_mode, align 4 %233 = and i32 %232, 7 %234 = icmp eq i32 %233, 0 br i1 %234, label %399, label %235 %236 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %237 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %236, i64 0, i32 0 %238 = load %struct.zone.136180*, %struct.zone.136180** %237, align 8 %239 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %238, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 4 %242 = load i32, i32* %241, align 8 %243 = tail call i32 @__node_distance(i32 %240, i32 %242) #78 %244 = load i32, i32* @node_reclaim_distance, align 4 %245 = icmp sgt i32 %243, %244 br i1 %245, label %399, label %246 %247 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 5 %248 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %247, align 16 %249 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.136176*, i32, i32)*)(%struct.pglist_data.136176* %248, i32 %0, i32 %1) #78 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #78 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #79 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %11 = icmp ugt i64 %6, 32 %12 = select i1 %11, i64 %6, i64 32 %13 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %14 = bitcast %struct.cpumask** %13 to i8* store i64 %12, i64* %10, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #78 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %91 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %92 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #79 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %560, %679 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #78 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #78 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #78 %157 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #78 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #78 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #78 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #78 %217 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %218 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %693, label %688 %689 = load i64, i64* %71, align 16 %690 = load i64, i64* %72, align 8 %691 = add i64 %689, %226 %692 = add i64 %691, %690 br label %693 %694 = phi i64 [ %692, %688 ], [ %226, %225 ] %695 = load volatile i64, i64* %73, align 8 %696 = icmp eq i64 %695, 0 br i1 %696, label %702, label %697 %698 = load i64, i64* %74, align 16 %699 = load i64, i64* %75, align 8 %700 = add i64 %698, %694 %701 = add i64 %700, %699 br label %702 %703 = phi i64 [ %701, %697 ], [ %694, %693 ] %704 = load volatile i64, i64* %76, align 8 %705 = icmp eq i64 %704, 0 br i1 %705, label %711, label %706 %707 = load i64, i64* %77, align 16 %708 = load i64, i64* %78, align 8 %709 = add i64 %707, %703 %710 = add i64 %709, %708 br label %711 %712 = phi i64 [ %710, %706 ], [ %703, %702 ] %713 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #78 %714 = add i64 %217, %216 %715 = add i64 %714, %218 %716 = icmp ule i64 %715, %712 %717 = load i16, i16* %22, align 8 %718 = and i16 %717, 1 %719 = icmp eq i16 %718, 0 %720 = and i1 %716, %719 br i1 %720, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %711 ] %238 = and i16 %717, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #78 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #78 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %291 = phi i64 [ %283, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %721 %722 = load volatile i64, i64* %84, align 8 %723 = icmp eq i64 %722, 0 br i1 %723, label %729, label %724 %725 = load volatile i64, i64* %86, align 8 %726 = icmp sgt i64 %725, 0 %727 = select i1 %726, i64 %725, i64 0 %728 = add nuw i64 %727, %313 br label %729 %730 = phi i64 [ %728, %724 ], [ %313, %721 ] %731 = icmp eq i32 %301, 2 br i1 %731, label %315, label %732 %733 = load volatile i64, i64* %88, align 8 %734 = icmp eq i64 %733, 0 br i1 %734, label %740, label %735 %736 = load volatile i64, i64* %90, align 8 %737 = icmp sgt i64 %736, 0 %738 = select i1 %737, i64 %736, i64 0 %739 = add i64 %738, %730 br label %740 %741 = phi i64 [ %739, %735 ], [ %730, %732 ] %742 = icmp eq i32 %301, 3 br i1 %742, label %315, label %743 %744 = load volatile i64, i64* %92, align 8 %745 = icmp eq i64 %744, 0 br i1 %745, label %315, label %746 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %730, %729 ], [ %741, %740 ], [ %750, %746 ], [ %741, %743 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %453, label %463 %454 = load volatile i64, i64* %96, align 8 %455 = icmp eq i64 %454, 0 br i1 %455, label %460, label %456 %457 = load volatile i64, i64* %98, align 8 %458 = icmp sgt i64 %457, 0 %459 = select i1 %458, i64 %457, i64 0 br label %460 %461 = phi i64 [ %459, %456 ], [ 0, %453 ] %462 = icmp eq i32 %300, 0 br i1 %462, label %463, label %751 %752 = load volatile i64, i64* %100, align 8 %753 = icmp eq i64 %752, 0 br i1 %753, label %759, label %754 %755 = load volatile i64, i64* %102, align 8 %756 = icmp sgt i64 %755, 0 %757 = select i1 %756, i64 %755, i64 0 %758 = add nuw i64 %757, %461 br label %759 %760 = phi i64 [ %758, %754 ], [ %461, %751 ] %761 = icmp eq i32 %301, 2 br i1 %761, label %463, label %762 %763 = load volatile i64, i64* %104, align 8 %764 = icmp eq i64 %763, 0 br i1 %764, label %770, label %765 %766 = load volatile i64, i64* %106, align 8 %767 = icmp sgt i64 %766, 0 %768 = select i1 %767, i64 %766, i64 0 %769 = add i64 %768, %760 br label %770 %771 = phi i64 [ %769, %765 ], [ %760, %762 ] %772 = icmp eq i32 %301, 3 br i1 %772, label %463, label %773 %774 = load volatile i64, i64* %108, align 8 %775 = icmp eq i64 %774, 0 br i1 %775, label %463, label %776 %464 = phi i64 [ 0, %324 ], [ %461, %460 ], [ %760, %759 ], [ %771, %770 ], [ %780, %776 ], [ %771, %773 ] %465 = lshr i64 %464, %304 switch i32 %294, label %323 [ i32 0, label %471 i32 1, label %468 i32 3, label %466 i32 2, label %466 ] %469 = mul i64 %465, %291 %470 = udiv i64 %469, %295 br label %471 %472 = phi i64 [ %470, %468 ], [ %465, %463 ], [ %467, %466 ] store i64 %472, i64* %38, align 8 br i1 %298, label %473, label %483 %474 = load volatile i64, i64* %112, align 8 %475 = icmp eq i64 %474, 0 br i1 %475, label %480, label %476 %477 = load volatile i64, i64* %114, align 8 %478 = icmp sgt i64 %477, 0 %479 = select i1 %478, i64 %477, i64 0 br label %480 %481 = phi i64 [ %479, %476 ], [ 0, %473 ] %482 = icmp eq i32 %300, 0 br i1 %482, label %483, label %781 %782 = load volatile i64, i64* %116, align 8 %783 = icmp eq i64 %782, 0 br i1 %783, label %789, label %784 %785 = load volatile i64, i64* %118, align 8 %786 = icmp sgt i64 %785, 0 %787 = select i1 %786, i64 %785, i64 0 %788 = add nuw i64 %787, %481 br label %789 %790 = phi i64 [ %788, %784 ], [ %481, %781 ] %791 = icmp eq i32 %301, 2 br i1 %791, label %483, label %792 %793 = load volatile i64, i64* %120, align 8 %794 = icmp eq i64 %793, 0 br i1 %794, label %800, label %795 %796 = load volatile i64, i64* %122, align 8 %797 = icmp sgt i64 %796, 0 %798 = select i1 %797, i64 %796, i64 0 %799 = add i64 %798, %790 br label %800 %801 = phi i64 [ %799, %795 ], [ %790, %792 ] %802 = icmp eq i32 %301, 3 br i1 %802, label %483, label %803 %804 = load volatile i64, i64* %124, align 8 %805 = icmp eq i64 %804, 0 br i1 %805, label %483, label %806 %484 = phi i64 [ 0, %471 ], [ %481, %480 ], [ %790, %789 ], [ %801, %800 ], [ %810, %806 ], [ %801, %803 ] %485 = lshr i64 %484, %304 switch i32 %294, label %323 [ i32 0, label %491 i32 1, label %488 i32 3, label %486 i32 2, label %486 ] %489 = mul i64 %485, %290 %490 = udiv i64 %489, %295 br label %491 %492 = phi i64 [ %490, %488 ], [ %485, %483 ], [ %487, %486 ] store i64 %492, i64* %39, align 16 br i1 %298, label %493, label %503 %494 = load volatile i64, i64* %128, align 8 %495 = icmp eq i64 %494, 0 br i1 %495, label %500, label %496 %497 = load volatile i64, i64* %130, align 8 %498 = icmp sgt i64 %497, 0 %499 = select i1 %498, i64 %497, i64 0 br label %500 %501 = phi i64 [ %499, %496 ], [ 0, %493 ] %502 = icmp eq i32 %300, 0 br i1 %502, label %503, label %811 %812 = load volatile i64, i64* %132, align 8 %813 = icmp eq i64 %812, 0 br i1 %813, label %819, label %814 %815 = load volatile i64, i64* %134, align 8 %816 = icmp sgt i64 %815, 0 %817 = select i1 %816, i64 %815, i64 0 %818 = add nuw i64 %817, %501 br label %819 %820 = phi i64 [ %818, %814 ], [ %501, %811 ] %821 = icmp eq i32 %301, 2 br i1 %821, label %503, label %822 %823 = load volatile i64, i64* %136, align 8 %824 = icmp eq i64 %823, 0 br i1 %824, label %830, label %825 %826 = load volatile i64, i64* %138, align 8 %827 = icmp sgt i64 %826, 0 %828 = select i1 %827, i64 %826, i64 0 %829 = add i64 %828, %820 br label %830 %831 = phi i64 [ %829, %825 ], [ %820, %822 ] %832 = icmp eq i32 %301, 3 br i1 %832, label %503, label %833 %834 = load volatile i64, i64* %140, align 8 %835 = icmp eq i64 %834, 0 br i1 %835, label %503, label %836 %504 = phi i64 [ 0, %491 ], [ %501, %500 ], [ %820, %819 ], [ %831, %830 ], [ %840, %836 ], [ %831, %833 ] %505 = lshr i64 %504, %304 switch i32 %294, label %323 [ i32 0, label %511 i32 1, label %508 i32 3, label %506 i32 2, label %506 ] %509 = mul i64 %505, %290 %510 = udiv i64 %509, %295 br label %511 %512 = phi i64 [ %510, %508 ], [ %505, %503 ], [ %507, %506 ] store i64 %512, i64* %40, align 8 %513 = load i32, i32* %42, align 4 %514 = and i32 %513, 131072 %515 = icmp eq i32 %514, 0 %516 = icmp eq i8 %302, 12 %517 = and i1 %516, %515 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #78 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %492, %325 %527 = or i64 %526, %512 %528 = icmp eq i64 %527, 0 br i1 %528, label %421, label %326 %327 = phi i64 [ %365, %364 ], [ %325, %511 ] %328 = phi i64 [ %366, %364 ], [ 0, %511 ] %329 = phi i64 [ %358, %364 ], [ 0, %511 ] %330 = icmp eq i64 %327, 0 br i1 %330, label %357, label %331 %332 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %328 %333 = icmp ult i64 %327, 32 %334 = select i1 %333, i64 %327, i64 32 %335 = sub i64 %327, %334 store i64 %335, i64* %332, align 8 %336 = trunc i64 %328 to i32 %337 = and i32 %336, 2147483645 %338 = icmp eq i32 %337, 1 br i1 %338, label %339, label %352 %353 = call fastcc i64 @shrink_inactive_list(i64 %334, %struct.lruvec* %11, %struct.scan_control* %1, i32 %336) #78 br label %354 %355 = phi i64 [ %353, %352 ], [ 0, %350 ], [ 0, %349 ] %356 = add i64 %355, %329 br label %357 %358 = phi i64 [ %356, %354 ], [ %329, %326 ] %359 = add nuw nsw i64 %328, 1 %360 = icmp eq i64 %359, 4 br i1 %360, label %367, label %361 %368 = call i32 @__cond_resched() #78 %369 = icmp ult i64 %358, %241 %370 = or i1 %517, %369 br i1 %370, label %414, label %371 %372 = load i64, i64* %39, align 16 %373 = load i64, i64* %40, align 8 %374 = add i64 %373, %372 %375 = load i64, i64* %33, align 16 %376 = load i64, i64* %38, align 8 %377 = add i64 %376, %375 %378 = icmp ne i64 %374, 0 %379 = icmp ne i64 %377, 0 %380 = and i1 %378, %379 br i1 %380, label %381, label %421 %382 = icmp ugt i64 %374, %377 %383 = select i1 %382, i64 %377, i64 %374 %384 = select i1 %382, i64 %525, i64 %521 %385 = select i1 %382, i32 2, i32 0 %386 = select i1 %382, i32 0, i32 2 %387 = mul i64 %383, 100 %388 = udiv i64 %387, %384 %389 = zext i32 %386 to i64 %390 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %389 store i64 0, i64* %390, align 16 %391 = or i32 %386, 1 %392 = zext i32 %391 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 8 %394 = zext i32 %385 to i64 %395 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %394 %396 = load i64, i64* %395, align 16 %397 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %394 %398 = load i64, i64* %397, align 16 %399 = sub i64 %396, %398 %400 = sub i64 100, %388 %401 = mul i64 %396, %400 %402 = udiv i64 %401, 100 store i64 %403, i64* %397, align 16 %404 = or i32 %385, 1 %405 = zext i32 %404 to i64 %406 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %405 %407 = load i64, i64* %406, align 8 %408 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %405 %409 = load i64, i64* %408, align 8 %410 = sub i64 %407, %409 %411 = mul i64 %407, %400 %412 = udiv i64 %411, 100 store i64 %413, i64* %408, align 8 br label %414 %415 = load i64, i64* %33, align 16 %416 = load i64, i64* %40, align 8 %417 = load i64, i64* %39, align 16 %418 = or i64 %416, %415 %419 = or i64 %418, %417 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %364 %422 = phi i64 [ 0, %511 ], [ %358, %371 ], [ %358, %414 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 pagecache_get_page 12 hugetlbfs_read_iter ------------- Path:  Function:hugetlbfs_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.hugetlbfs_sb_info** %11 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %10, align 16 %12 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %11, i64 0, i32 3 %13 = load %struct.hstate*, %struct.hstate** %12, align 8 %14 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %15 = load %struct.address_space*, %struct.address_space** %14, align 8 %16 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %17 = load i64, i64* %16, align 8 %18 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 3 %19 = load i32, i32* %18, align 8 %20 = add i32 %19, 12 %21 = zext i32 %20 to i64 %22 = ashr i64 %17, %21 %23 = getelementptr inbounds %struct.hstate, %struct.hstate* %13, i64 0, i32 4 %24 = load i64, i64* %23, align 8 %25 = xor i64 %24, -1 %26 = and i64 %17, %25 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %132, label %30 %31 = getelementptr inbounds %struct.address_space, %struct.address_space* %15, i64 0, i32 0 %32 = load %struct.inode*, %struct.inode** %31, align 8 %33 = getelementptr inbounds %struct.inode, %struct.inode* %32, i64 0, i32 14 br label %34 %35 = phi i64 [ %24, %30 ], [ %128, %121 ] %36 = phi i32 [ %19, %30 ], [ %123, %121 ] %37 = phi i64 [ 0, %30 ], [ %112, %121 ] %38 = phi i64 [ %26, %30 ], [ %130, %121 ] %39 = phi i64 [ %22, %30 ], [ %127, %121 ] %40 = zext i32 %36 to i64 %41 = shl i64 4096, %40 %42 = load i64, i64* %33, align 8 %43 = icmp eq i64 %42, 0 br i1 %43, label %132, label %44 %45 = add i64 %42, -1 %46 = add i32 %36, 12 %47 = zext i32 %46 to i64 %48 = ashr i64 %45, %47 %49 = icmp ugt i64 %39, %48 br i1 %49, label %132, label %50 %51 = icmp eq i64 %39, %48 br i1 %51, label %52, label %57 %53 = xor i64 %35, -1 %54 = and i64 %45, %53 %55 = add nuw i64 %54, 1 %56 = icmp ult i64 %54, %38 br i1 %56, label %132, label %57 %58 = phi i64 [ %55, %52 ], [ %41, %50 ] %59 = sub i64 %58, %38 %60 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %15, i64 %39, i32 2, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 %182 = and i32 %19, 4 %183 = icmp eq i32 %182, 0 br i1 %183, label %307, label %184 %185 = and i32 %19, 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %211, label %187 %188 = load %struct.inode*, %struct.inode** %16, align 8 %189 = icmp eq %struct.inode* %188, null br i1 %189, label %204, label %190 %205 = phi %struct.backing_dev_info* [ %200, %195 ], [ %203, %201 ], [ @noop_backing_dev_info, %187 ] %206 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %205, i64 0, i32 6 %207 = load i32, i32* %206, align 4 %208 = shl i32 %207, 12 %209 = and i32 %208, 4096 %210 = or i32 %209, %18 br label %211 %212 = phi i32 [ %18, %184 ], [ %210, %204 ] %213 = and i32 %19, 16 %214 = icmp eq i32 %213, 0 %215 = and i32 %212, -129 %216 = select i1 %214, i32 %212, i32 %215 %217 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !13 %218 = inttoptr i64 %217 to %struct.task_struct* %219 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 51 %220 = load volatile i64, i64* %219, align 8 %221 = and i64 %220, 2 %222 = icmp eq i64 %221, 0 br i1 %222, label %241, label %223 %224 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 132, i32 0, i32 0 br label %225 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_pre_enable_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@pagecache_get_page, %226)) #6 to label %232 [label %226], !srcloc !14 %227 = load volatile i32, i32* %224, align 4 %228 = and i32 %227, 1 %229 = icmp eq i32 %228, 0 br i1 %229, label %231, label %230 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %232 %233 = phi i32 [ %227, %231 ], [ 0, %225 ] %234 = call i32 @cpuset_mem_spread_node() #78 %235 = call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %216, i32 0, i32 %234, %struct.cpumask* null) #78 Function:__alloc_pages %5 = alloca %struct.alloc_context.136342, align 8 %6 = bitcast %struct.alloc_context.136342* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136212** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136212**)) #11, !srcloc !7 %16 = inttoptr i64 %15 to %struct.task_struct.136212* %17 = getelementptr inbounds %struct.task_struct.136212, %struct.task_struct.136212* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !8, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.136176*], [0 x %struct.pglist_data.136176*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.136176*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 0 store %struct.zonelist.136172* %50, %struct.zonelist.136172** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !8 %58 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !9 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #78 br label %76 %77 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.136172, %struct.zonelist.136172* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !8 %84 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !11 %90 = phi %struct.zoneref.136171* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 2 store %struct.zoneref.136171* %90, %struct.zoneref.136171** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %90, i64 0, i32 0 %93 = load %struct.zone.136180*, %struct.zone.136180** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.136180* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.136327* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.136342* nonnull %5) #79 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 1 br label %20 %21 = phi i32 [ %2, %4 ], [ %420, %418 ] %22 = phi %struct.pglist_data.136176* [ null, %4 ], [ %419, %418 ] %23 = and i32 %21, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %25, i64 0, i32 0 %27 = load %struct.zone.136180*, %struct.zone.136180** %26, align 8 %28 = icmp eq %struct.zone.136180* %27, null br i1 %28, label %416, label %29 %30 = and i32 %21, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %21, 3 %33 = zext i32 %32 to i64 %34 = and i32 %21, 24 %35 = and i32 %21, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %21, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %21, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %21, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %21, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.136180* [ %414, %411 ], [ %27, %29 ] %48 = phi %struct.pglist_data.136176* [ %400, %411 ], [ %22, %29 ] %49 = phi %struct.zoneref.136171* [ %412, %411 ], [ %25, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %74, i64 0, i32 0 %76 = load %struct.zone.136180*, %struct.zone.136180** %75, align 8 %77 = icmp eq %struct.zone.136180* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %109 %110 = phi i32 [ %35, %99 ], [ %34, %84 ] %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %116, !prof !6, !misexpect !7 %113 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %114 = load i64, i64* %113, align 32 %115 = add i64 %114, %11 br label %116 %117 = phi i64 [ %115, %112 ], [ %11, %109 ] %118 = sub i64 %94, %117 br i1 %38, label %122, label %119 %120 = sdiv i64 %89, -2 %121 = add i64 %120, %89 br label %122 %123 = phi i64 [ %121, %119 ], [ %89, %116 ] br i1 %111, label %131, label %124, !prof !6, !misexpect !8 br i1 %40, label %128, label %125 %129 = sdiv i64 %123, -4 %130 = add i64 %129, %123 br label %131 %132 = phi i64 [ %127, %125 ], [ %130, %128 ], [ %123, %122 ] %133 = sext i32 %90 to i64 %134 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 3, i64 %133 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %132 %137 = icmp sgt i64 %118, %136 br i1 %137, label %138, label %169 br i1 %8, label %254, label %139 br i1 %12, label %140, label %230 %141 = phi i64 [ %161, %160 ], [ %13, %139 ] %142 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 1 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %160, label %145 %146 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 0 %147 = getelementptr inbounds %struct.list_head, %struct.list_head* %146, i64 0, i32 0 %148 = load volatile %struct.list_head*, %struct.list_head** %147, align 8 %149 = icmp eq %struct.list_head* %148, %146 br i1 %149, label %150, label %254 %151 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 1 %152 = getelementptr inbounds %struct.list_head, %struct.list_head* %151, i64 0, i32 0 %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %163, label %254 %164 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 2 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 0 %166 = load volatile %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %164 br i1 %167, label %168, label %254 br i1 %111, label %160, label %155 %161 = add nsw i64 %141, 1 %162 = icmp eq i64 %161, 11 br i1 %162, label %169, label %140 %170 = icmp eq i64 %88, 0 %171 = or i1 %41, %170 %172 = or i1 %17, %171 br i1 %172, label %230, label %173, !prof !9 %174 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 64 br i1 %111, label %176, label %180, !prof !6, !misexpect !7 %177 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %178 = load i64, i64* %177, align 32 %179 = add i64 %178, %11 br label %180 %181 = phi i64 [ %179, %176 ], [ %11, %173 ] %182 = sub i64 %94, %181 br i1 %38, label %186, label %183 %184 = sdiv i64 %175, -2 %185 = add i64 %184, %175 br label %186 %187 = phi i64 [ %185, %183 ], [ %175, %180 ] br i1 %111, label %195, label %188, !prof !6, !misexpect !8 br i1 %43, label %192, label %189 %193 = sdiv i64 %187, -4 %194 = add i64 %193, %187 br label %195 %196 = phi i64 [ %191, %189 ], [ %194, %192 ], [ %187, %186 ] %197 = add i64 %196, %135 %198 = icmp sgt i64 %182, %197 br i1 %198, label %199, label %230 br i1 %8, label %254, label %200 br i1 %12, label %201, label %230 %202 = phi i64 [ %222, %221 ], [ %13, %200 ] %203 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 1 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %221, label %206 %207 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 0 %208 = getelementptr inbounds %struct.list_head, %struct.list_head* %207, i64 0, i32 0 %209 = load volatile %struct.list_head*, %struct.list_head** %208, align 8 %210 = icmp eq %struct.list_head* %209, %207 br i1 %210, label %211, label %254 %212 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 1 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %212, i64 0, i32 0 %214 = load volatile %struct.list_head*, %struct.list_head** %213, align 8 %215 = icmp eq %struct.list_head* %214, %212 br i1 %215, label %224, label %254 %225 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 2 %226 = getelementptr inbounds %struct.list_head, %struct.list_head* %225, i64 0, i32 0 %227 = load volatile %struct.list_head*, %struct.list_head** %226, align 8 %228 = icmp eq %struct.list_head* %227, %225 br i1 %228, label %229, label %254 br i1 %111, label %221, label %216 %222 = add nsw i64 %202, 1 %223 = icmp eq i64 %222, 11 br i1 %223, label %230, label %201 br i1 %45, label %231, label %254 %232 = load i32, i32* @node_reclaim_mode, align 4 %233 = and i32 %232, 7 %234 = icmp eq i32 %233, 0 br i1 %234, label %399, label %235 %236 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %237 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %236, i64 0, i32 0 %238 = load %struct.zone.136180*, %struct.zone.136180** %237, align 8 %239 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %238, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 4 %242 = load i32, i32* %241, align 8 %243 = tail call i32 @__node_distance(i32 %240, i32 %242) #78 %244 = load i32, i32* @node_reclaim_distance, align 4 %245 = icmp sgt i32 %243, %244 br i1 %245, label %399, label %246 %247 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 5 %248 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %247, align 16 %249 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.136176*, i32, i32)*)(%struct.pglist_data.136176* %248, i32 %0, i32 %1) #78 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #78 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #79 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %11 = icmp ugt i64 %6, 32 %12 = select i1 %11, i64 %6, i64 32 %13 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %14 = bitcast %struct.cpumask** %13 to i8* store i64 %12, i64* %10, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #78 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %91 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %92 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #79 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %560, %679 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #78 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #78 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #78 %157 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #78 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #78 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #78 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #78 %217 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %218 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %693, label %688 %689 = load i64, i64* %71, align 16 %690 = load i64, i64* %72, align 8 %691 = add i64 %689, %226 %692 = add i64 %691, %690 br label %693 %694 = phi i64 [ %692, %688 ], [ %226, %225 ] %695 = load volatile i64, i64* %73, align 8 %696 = icmp eq i64 %695, 0 br i1 %696, label %702, label %697 %698 = load i64, i64* %74, align 16 %699 = load i64, i64* %75, align 8 %700 = add i64 %698, %694 %701 = add i64 %700, %699 br label %702 %703 = phi i64 [ %701, %697 ], [ %694, %693 ] %704 = load volatile i64, i64* %76, align 8 %705 = icmp eq i64 %704, 0 br i1 %705, label %711, label %706 %707 = load i64, i64* %77, align 16 %708 = load i64, i64* %78, align 8 %709 = add i64 %707, %703 %710 = add i64 %709, %708 br label %711 %712 = phi i64 [ %710, %706 ], [ %703, %702 ] %713 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #78 %714 = add i64 %217, %216 %715 = add i64 %714, %218 %716 = icmp ule i64 %715, %712 %717 = load i16, i16* %22, align 8 %718 = and i16 %717, 1 %719 = icmp eq i16 %718, 0 %720 = and i1 %716, %719 br i1 %720, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %711 ] %238 = and i16 %717, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #78 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #78 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %291 = phi i64 [ %283, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %721 %722 = load volatile i64, i64* %84, align 8 %723 = icmp eq i64 %722, 0 br i1 %723, label %729, label %724 %725 = load volatile i64, i64* %86, align 8 %726 = icmp sgt i64 %725, 0 %727 = select i1 %726, i64 %725, i64 0 %728 = add nuw i64 %727, %313 br label %729 %730 = phi i64 [ %728, %724 ], [ %313, %721 ] %731 = icmp eq i32 %301, 2 br i1 %731, label %315, label %732 %733 = load volatile i64, i64* %88, align 8 %734 = icmp eq i64 %733, 0 br i1 %734, label %740, label %735 %736 = load volatile i64, i64* %90, align 8 %737 = icmp sgt i64 %736, 0 %738 = select i1 %737, i64 %736, i64 0 %739 = add i64 %738, %730 br label %740 %741 = phi i64 [ %739, %735 ], [ %730, %732 ] %742 = icmp eq i32 %301, 3 br i1 %742, label %315, label %743 %744 = load volatile i64, i64* %92, align 8 %745 = icmp eq i64 %744, 0 br i1 %745, label %315, label %746 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %730, %729 ], [ %741, %740 ], [ %750, %746 ], [ %741, %743 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %453, label %463 %454 = load volatile i64, i64* %96, align 8 %455 = icmp eq i64 %454, 0 br i1 %455, label %460, label %456 %457 = load volatile i64, i64* %98, align 8 %458 = icmp sgt i64 %457, 0 %459 = select i1 %458, i64 %457, i64 0 br label %460 %461 = phi i64 [ %459, %456 ], [ 0, %453 ] %462 = icmp eq i32 %300, 0 br i1 %462, label %463, label %751 %752 = load volatile i64, i64* %100, align 8 %753 = icmp eq i64 %752, 0 br i1 %753, label %759, label %754 %755 = load volatile i64, i64* %102, align 8 %756 = icmp sgt i64 %755, 0 %757 = select i1 %756, i64 %755, i64 0 %758 = add nuw i64 %757, %461 br label %759 %760 = phi i64 [ %758, %754 ], [ %461, %751 ] %761 = icmp eq i32 %301, 2 br i1 %761, label %463, label %762 %763 = load volatile i64, i64* %104, align 8 %764 = icmp eq i64 %763, 0 br i1 %764, label %770, label %765 %766 = load volatile i64, i64* %106, align 8 %767 = icmp sgt i64 %766, 0 %768 = select i1 %767, i64 %766, i64 0 %769 = add i64 %768, %760 br label %770 %771 = phi i64 [ %769, %765 ], [ %760, %762 ] %772 = icmp eq i32 %301, 3 br i1 %772, label %463, label %773 %774 = load volatile i64, i64* %108, align 8 %775 = icmp eq i64 %774, 0 br i1 %775, label %463, label %776 %464 = phi i64 [ 0, %324 ], [ %461, %460 ], [ %760, %759 ], [ %771, %770 ], [ %780, %776 ], [ %771, %773 ] %465 = lshr i64 %464, %304 switch i32 %294, label %323 [ i32 0, label %471 i32 1, label %468 i32 3, label %466 i32 2, label %466 ] %469 = mul i64 %465, %291 %470 = udiv i64 %469, %295 br label %471 %472 = phi i64 [ %470, %468 ], [ %465, %463 ], [ %467, %466 ] store i64 %472, i64* %38, align 8 br i1 %298, label %473, label %483 %474 = load volatile i64, i64* %112, align 8 %475 = icmp eq i64 %474, 0 br i1 %475, label %480, label %476 %477 = load volatile i64, i64* %114, align 8 %478 = icmp sgt i64 %477, 0 %479 = select i1 %478, i64 %477, i64 0 br label %480 %481 = phi i64 [ %479, %476 ], [ 0, %473 ] %482 = icmp eq i32 %300, 0 br i1 %482, label %483, label %781 %782 = load volatile i64, i64* %116, align 8 %783 = icmp eq i64 %782, 0 br i1 %783, label %789, label %784 %785 = load volatile i64, i64* %118, align 8 %786 = icmp sgt i64 %785, 0 %787 = select i1 %786, i64 %785, i64 0 %788 = add nuw i64 %787, %481 br label %789 %790 = phi i64 [ %788, %784 ], [ %481, %781 ] %791 = icmp eq i32 %301, 2 br i1 %791, label %483, label %792 %793 = load volatile i64, i64* %120, align 8 %794 = icmp eq i64 %793, 0 br i1 %794, label %800, label %795 %796 = load volatile i64, i64* %122, align 8 %797 = icmp sgt i64 %796, 0 %798 = select i1 %797, i64 %796, i64 0 %799 = add i64 %798, %790 br label %800 %801 = phi i64 [ %799, %795 ], [ %790, %792 ] %802 = icmp eq i32 %301, 3 br i1 %802, label %483, label %803 %804 = load volatile i64, i64* %124, align 8 %805 = icmp eq i64 %804, 0 br i1 %805, label %483, label %806 %484 = phi i64 [ 0, %471 ], [ %481, %480 ], [ %790, %789 ], [ %801, %800 ], [ %810, %806 ], [ %801, %803 ] %485 = lshr i64 %484, %304 switch i32 %294, label %323 [ i32 0, label %491 i32 1, label %488 i32 3, label %486 i32 2, label %486 ] %489 = mul i64 %485, %290 %490 = udiv i64 %489, %295 br label %491 %492 = phi i64 [ %490, %488 ], [ %485, %483 ], [ %487, %486 ] store i64 %492, i64* %39, align 16 br i1 %298, label %493, label %503 %494 = load volatile i64, i64* %128, align 8 %495 = icmp eq i64 %494, 0 br i1 %495, label %500, label %496 %497 = load volatile i64, i64* %130, align 8 %498 = icmp sgt i64 %497, 0 %499 = select i1 %498, i64 %497, i64 0 br label %500 %501 = phi i64 [ %499, %496 ], [ 0, %493 ] %502 = icmp eq i32 %300, 0 br i1 %502, label %503, label %811 %812 = load volatile i64, i64* %132, align 8 %813 = icmp eq i64 %812, 0 br i1 %813, label %819, label %814 %815 = load volatile i64, i64* %134, align 8 %816 = icmp sgt i64 %815, 0 %817 = select i1 %816, i64 %815, i64 0 %818 = add nuw i64 %817, %501 br label %819 %820 = phi i64 [ %818, %814 ], [ %501, %811 ] %821 = icmp eq i32 %301, 2 br i1 %821, label %503, label %822 %823 = load volatile i64, i64* %136, align 8 %824 = icmp eq i64 %823, 0 br i1 %824, label %830, label %825 %826 = load volatile i64, i64* %138, align 8 %827 = icmp sgt i64 %826, 0 %828 = select i1 %827, i64 %826, i64 0 %829 = add i64 %828, %820 br label %830 %831 = phi i64 [ %829, %825 ], [ %820, %822 ] %832 = icmp eq i32 %301, 3 br i1 %832, label %503, label %833 %834 = load volatile i64, i64* %140, align 8 %835 = icmp eq i64 %834, 0 br i1 %835, label %503, label %836 %504 = phi i64 [ 0, %491 ], [ %501, %500 ], [ %820, %819 ], [ %831, %830 ], [ %840, %836 ], [ %831, %833 ] %505 = lshr i64 %504, %304 switch i32 %294, label %323 [ i32 0, label %511 i32 1, label %508 i32 3, label %506 i32 2, label %506 ] %509 = mul i64 %505, %290 %510 = udiv i64 %509, %295 br label %511 %512 = phi i64 [ %510, %508 ], [ %505, %503 ], [ %507, %506 ] store i64 %512, i64* %40, align 8 %513 = load i32, i32* %42, align 4 %514 = and i32 %513, 131072 %515 = icmp eq i32 %514, 0 %516 = icmp eq i8 %302, 12 %517 = and i1 %516, %515 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #78 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %492, %325 %527 = or i64 %526, %512 %528 = icmp eq i64 %527, 0 br i1 %528, label %421, label %326 %327 = phi i64 [ %365, %364 ], [ %325, %511 ] %328 = phi i64 [ %366, %364 ], [ 0, %511 ] %329 = phi i64 [ %358, %364 ], [ 0, %511 ] %330 = icmp eq i64 %327, 0 br i1 %330, label %357, label %331 %332 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %328 %333 = icmp ult i64 %327, 32 %334 = select i1 %333, i64 %327, i64 32 %335 = sub i64 %327, %334 store i64 %335, i64* %332, align 8 %336 = trunc i64 %328 to i32 %337 = and i32 %336, 2147483645 %338 = icmp eq i32 %337, 1 br i1 %338, label %339, label %352 %353 = call fastcc i64 @shrink_inactive_list(i64 %334, %struct.lruvec* %11, %struct.scan_control* %1, i32 %336) #78 br label %354 %355 = phi i64 [ %353, %352 ], [ 0, %350 ], [ 0, %349 ] %356 = add i64 %355, %329 br label %357 %358 = phi i64 [ %356, %354 ], [ %329, %326 ] %359 = add nuw nsw i64 %328, 1 %360 = icmp eq i64 %359, 4 br i1 %360, label %367, label %361 %368 = call i32 @__cond_resched() #78 %369 = icmp ult i64 %358, %241 %370 = or i1 %517, %369 br i1 %370, label %414, label %371 %372 = load i64, i64* %39, align 16 %373 = load i64, i64* %40, align 8 %374 = add i64 %373, %372 %375 = load i64, i64* %33, align 16 %376 = load i64, i64* %38, align 8 %377 = add i64 %376, %375 %378 = icmp ne i64 %374, 0 %379 = icmp ne i64 %377, 0 %380 = and i1 %378, %379 br i1 %380, label %381, label %421 %382 = icmp ugt i64 %374, %377 %383 = select i1 %382, i64 %377, i64 %374 %384 = select i1 %382, i64 %525, i64 %521 %385 = select i1 %382, i32 2, i32 0 %386 = select i1 %382, i32 0, i32 2 %387 = mul i64 %383, 100 %388 = udiv i64 %387, %384 %389 = zext i32 %386 to i64 %390 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %389 store i64 0, i64* %390, align 16 %391 = or i32 %386, 1 %392 = zext i32 %391 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 8 %394 = zext i32 %385 to i64 %395 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %394 %396 = load i64, i64* %395, align 16 %397 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %394 %398 = load i64, i64* %397, align 16 %399 = sub i64 %396, %398 %400 = sub i64 100, %388 %401 = mul i64 %396, %400 %402 = udiv i64 %401, 100 store i64 %403, i64* %397, align 16 %404 = or i32 %385, 1 %405 = zext i32 %404 to i64 %406 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %405 %407 = load i64, i64* %406, align 8 %408 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %405 %409 = load i64, i64* %408, align 8 %410 = sub i64 %407, %409 %411 = mul i64 %407, %400 %412 = udiv i64 %411, 100 store i64 %413, i64* %408, align 8 br label %414 %415 = load i64, i64* %33, align 16 %416 = load i64, i64* %40, align 8 %417 = load i64, i64* %39, align 16 %418 = or i64 %416, %415 %419 = or i64 %418, %417 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %364 %422 = phi i64 [ 0, %511 ], [ %358, %371 ], [ %358, %414 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 pagecache_get_page 12 shmem_get_link ------------- Path:  Function:shmem_get_link %4 = alloca %struct.page*, align 8 %5 = bitcast %struct.page** %4 to i8* store %struct.page* null, %struct.page** %4, align 8 %6 = icmp eq %struct.dentry* %0, null %7 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 9 %8 = load %struct.address_space*, %struct.address_space** %7, align 8 br i1 %6, label %9, label %39 %10 = tail call %struct.page* @pagecache_get_page(%struct.address_space* %8, i64 0, i32 0, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 %182 = and i32 %19, 4 %183 = icmp eq i32 %182, 0 br i1 %183, label %307, label %184 %185 = and i32 %19, 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %211, label %187 %188 = load %struct.inode*, %struct.inode** %16, align 8 %189 = icmp eq %struct.inode* %188, null br i1 %189, label %204, label %190 %205 = phi %struct.backing_dev_info* [ %200, %195 ], [ %203, %201 ], [ @noop_backing_dev_info, %187 ] %206 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %205, i64 0, i32 6 %207 = load i32, i32* %206, align 4 %208 = shl i32 %207, 12 %209 = and i32 %208, 4096 %210 = or i32 %209, %18 br label %211 %212 = phi i32 [ %18, %184 ], [ %210, %204 ] %213 = and i32 %19, 16 %214 = icmp eq i32 %213, 0 %215 = and i32 %212, -129 %216 = select i1 %214, i32 %212, i32 %215 %217 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !13 %218 = inttoptr i64 %217 to %struct.task_struct* %219 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 51 %220 = load volatile i64, i64* %219, align 8 %221 = and i64 %220, 2 %222 = icmp eq i64 %221, 0 br i1 %222, label %241, label %223 %224 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 132, i32 0, i32 0 br label %225 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_pre_enable_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@pagecache_get_page, %226)) #6 to label %232 [label %226], !srcloc !14 %227 = load volatile i32, i32* %224, align 4 %228 = and i32 %227, 1 %229 = icmp eq i32 %228, 0 br i1 %229, label %231, label %230 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %232 %233 = phi i32 [ %227, %231 ], [ 0, %225 ] %234 = call i32 @cpuset_mem_spread_node() #78 %235 = call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %216, i32 0, i32 %234, %struct.cpumask* null) #78 Function:__alloc_pages %5 = alloca %struct.alloc_context.136342, align 8 %6 = bitcast %struct.alloc_context.136342* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136212** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136212**)) #11, !srcloc !7 %16 = inttoptr i64 %15 to %struct.task_struct.136212* %17 = getelementptr inbounds %struct.task_struct.136212, %struct.task_struct.136212* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !8, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.136176*], [0 x %struct.pglist_data.136176*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.136176*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 0 store %struct.zonelist.136172* %50, %struct.zonelist.136172** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !8 %58 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !9 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #78 br label %76 %77 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.136172, %struct.zonelist.136172* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !8 %84 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !11 %90 = phi %struct.zoneref.136171* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 2 store %struct.zoneref.136171* %90, %struct.zoneref.136171** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %90, i64 0, i32 0 %93 = load %struct.zone.136180*, %struct.zone.136180** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.136180* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.136327* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.136342* nonnull %5) #79 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 1 br label %20 %21 = phi i32 [ %2, %4 ], [ %420, %418 ] %22 = phi %struct.pglist_data.136176* [ null, %4 ], [ %419, %418 ] %23 = and i32 %21, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %25, i64 0, i32 0 %27 = load %struct.zone.136180*, %struct.zone.136180** %26, align 8 %28 = icmp eq %struct.zone.136180* %27, null br i1 %28, label %416, label %29 %30 = and i32 %21, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %21, 3 %33 = zext i32 %32 to i64 %34 = and i32 %21, 24 %35 = and i32 %21, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %21, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %21, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %21, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %21, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.136180* [ %414, %411 ], [ %27, %29 ] %48 = phi %struct.pglist_data.136176* [ %400, %411 ], [ %22, %29 ] %49 = phi %struct.zoneref.136171* [ %412, %411 ], [ %25, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %74, i64 0, i32 0 %76 = load %struct.zone.136180*, %struct.zone.136180** %75, align 8 %77 = icmp eq %struct.zone.136180* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %109 %110 = phi i32 [ %35, %99 ], [ %34, %84 ] %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %116, !prof !6, !misexpect !7 %113 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %114 = load i64, i64* %113, align 32 %115 = add i64 %114, %11 br label %116 %117 = phi i64 [ %115, %112 ], [ %11, %109 ] %118 = sub i64 %94, %117 br i1 %38, label %122, label %119 %120 = sdiv i64 %89, -2 %121 = add i64 %120, %89 br label %122 %123 = phi i64 [ %121, %119 ], [ %89, %116 ] br i1 %111, label %131, label %124, !prof !6, !misexpect !8 br i1 %40, label %128, label %125 %129 = sdiv i64 %123, -4 %130 = add i64 %129, %123 br label %131 %132 = phi i64 [ %127, %125 ], [ %130, %128 ], [ %123, %122 ] %133 = sext i32 %90 to i64 %134 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 3, i64 %133 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %132 %137 = icmp sgt i64 %118, %136 br i1 %137, label %138, label %169 br i1 %8, label %254, label %139 br i1 %12, label %140, label %230 %141 = phi i64 [ %161, %160 ], [ %13, %139 ] %142 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 1 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %160, label %145 %146 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 0 %147 = getelementptr inbounds %struct.list_head, %struct.list_head* %146, i64 0, i32 0 %148 = load volatile %struct.list_head*, %struct.list_head** %147, align 8 %149 = icmp eq %struct.list_head* %148, %146 br i1 %149, label %150, label %254 %151 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 1 %152 = getelementptr inbounds %struct.list_head, %struct.list_head* %151, i64 0, i32 0 %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %163, label %254 %164 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 2 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 0 %166 = load volatile %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %164 br i1 %167, label %168, label %254 br i1 %111, label %160, label %155 %161 = add nsw i64 %141, 1 %162 = icmp eq i64 %161, 11 br i1 %162, label %169, label %140 %170 = icmp eq i64 %88, 0 %171 = or i1 %41, %170 %172 = or i1 %17, %171 br i1 %172, label %230, label %173, !prof !9 %174 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 64 br i1 %111, label %176, label %180, !prof !6, !misexpect !7 %177 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %178 = load i64, i64* %177, align 32 %179 = add i64 %178, %11 br label %180 %181 = phi i64 [ %179, %176 ], [ %11, %173 ] %182 = sub i64 %94, %181 br i1 %38, label %186, label %183 %184 = sdiv i64 %175, -2 %185 = add i64 %184, %175 br label %186 %187 = phi i64 [ %185, %183 ], [ %175, %180 ] br i1 %111, label %195, label %188, !prof !6, !misexpect !8 br i1 %43, label %192, label %189 %193 = sdiv i64 %187, -4 %194 = add i64 %193, %187 br label %195 %196 = phi i64 [ %191, %189 ], [ %194, %192 ], [ %187, %186 ] %197 = add i64 %196, %135 %198 = icmp sgt i64 %182, %197 br i1 %198, label %199, label %230 br i1 %8, label %254, label %200 br i1 %12, label %201, label %230 %202 = phi i64 [ %222, %221 ], [ %13, %200 ] %203 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 1 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %221, label %206 %207 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 0 %208 = getelementptr inbounds %struct.list_head, %struct.list_head* %207, i64 0, i32 0 %209 = load volatile %struct.list_head*, %struct.list_head** %208, align 8 %210 = icmp eq %struct.list_head* %209, %207 br i1 %210, label %211, label %254 %212 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 1 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %212, i64 0, i32 0 %214 = load volatile %struct.list_head*, %struct.list_head** %213, align 8 %215 = icmp eq %struct.list_head* %214, %212 br i1 %215, label %224, label %254 %225 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 2 %226 = getelementptr inbounds %struct.list_head, %struct.list_head* %225, i64 0, i32 0 %227 = load volatile %struct.list_head*, %struct.list_head** %226, align 8 %228 = icmp eq %struct.list_head* %227, %225 br i1 %228, label %229, label %254 br i1 %111, label %221, label %216 %222 = add nsw i64 %202, 1 %223 = icmp eq i64 %222, 11 br i1 %223, label %230, label %201 br i1 %45, label %231, label %254 %232 = load i32, i32* @node_reclaim_mode, align 4 %233 = and i32 %232, 7 %234 = icmp eq i32 %233, 0 br i1 %234, label %399, label %235 %236 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %237 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %236, i64 0, i32 0 %238 = load %struct.zone.136180*, %struct.zone.136180** %237, align 8 %239 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %238, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 4 %242 = load i32, i32* %241, align 8 %243 = tail call i32 @__node_distance(i32 %240, i32 %242) #78 %244 = load i32, i32* @node_reclaim_distance, align 4 %245 = icmp sgt i32 %243, %244 br i1 %245, label %399, label %246 %247 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 5 %248 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %247, align 16 %249 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.136176*, i32, i32)*)(%struct.pglist_data.136176* %248, i32 %0, i32 %1) #78 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #78 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #79 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %11 = icmp ugt i64 %6, 32 %12 = select i1 %11, i64 %6, i64 32 %13 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %14 = bitcast %struct.cpumask** %13 to i8* store i64 %12, i64* %10, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #78 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %91 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %92 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #79 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %560, %679 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #78 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #78 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #78 %157 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #78 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #78 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #78 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #78 %217 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %218 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %693, label %688 %689 = load i64, i64* %71, align 16 %690 = load i64, i64* %72, align 8 %691 = add i64 %689, %226 %692 = add i64 %691, %690 br label %693 %694 = phi i64 [ %692, %688 ], [ %226, %225 ] %695 = load volatile i64, i64* %73, align 8 %696 = icmp eq i64 %695, 0 br i1 %696, label %702, label %697 %698 = load i64, i64* %74, align 16 %699 = load i64, i64* %75, align 8 %700 = add i64 %698, %694 %701 = add i64 %700, %699 br label %702 %703 = phi i64 [ %701, %697 ], [ %694, %693 ] %704 = load volatile i64, i64* %76, align 8 %705 = icmp eq i64 %704, 0 br i1 %705, label %711, label %706 %707 = load i64, i64* %77, align 16 %708 = load i64, i64* %78, align 8 %709 = add i64 %707, %703 %710 = add i64 %709, %708 br label %711 %712 = phi i64 [ %710, %706 ], [ %703, %702 ] %713 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #78 %714 = add i64 %217, %216 %715 = add i64 %714, %218 %716 = icmp ule i64 %715, %712 %717 = load i16, i16* %22, align 8 %718 = and i16 %717, 1 %719 = icmp eq i16 %718, 0 %720 = and i1 %716, %719 br i1 %720, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %711 ] %238 = and i16 %717, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #78 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #78 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %291 = phi i64 [ %283, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %721 %722 = load volatile i64, i64* %84, align 8 %723 = icmp eq i64 %722, 0 br i1 %723, label %729, label %724 %725 = load volatile i64, i64* %86, align 8 %726 = icmp sgt i64 %725, 0 %727 = select i1 %726, i64 %725, i64 0 %728 = add nuw i64 %727, %313 br label %729 %730 = phi i64 [ %728, %724 ], [ %313, %721 ] %731 = icmp eq i32 %301, 2 br i1 %731, label %315, label %732 %733 = load volatile i64, i64* %88, align 8 %734 = icmp eq i64 %733, 0 br i1 %734, label %740, label %735 %736 = load volatile i64, i64* %90, align 8 %737 = icmp sgt i64 %736, 0 %738 = select i1 %737, i64 %736, i64 0 %739 = add i64 %738, %730 br label %740 %741 = phi i64 [ %739, %735 ], [ %730, %732 ] %742 = icmp eq i32 %301, 3 br i1 %742, label %315, label %743 %744 = load volatile i64, i64* %92, align 8 %745 = icmp eq i64 %744, 0 br i1 %745, label %315, label %746 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %730, %729 ], [ %741, %740 ], [ %750, %746 ], [ %741, %743 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %453, label %463 %454 = load volatile i64, i64* %96, align 8 %455 = icmp eq i64 %454, 0 br i1 %455, label %460, label %456 %457 = load volatile i64, i64* %98, align 8 %458 = icmp sgt i64 %457, 0 %459 = select i1 %458, i64 %457, i64 0 br label %460 %461 = phi i64 [ %459, %456 ], [ 0, %453 ] %462 = icmp eq i32 %300, 0 br i1 %462, label %463, label %751 %752 = load volatile i64, i64* %100, align 8 %753 = icmp eq i64 %752, 0 br i1 %753, label %759, label %754 %755 = load volatile i64, i64* %102, align 8 %756 = icmp sgt i64 %755, 0 %757 = select i1 %756, i64 %755, i64 0 %758 = add nuw i64 %757, %461 br label %759 %760 = phi i64 [ %758, %754 ], [ %461, %751 ] %761 = icmp eq i32 %301, 2 br i1 %761, label %463, label %762 %763 = load volatile i64, i64* %104, align 8 %764 = icmp eq i64 %763, 0 br i1 %764, label %770, label %765 %766 = load volatile i64, i64* %106, align 8 %767 = icmp sgt i64 %766, 0 %768 = select i1 %767, i64 %766, i64 0 %769 = add i64 %768, %760 br label %770 %771 = phi i64 [ %769, %765 ], [ %760, %762 ] %772 = icmp eq i32 %301, 3 br i1 %772, label %463, label %773 %774 = load volatile i64, i64* %108, align 8 %775 = icmp eq i64 %774, 0 br i1 %775, label %463, label %776 %464 = phi i64 [ 0, %324 ], [ %461, %460 ], [ %760, %759 ], [ %771, %770 ], [ %780, %776 ], [ %771, %773 ] %465 = lshr i64 %464, %304 switch i32 %294, label %323 [ i32 0, label %471 i32 1, label %468 i32 3, label %466 i32 2, label %466 ] %469 = mul i64 %465, %291 %470 = udiv i64 %469, %295 br label %471 %472 = phi i64 [ %470, %468 ], [ %465, %463 ], [ %467, %466 ] store i64 %472, i64* %38, align 8 br i1 %298, label %473, label %483 %474 = load volatile i64, i64* %112, align 8 %475 = icmp eq i64 %474, 0 br i1 %475, label %480, label %476 %477 = load volatile i64, i64* %114, align 8 %478 = icmp sgt i64 %477, 0 %479 = select i1 %478, i64 %477, i64 0 br label %480 %481 = phi i64 [ %479, %476 ], [ 0, %473 ] %482 = icmp eq i32 %300, 0 br i1 %482, label %483, label %781 %782 = load volatile i64, i64* %116, align 8 %783 = icmp eq i64 %782, 0 br i1 %783, label %789, label %784 %785 = load volatile i64, i64* %118, align 8 %786 = icmp sgt i64 %785, 0 %787 = select i1 %786, i64 %785, i64 0 %788 = add nuw i64 %787, %481 br label %789 %790 = phi i64 [ %788, %784 ], [ %481, %781 ] %791 = icmp eq i32 %301, 2 br i1 %791, label %483, label %792 %793 = load volatile i64, i64* %120, align 8 %794 = icmp eq i64 %793, 0 br i1 %794, label %800, label %795 %796 = load volatile i64, i64* %122, align 8 %797 = icmp sgt i64 %796, 0 %798 = select i1 %797, i64 %796, i64 0 %799 = add i64 %798, %790 br label %800 %801 = phi i64 [ %799, %795 ], [ %790, %792 ] %802 = icmp eq i32 %301, 3 br i1 %802, label %483, label %803 %804 = load volatile i64, i64* %124, align 8 %805 = icmp eq i64 %804, 0 br i1 %805, label %483, label %806 %484 = phi i64 [ 0, %471 ], [ %481, %480 ], [ %790, %789 ], [ %801, %800 ], [ %810, %806 ], [ %801, %803 ] %485 = lshr i64 %484, %304 switch i32 %294, label %323 [ i32 0, label %491 i32 1, label %488 i32 3, label %486 i32 2, label %486 ] %489 = mul i64 %485, %290 %490 = udiv i64 %489, %295 br label %491 %492 = phi i64 [ %490, %488 ], [ %485, %483 ], [ %487, %486 ] store i64 %492, i64* %39, align 16 br i1 %298, label %493, label %503 %494 = load volatile i64, i64* %128, align 8 %495 = icmp eq i64 %494, 0 br i1 %495, label %500, label %496 %497 = load volatile i64, i64* %130, align 8 %498 = icmp sgt i64 %497, 0 %499 = select i1 %498, i64 %497, i64 0 br label %500 %501 = phi i64 [ %499, %496 ], [ 0, %493 ] %502 = icmp eq i32 %300, 0 br i1 %502, label %503, label %811 %812 = load volatile i64, i64* %132, align 8 %813 = icmp eq i64 %812, 0 br i1 %813, label %819, label %814 %815 = load volatile i64, i64* %134, align 8 %816 = icmp sgt i64 %815, 0 %817 = select i1 %816, i64 %815, i64 0 %818 = add nuw i64 %817, %501 br label %819 %820 = phi i64 [ %818, %814 ], [ %501, %811 ] %821 = icmp eq i32 %301, 2 br i1 %821, label %503, label %822 %823 = load volatile i64, i64* %136, align 8 %824 = icmp eq i64 %823, 0 br i1 %824, label %830, label %825 %826 = load volatile i64, i64* %138, align 8 %827 = icmp sgt i64 %826, 0 %828 = select i1 %827, i64 %826, i64 0 %829 = add i64 %828, %820 br label %830 %831 = phi i64 [ %829, %825 ], [ %820, %822 ] %832 = icmp eq i32 %301, 3 br i1 %832, label %503, label %833 %834 = load volatile i64, i64* %140, align 8 %835 = icmp eq i64 %834, 0 br i1 %835, label %503, label %836 %504 = phi i64 [ 0, %491 ], [ %501, %500 ], [ %820, %819 ], [ %831, %830 ], [ %840, %836 ], [ %831, %833 ] %505 = lshr i64 %504, %304 switch i32 %294, label %323 [ i32 0, label %511 i32 1, label %508 i32 3, label %506 i32 2, label %506 ] %509 = mul i64 %505, %290 %510 = udiv i64 %509, %295 br label %511 %512 = phi i64 [ %510, %508 ], [ %505, %503 ], [ %507, %506 ] store i64 %512, i64* %40, align 8 %513 = load i32, i32* %42, align 4 %514 = and i32 %513, 131072 %515 = icmp eq i32 %514, 0 %516 = icmp eq i8 %302, 12 %517 = and i1 %516, %515 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #78 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %492, %325 %527 = or i64 %526, %512 %528 = icmp eq i64 %527, 0 br i1 %528, label %421, label %326 %327 = phi i64 [ %365, %364 ], [ %325, %511 ] %328 = phi i64 [ %366, %364 ], [ 0, %511 ] %329 = phi i64 [ %358, %364 ], [ 0, %511 ] %330 = icmp eq i64 %327, 0 br i1 %330, label %357, label %331 %332 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %328 %333 = icmp ult i64 %327, 32 %334 = select i1 %333, i64 %327, i64 32 %335 = sub i64 %327, %334 store i64 %335, i64* %332, align 8 %336 = trunc i64 %328 to i32 %337 = and i32 %336, 2147483645 %338 = icmp eq i32 %337, 1 br i1 %338, label %339, label %352 %353 = call fastcc i64 @shrink_inactive_list(i64 %334, %struct.lruvec* %11, %struct.scan_control* %1, i32 %336) #78 br label %354 %355 = phi i64 [ %353, %352 ], [ 0, %350 ], [ 0, %349 ] %356 = add i64 %355, %329 br label %357 %358 = phi i64 [ %356, %354 ], [ %329, %326 ] %359 = add nuw nsw i64 %328, 1 %360 = icmp eq i64 %359, 4 br i1 %360, label %367, label %361 %368 = call i32 @__cond_resched() #78 %369 = icmp ult i64 %358, %241 %370 = or i1 %517, %369 br i1 %370, label %414, label %371 %372 = load i64, i64* %39, align 16 %373 = load i64, i64* %40, align 8 %374 = add i64 %373, %372 %375 = load i64, i64* %33, align 16 %376 = load i64, i64* %38, align 8 %377 = add i64 %376, %375 %378 = icmp ne i64 %374, 0 %379 = icmp ne i64 %377, 0 %380 = and i1 %378, %379 br i1 %380, label %381, label %421 %382 = icmp ugt i64 %374, %377 %383 = select i1 %382, i64 %377, i64 %374 %384 = select i1 %382, i64 %525, i64 %521 %385 = select i1 %382, i32 2, i32 0 %386 = select i1 %382, i32 0, i32 2 %387 = mul i64 %383, 100 %388 = udiv i64 %387, %384 %389 = zext i32 %386 to i64 %390 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %389 store i64 0, i64* %390, align 16 %391 = or i32 %386, 1 %392 = zext i32 %391 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 8 %394 = zext i32 %385 to i64 %395 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %394 %396 = load i64, i64* %395, align 16 %397 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %394 %398 = load i64, i64* %397, align 16 %399 = sub i64 %396, %398 %400 = sub i64 100, %388 %401 = mul i64 %396, %400 %402 = udiv i64 %401, 100 store i64 %403, i64* %397, align 16 %404 = or i32 %385, 1 %405 = zext i32 %404 to i64 %406 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %405 %407 = load i64, i64* %406, align 8 %408 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %405 %409 = load i64, i64* %408, align 8 %410 = sub i64 %407, %409 %411 = mul i64 %407, %400 %412 = udiv i64 %411, 100 store i64 %413, i64* %408, align 8 br label %414 %415 = load i64, i64* %33, align 16 %416 = load i64, i64* %40, align 8 %417 = load i64, i64* %39, align 16 %418 = or i64 %416, %415 %419 = or i64 %418, %417 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %364 %422 = phi i64 [ 0, %511 ], [ %358, %371 ], [ %358, %414 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 shrink_node 7 __node_reclaim 8 node_reclaim 9 get_page_from_freelist 10 __alloc_pages 11 pagecache_get_page 12 shmem_getpage_gfp 13 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page*, align 8 %4 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %5 = load %struct.file*, %struct.file** %4, align 8 %6 = getelementptr inbounds %struct.file, %struct.file* %5, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 9 %9 = load %struct.address_space*, %struct.address_space** %8, align 8 %10 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i8, i8* %11, align 8 %13 = icmp eq i8 %12, 0 %14 = select i1 %13, i32 0, i32 2 %15 = load i64, i64* %10, align 8 %16 = ashr i64 %15, 12 %17 = and i64 %15, 4095 %18 = bitcast %struct.page** %3 to i8* store %struct.page* null, %struct.page** %3, align 8 %19 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 14 %20 = load i64, i64* %19, align 8 %21 = ashr i64 %20, 12 %22 = icmp ugt i64 %16, %21 br i1 %22, label %134, label %23 %24 = getelementptr inbounds %struct.address_space, %struct.address_space* %9, i64 0, i32 4, i32 0 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 br label %26 %27 = phi i64 [ %21, %23 ], [ %127, %124 ] %28 = phi i64 [ %20, %23 ], [ %126, %124 ] %29 = phi i64 [ 0, %23 ], [ %100, %124 ] %30 = phi i64 [ %17, %23 ], [ %104, %124 ] %31 = phi i64 [ %16, %23 ], [ %103, %124 ] %32 = icmp ne i64 %31, %27 %33 = and i64 %28, 4095 %34 = icmp ugt i64 %33, %30 %35 = or i1 %32, %34 br i1 %35, label %36, label %129 %37 = load %struct.address_space*, %struct.address_space** %8, align 8 %38 = getelementptr inbounds %struct.address_space, %struct.address_space* %37, i64 0, i32 3 %39 = load i32, i32* %38, align 8 %40 = call fastcc i32 @shmem_getpage_gfp(%struct.inode* %7, i64 %31, %struct.page** nonnull %3, i32 %14, i32 %39, %struct.vm_area_struct* null, i32* null) #78 Function:shmem_getpage_gfp %8 = alloca %struct.vm_area_struct, align 8 %9 = alloca %struct.page*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 9 %11 = load %struct.address_space*, %struct.address_space** %10, align 8 %12 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 41, i32 6, i32 4, i32 1 %13 = bitcast %struct.page** %9 to i8* store %struct.page* null, %struct.page** %9, align 8 %14 = icmp ugt i64 %1, 2251799813685247 br i1 %14, label %467, label %15 %16 = icmp ult i32 %3, 3 %17 = shl nuw nsw i64 %1, 12 %18 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 14 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = icmp eq i32 %3, 3 %21 = icmp eq i32 %3, 0 %22 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 1 %23 = bitcast %struct.list_head** %22 to i64* %24 = bitcast %struct.vm_area_struct* %8 to i8* %25 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 12 %26 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 0 %28 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 10, i32 1 %29 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 23 %30 = bitcast %struct.list_head** %29 to i64* %31 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 13 %32 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 9 %33 = bitcast %struct.list_head** %32 to %struct.shared_policy* %34 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %8, i64 0, i32 17 %35 = and i32 %4, 782048 %36 = bitcast %struct.list_head** %12 to %struct.raw_spinlock* %37 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 2 %38 = bitcast %struct.list_head** %37 to i64* %39 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 22 %40 = getelementptr inbounds %struct.list_head*, %struct.list_head** %12, i64 3 %41 = bitcast %struct.list_head** %40 to i64* %42 = bitcast %struct.list_head** %12 to i8* %43 = icmp eq i32 %3, 4 br label %44 %45 = phi i1 [ true, %15 ], [ false, %460 ] %46 = phi i32 [ 0, %15 ], [ %427, %460 ] br label %47 %48 = phi i32 [ %46, %44 ], [ %463, %461 ] br label %49 br i1 %16, label %50, label %53 %51 = load i64, i64* %18, align 8 %52 = icmp slt i64 %17, %51 br i1 %52, label %53, label %467 %54 = call %struct.page* @pagecache_get_page(%struct.address_space* %11, i64 %1, i32 386, i32 0) #78 Function:pagecache_get_page %5 = alloca %struct.xa_state, align 8 %6 = bitcast %struct.xa_state* %5 to i8* %7 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 1 %10 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 2 %11 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 4 %12 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 6 %13 = bitcast i8* %10 to i32* %14 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %5, i64 0, i32 7 %15 = bitcast %struct.xa_node** %14 to i8* %16 = getelementptr inbounds %struct.address_space, %struct.address_space* %0, i64 0, i32 0 br label %17 %18 = phi i32 [ %216, %285 ], [ %3, %4 ] %19 = phi i32 [ %253, %285 ], [ %2, %4 ] %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 %22 = and i32 %19, 32 %23 = icmp eq i32 %22, 0 br label %24 store %struct.xarray* %8, %struct.xarray** %7, align 8 store i64 %1, i64* %9, align 8 store i32 0, i32* %13, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %25 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %12, align 8 %26 = call i8* @xas_load(%struct.xa_state* nonnull %5) #78 %27 = ptrtoint i8* %26 to i64 switch i64 %27, label %29 [ i64 1030, label %73 i64 1026, label %28 i64 0, label %74 ] %30 = and i64 %27, 1 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %76 %33 = getelementptr inbounds i8, i8* %26, i64 52 %34 = bitcast i8* %33 to i32* %35 = load volatile i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %73, label %37, !prof !5, !misexpect !6 %38 = phi i32 [ %45, %44 ], [ %35, %32 ] %39 = add i32 %38, 1 %40 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %34, i32 %39, i32* %34, i32 %38) #6, !srcloc !7 %41 = extractvalue { i8, i32 } %40, 0 %42 = and i8 %41, 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %47, !prof !5, !misexpect !6 %48 = load %struct.xa_node*, %struct.xa_node** %12, align 8 %49 = icmp eq %struct.xa_node* %48, null %50 = load i8, i8* %11, align 2 %51 = sext i8 %50 to i64 %52 = and i64 %51, 4294967295 %53 = getelementptr %struct.xa_node, %struct.xa_node* %48, i64 0, i32 7, i64 %52 %54 = load %struct.xarray*, %struct.xarray** %7, align 8 %55 = getelementptr inbounds %struct.xarray, %struct.xarray* %54, i64 0, i32 2 %56 = select i1 %49, i8** %55, i8** %53 %57 = load volatile i8*, i8** %56, align 8 %58 = icmp eq i8* %26, %57 br i1 %58, label %76, label %59, !prof !8, !misexpect !6 %77 = phi i64 [ %75, %74 ], [ 1, %29 ], [ %30, %47 ] %78 = ptrtoint i8* %26 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @rcu_read_unlock_strict() #78 %79 = icmp eq i64 %77, 0 br i1 %79, label %83, label %80 %84 = icmp eq i8* %26, null br i1 %84, label %181, label %85 %182 = and i32 %19, 4 %183 = icmp eq i32 %182, 0 br i1 %183, label %307, label %184 %185 = and i32 %19, 8 %186 = icmp eq i32 %185, 0 br i1 %186, label %211, label %187 %188 = load %struct.inode*, %struct.inode** %16, align 8 %189 = icmp eq %struct.inode* %188, null br i1 %189, label %204, label %190 %205 = phi %struct.backing_dev_info* [ %200, %195 ], [ %203, %201 ], [ @noop_backing_dev_info, %187 ] %206 = getelementptr inbounds %struct.backing_dev_info, %struct.backing_dev_info* %205, i64 0, i32 6 %207 = load i32, i32* %206, align 4 %208 = shl i32 %207, 12 %209 = and i32 %208, 4096 %210 = or i32 %209, %18 br label %211 %212 = phi i32 [ %18, %184 ], [ %210, %204 ] %213 = and i32 %19, 16 %214 = icmp eq i32 %213, 0 %215 = and i32 %212, -129 %216 = select i1 %214, i32 %212, i32 %215 %217 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !13 %218 = inttoptr i64 %217 to %struct.task_struct* %219 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 51 %220 = load volatile i64, i64* %219, align 8 %221 = and i64 %220, 2 %222 = icmp eq i64 %221, 0 br i1 %222, label %241, label %223 %224 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %218, i64 0, i32 132, i32 0, i32 0 br label %225 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_pre_enable_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@pagecache_get_page, %226)) #6 to label %232 [label %226], !srcloc !14 %227 = load volatile i32, i32* %224, align 4 %228 = and i32 %227, 1 %229 = icmp eq i32 %228, 0 br i1 %229, label %231, label %230 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 br label %232 %233 = phi i32 [ %227, %231 ], [ 0, %225 ] %234 = call i32 @cpuset_mem_spread_node() #78 %235 = call %struct.page* bitcast (%struct.page.136327* (i32, i32, i32, %struct.cpumask*)* @__alloc_pages to %struct.page* (i32, i32, i32, %struct.cpumask*)*)(i32 %216, i32 0, i32 %234, %struct.cpumask* null) #78 Function:__alloc_pages %5 = alloca %struct.alloc_context.136342, align 8 %6 = bitcast %struct.alloc_context.136342* %5 to i8* %7 = icmp ugt i32 %1, 10 br i1 %7, label %8, label %12, !prof !4, !misexpect !5 %13 = load i32, i32* @gfp_allowed_mask, align 4 %14 = and i32 %13, %0 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136212** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136212**)) #11, !srcloc !7 %16 = inttoptr i64 %15 to %struct.task_struct.136212* %17 = getelementptr inbounds %struct.task_struct.136212, %struct.task_struct.136212* %16, i64 0, i32 4 %18 = load volatile i32, i32* %17, align 4 %19 = and i32 %18, 269221888 %20 = icmp eq i32 %19, 0 br i1 %20, label %37, label %21, !prof !8, !misexpect !5 %38 = phi i32 [ %36, %31 ], [ %14, %12 ] %39 = shl i32 %38, 1 %40 = and i32 %39, 30 %41 = lshr i32 20054306, %40 %42 = and i32 %41, 3 %43 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 4 store i32 %42, i32* %43, align 4 %44 = sext i32 %2 to i64 %45 = getelementptr [0 x %struct.pglist_data.136176*], [0 x %struct.pglist_data.136176*]* bitcast ([64 x %struct.pglist_data*]* @node_data to [0 x %struct.pglist_data.136176*]*), i64 0, i64 %44 %46 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %45, align 8 %47 = lshr i32 %38, 21 %48 = and i32 %47, 1 %49 = zext i32 %48 to i64 %50 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49 %51 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 0 store %struct.zonelist.136172* %50, %struct.zonelist.136172** %51, align 8 %52 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 1 store %struct.cpumask* %3, %struct.cpumask** %52, align 8 %53 = load i32, i32* @page_group_by_mobility_disabled, align 4 %54 = icmp eq i32 %53, 0 %55 = lshr i32 %38, 3 %56 = and i32 %55, 3 %57 = select i1 %54, i32 %56, i32 0, !prof !8 %58 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 3 store i32 %57, i32* %58, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__alloc_pages, %59)) #6 to label %68 [label %59], !srcloc !9 %60 = or i32 %38, 1048576 %61 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %62 = and i32 %61, 16711936 %63 = icmp eq i32 %62, 0 %64 = icmp eq %struct.cpumask* %3, null %65 = and i1 %64, %63 br i1 %65, label %66, label %68 %69 = phi %struct.cpumask* [ %3, %37 ], [ %67, %66 ], [ %3, %59 ] %70 = phi i32 [ 1, %37 ], [ 1, %66 ], [ 65, %59 ] %71 = phi i32 [ %38, %37 ], [ %60, %66 ], [ %60, %59 ] %72 = and i32 %38, 1024 %73 = icmp eq i32 %72, 0 br i1 %73, label %76, label %74 %75 = tail call i32 @__cond_resched() #78 br label %76 %77 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 5 %78 = lshr i32 %38, 12 %79 = trunc i32 %78 to i8 %80 = and i8 %79, 1 store i8 %80, i8* %77, align 8 %81 = getelementptr inbounds %struct.zonelist.136172, %struct.zonelist.136172* %50, i64 0, i32 0, i64 0 %82 = icmp eq %struct.cpumask* %69, null br i1 %82, label %83, label %87, !prof !8 %84 = getelementptr %struct.pglist_data.136176, %struct.pglist_data.136176* %46, i64 0, i32 1, i64 %49, i32 0, i64 0, i32 1 %85 = load i32, i32* %84, align 8 %86 = icmp ugt i32 %85, %42 br i1 %86, label %87, label %89, !prof !4, !misexpect !11 %90 = phi %struct.zoneref.136171* [ %88, %87 ], [ %81, %83 ] %91 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %5, i64 0, i32 2 store %struct.zoneref.136171* %90, %struct.zoneref.136171** %91, align 8 %92 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %90, i64 0, i32 0 %93 = load %struct.zone.136180*, %struct.zone.136180** %92, align 8 %94 = and i32 %38, 2048 %95 = icmp eq %struct.zone.136180* %93, null br i1 %95, label %112, label %96 %113 = phi i32 [ %111, %110 ], [ %94, %89 ], [ %94, %96 ], [ %94, %106 ] %114 = or i32 %113, %70 %115 = call fastcc %struct.page.136327* @get_page_from_freelist(i32 %71, i32 %1, i32 %114, %struct.alloc_context.136342* nonnull %5) #79 Function:get_page_from_freelist %5 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 2 %6 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 5 %7 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 4 %8 = icmp eq i32 %1, 0 %9 = shl nsw i32 -1, %1 %10 = xor i32 %9, -1 %11 = sext i32 %10 to i64 %12 = icmp slt i32 %1, 11 %13 = sext i32 %1 to i64 %14 = xor i1 %8, true %15 = and i32 %0, 512 %16 = icmp eq i32 %15, 0 %17 = or i1 %16, %14 %18 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 3 %19 = getelementptr inbounds %struct.alloc_context.136342, %struct.alloc_context.136342* %3, i64 0, i32 1 br label %20 %21 = phi i32 [ %2, %4 ], [ %420, %418 ] %22 = phi %struct.pglist_data.136176* [ null, %4 ], [ %419, %418 ] %23 = and i32 %21, 256 %24 = icmp ne i32 %23, 0 %25 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %26 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %25, i64 0, i32 0 %27 = load %struct.zone.136180*, %struct.zone.136180** %26, align 8 %28 = icmp eq %struct.zone.136180* %27, null br i1 %28, label %416, label %29 %30 = and i32 %21, 64 %31 = icmp eq i32 %30, 0 %32 = and i32 %21, 3 %33 = zext i32 %32 to i64 %34 = and i32 %21, 24 %35 = and i32 %21, 24 %36 = icmp eq i32 %35, 0 %37 = and i32 %21, 32 %38 = icmp eq i32 %37, 0 %39 = and i32 %21, 8 %40 = icmp eq i32 %39, 0 %41 = icmp ne i32 %32, 0 %42 = and i32 %21, 8 %43 = icmp eq i32 %42, 0 %44 = and i32 %21, 4 %45 = icmp eq i32 %44, 0 br label %46 %47 = phi %struct.zone.136180* [ %414, %411 ], [ %27, %29 ] %48 = phi %struct.pglist_data.136176* [ %400, %411 ], [ %22, %29 ] %49 = phi %struct.zoneref.136171* [ %412, %411 ], [ %25, %29 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @cpusets_enabled_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@get_page_from_freelist, %50)) #6 to label %51 [label %50], !srcloc !4 %52 = phi i1 [ false, %50 ], [ true, %46 ] %53 = or i1 %31, %52 br i1 %53, label %58, label %54 %59 = load i8, i8* %6, align 8, !range !5 %60 = icmp eq i8 %59, 0 br i1 %60, label %69, label %61 %70 = load i32, i32* @nr_online_nodes, align 4 %71 = icmp ugt i32 %70, 1 %72 = and i1 %24, %71 br i1 %72, label %73, label %84 %74 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %75 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %74, i64 0, i32 0 %76 = load %struct.zone.136180*, %struct.zone.136180** %75, align 8 %77 = icmp eq %struct.zone.136180* %47, %76 br i1 %77, label %84, label %78 %85 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 %33 %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 1 %88 = load i64, i64* %87, align 8 %89 = add i64 %88, %86 %90 = load i32, i32* %7, align 4 %91 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 35, i64 0, i32 0 %92 = load volatile i64, i64* %91, align 8 %93 = icmp sgt i64 %92, 0 %94 = select i1 %93, i64 %92, i64 0 br i1 %8, label %95, label %109 %110 = phi i32 [ %35, %99 ], [ %34, %84 ] %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %116, !prof !6, !misexpect !7 %113 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %114 = load i64, i64* %113, align 32 %115 = add i64 %114, %11 br label %116 %117 = phi i64 [ %115, %112 ], [ %11, %109 ] %118 = sub i64 %94, %117 br i1 %38, label %122, label %119 %120 = sdiv i64 %89, -2 %121 = add i64 %120, %89 br label %122 %123 = phi i64 [ %121, %119 ], [ %89, %116 ] br i1 %111, label %131, label %124, !prof !6, !misexpect !8 br i1 %40, label %128, label %125 %129 = sdiv i64 %123, -4 %130 = add i64 %129, %123 br label %131 %132 = phi i64 [ %127, %125 ], [ %130, %128 ], [ %123, %122 ] %133 = sext i32 %90 to i64 %134 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 3, i64 %133 %135 = load i64, i64* %134, align 8 %136 = add i64 %135, %132 %137 = icmp sgt i64 %118, %136 br i1 %137, label %138, label %169 br i1 %8, label %254, label %139 br i1 %12, label %140, label %230 %141 = phi i64 [ %161, %160 ], [ %13, %139 ] %142 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 1 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %160, label %145 %146 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 0 %147 = getelementptr inbounds %struct.list_head, %struct.list_head* %146, i64 0, i32 0 %148 = load volatile %struct.list_head*, %struct.list_head** %147, align 8 %149 = icmp eq %struct.list_head* %148, %146 br i1 %149, label %150, label %254 %151 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 1 %152 = getelementptr inbounds %struct.list_head, %struct.list_head* %151, i64 0, i32 0 %153 = load volatile %struct.list_head*, %struct.list_head** %152, align 8 %154 = icmp eq %struct.list_head* %153, %151 br i1 %154, label %163, label %254 %164 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %141, i32 0, i64 2 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 0 %166 = load volatile %struct.list_head*, %struct.list_head** %165, align 8 %167 = icmp eq %struct.list_head* %166, %164 br i1 %167, label %168, label %254 br i1 %111, label %160, label %155 %161 = add nsw i64 %141, 1 %162 = icmp eq i64 %161, 11 br i1 %162, label %169, label %140 %170 = icmp eq i64 %88, 0 %171 = or i1 %41, %170 %172 = or i1 %17, %171 br i1 %172, label %230, label %173, !prof !9 %174 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 0, i64 0 %175 = load i64, i64* %174, align 64 br i1 %111, label %176, label %180, !prof !6, !misexpect !7 %177 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 2 %178 = load i64, i64* %177, align 32 %179 = add i64 %178, %11 br label %180 %181 = phi i64 [ %179, %176 ], [ %11, %173 ] %182 = sub i64 %94, %181 br i1 %38, label %186, label %183 %184 = sdiv i64 %175, -2 %185 = add i64 %184, %175 br label %186 %187 = phi i64 [ %185, %183 ], [ %175, %180 ] br i1 %111, label %195, label %188, !prof !6, !misexpect !8 br i1 %43, label %192, label %189 %193 = sdiv i64 %187, -4 %194 = add i64 %193, %187 br label %195 %196 = phi i64 [ %191, %189 ], [ %194, %192 ], [ %187, %186 ] %197 = add i64 %196, %135 %198 = icmp sgt i64 %182, %197 br i1 %198, label %199, label %230 br i1 %8, label %254, label %200 br i1 %12, label %201, label %230 %202 = phi i64 [ %222, %221 ], [ %13, %200 ] %203 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 1 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %204, 0 br i1 %205, label %221, label %206 %207 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 0 %208 = getelementptr inbounds %struct.list_head, %struct.list_head* %207, i64 0, i32 0 %209 = load volatile %struct.list_head*, %struct.list_head** %208, align 8 %210 = icmp eq %struct.list_head* %209, %207 br i1 %210, label %211, label %254 %212 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 1 %213 = getelementptr inbounds %struct.list_head, %struct.list_head* %212, i64 0, i32 0 %214 = load volatile %struct.list_head*, %struct.list_head** %213, align 8 %215 = icmp eq %struct.list_head* %214, %212 br i1 %215, label %224, label %254 %225 = getelementptr %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 18, i64 %202, i32 0, i64 2 %226 = getelementptr inbounds %struct.list_head, %struct.list_head* %225, i64 0, i32 0 %227 = load volatile %struct.list_head*, %struct.list_head** %226, align 8 %228 = icmp eq %struct.list_head* %227, %225 br i1 %228, label %229, label %254 br i1 %111, label %221, label %216 %222 = add nsw i64 %202, 1 %223 = icmp eq i64 %222, 11 br i1 %223, label %230, label %201 br i1 %45, label %231, label %254 %232 = load i32, i32* @node_reclaim_mode, align 4 %233 = and i32 %232, 7 %234 = icmp eq i32 %233, 0 br i1 %234, label %399, label %235 %236 = load %struct.zoneref.136171*, %struct.zoneref.136171** %5, align 8 %237 = getelementptr inbounds %struct.zoneref.136171, %struct.zoneref.136171* %236, i64 0, i32 0 %238 = load %struct.zone.136180*, %struct.zone.136180** %237, align 8 %239 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %238, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 4 %242 = load i32, i32* %241, align 8 %243 = tail call i32 @__node_distance(i32 %240, i32 %242) #78 %244 = load i32, i32* @node_reclaim_distance, align 4 %245 = icmp sgt i32 %243, %244 br i1 %245, label %399, label %246 %247 = getelementptr inbounds %struct.zone.136180, %struct.zone.136180* %47, i64 0, i32 5 %248 = load %struct.pglist_data.136176*, %struct.pglist_data.136176** %247, align 16 %249 = tail call i32 bitcast (i32 (%struct.pglist_data*, i32, i32)* @node_reclaim to i32 (%struct.pglist_data.136176*, i32, i32)*)(%struct.pglist_data.136176* %248, i32 %0, i32 %1) #78 Function:node_reclaim %4 = load i32, i32* @node_reclaim_mode, align 4 %5 = and i32 %4, 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %11 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %12 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %13 = add i64 %12, %11 br label %15 %16 = phi i64 [ %8, %7 ], [ %14, %9 ] %17 = load i32, i32* @node_reclaim_mode, align 4 %18 = and i32 %17, 2 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %23 = phi i64 [ 0, %15 ], [ %21, %20 ] %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %24, %26 br i1 %27, label %33, label %28 %29 = tail call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state_pages to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 5) #78 %30 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 20 %31 = load i64, i64* %30, align 16 %32 = icmp ugt i64 %29, %31 br i1 %32, label %33, label %64 %34 = and i32 %1, 1024 %35 = icmp eq i32 %34, 0 br i1 %35, label %64, label %36 %37 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %38 = inttoptr i64 %37 to %struct.task_struct* %39 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %38, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 2048 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %64 %44 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %45 = load i32, i32* %44, align 64 %46 = sext i32 %45 to i64 %47 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([6 x %struct.cpumask], [6 x %struct.cpumask]* @node_states, i64 0, i64 4, i32 0, i64 0), i64 %46) #6, !srcloc !5 %48 = and i8 %47, 1 %49 = icmp eq i8 %48, 0 br i1 %49, label %54, label %50 %55 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %56 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; btsq $2, $0\0A\09/* output condition code c*/\0A", "=*m,={@ccc},Ir,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %55, i64 2, i64* %55) #6, !srcloc !7 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %64 %60 = tail call fastcc i32 @__node_reclaim(%struct.pglist_data* %0, i32 %1, i32 %2) #79 Function:__node_reclaim %4 = alloca %struct.scan_control, align 8 %5 = shl nuw i32 1, %2 %6 = sext i32 %5 to i64 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = bitcast %struct.scan_control* %4 to i8* %10 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 0 %11 = icmp ugt i64 %6, 32 %12 = select i1 %11, i64 %6, i64 32 %13 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 1 %14 = bitcast %struct.cpumask** %13 to i8* store i64 %12, i64* %10, align 8 %15 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 5 %16 = load i32, i32* @node_reclaim_mode, align 4 %17 = trunc i32 %16 to i16 %18 = shl i16 %17, 3 %19 = and i16 %18, 48 %20 = or i16 %19, 64 store i16 %20, i16* %15, align 8 %21 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 6 %22 = trunc i32 %2 to i8 store i8 %22, i8* %21, align 2 %23 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 7 store i8 4, i8* %23, align 1 %24 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 8 %25 = shl i32 %1, 1 %26 = and i32 %25, 30 %27 = lshr i32 20054306, %26 %28 = trunc i32 %27 to i8 %29 = and i8 %28, 3 store i8 %29, i8* %24, align 4 %30 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 9 %31 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %32 = load volatile i32, i32* %31, align 4 %33 = and i32 %32, 269221888 %34 = icmp eq i32 %33, 0 br i1 %34, label %51, label %35, !prof !5, !misexpect !6 %52 = phi i32 [ %50, %45 ], [ %1, %3 ] store i32 %52, i32* %30, align 8 %53 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %54 = load i32, i32* %53, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mm_vmscan_node_reclaim_begin, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i32 2, i8* blockaddress(@__node_reclaim, %55)) #6 to label %69 [label %55], !srcloc !7 %70 = tail call i32 @__cond_resched() #78 %71 = load i32, i32* %31, align 4 %72 = and i32 %71, 2048 %73 = or i32 %71, 8390656 store i32 %73, i32* %31, align 4 %74 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 13 %75 = icmp eq %struct.reclaim_state* %74, null %76 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %77 = load %struct.reclaim_state*, %struct.reclaim_state** %76, align 8 %78 = icmp eq %struct.reclaim_state* %77, null br i1 %75, label %81, label %79 br i1 %78, label %83, label %80, !prof !5, !misexpect !6 store %struct.reclaim_state* %74, %struct.reclaim_state** %76, align 8 %84 = load i32, i32* @node_reclaim_mode, align 4 %85 = and i32 %84, 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %89, label %87 %90 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 18) #78 %91 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %92 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %93 = add i64 %92, %91 br label %95 %96 = phi i64 [ %88, %87 ], [ %94, %89 ] %97 = load i32, i32* @node_reclaim_mode, align 4 %98 = and i32 %97, 2 %99 = icmp eq i32 %98, 0 br i1 %99, label %100, label %102 %103 = phi i64 [ 0, %95 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 19 %106 = load i64, i64* %105, align 8 %107 = icmp ugt i64 %104, %106 br i1 %107, label %108, label %117 %109 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %4, i64 0, i32 11 br label %110 call fastcc void @shrink_node(%struct.pglist_data* %0, %struct.scan_control* nonnull %4) #79 Function:shrink_node %3 = alloca [5 x i64], align 16 %4 = alloca [5 x i64], align 16 %5 = alloca %struct.blk_plug, align 8 %6 = alloca %struct.shrink_control, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 121 %10 = load %struct.reclaim_state*, %struct.reclaim_state** %9, align 8 %11 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23 %12 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12 %13 = bitcast %struct.x86_pmu_capability* %12 to i8* %14 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 11 %15 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 1 %16 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %15, i64 0, i32 0, i32 0 %17 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 2 %18 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 3 %19 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 3 %20 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 4 %21 = bitcast %struct.spinlock* %15 to i8* %22 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 5 %23 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 1 %24 = bitcast %struct.list_head* %23 to %struct.pglist_data* %25 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 0 %26 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 5, i64 1 %27 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 7 %28 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 6 %29 = bitcast [5 x i64]* %3 to i8* %30 = bitcast [5 x i64]* %4 to i8* %31 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 0 %32 = bitcast %struct.blk_plug* %5 to i8* %33 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 0 %34 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 821 %35 = bitcast %struct.list_head* %34 to i32* %36 = icmp eq %struct.scan_control* %1, null %37 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 8 %38 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 1 %39 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 2 %40 = getelementptr inbounds [5 x i64], [5 x i64]* %3, i64 0, i64 3 %41 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 0 %42 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 4 %43 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 2 %44 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 3 %45 = getelementptr inbounds [5 x i64], [5 x i64]* %4, i64 0, i64 1 %46 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 9 %47 = bitcast %struct.shrink_control* %6 to i8* %48 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.shrink_control, %struct.shrink_control* %6, i64 0, i32 2 %51 = bitcast i64* %50 to i8* %52 = icmp eq %struct.reclaim_state* %10, null %53 = getelementptr inbounds %struct.reclaim_state, %struct.reclaim_state* %10, i64 0, i32 0 %54 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 3 %55 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 6 %56 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 24 %57 = bitcast i64* %56 to i8* %58 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 1 %59 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 5 %60 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 4 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %12, i64 0, i32 0 %62 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 12, i32 2 %63 = getelementptr inbounds %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 23, i32 6 %64 = bitcast i64* %63 to i8* %65 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 122 %66 = getelementptr inbounds %struct.scan_control, %struct.scan_control* %1, i64 0, i32 6 %67 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 11, i32 0 %68 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 0, i64 2 %69 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 0, i32 1 %70 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 11, i32 0 %71 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 0, i64 2 %72 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 1, i32 1 %73 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 11, i32 0 %74 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 0, i64 2 %75 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 2, i32 1 %76 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 11, i32 0 %77 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 0, i64 2 %78 = getelementptr %struct.pglist_data, %struct.pglist_data* %0, i64 0, i32 0, i64 3, i32 1 %79 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %80 = bitcast %struct.list_head** %79 to i64* %81 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 69, i32 1 %82 = bitcast %struct.list_head** %81 to i64* %83 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %84 = bitcast %struct.list_head** %83 to i64* %85 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 145, i32 1 %86 = bitcast %struct.list_head** %85 to i64* %87 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %88 = bitcast %struct.list_head** %87 to i64* %89 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 221, i32 1 %90 = bitcast %struct.list_head** %89 to i64* %91 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %92 = bitcast %struct.list_head** %91 to i64* %93 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 297, i32 1 %94 = bitcast %struct.list_head** %93 to i64* %95 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %96 = bitcast %struct.list_head** %95 to i64* %97 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70 %98 = bitcast %struct.list_head* %97 to i64* %99 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %100 = bitcast %struct.list_head** %99 to i64* %101 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146 %102 = bitcast %struct.list_head* %101 to i64* %103 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %104 = bitcast %struct.list_head** %103 to i64* %105 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222 %106 = bitcast %struct.list_head* %105 to i64* %107 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %108 = bitcast %struct.list_head** %107 to i64* %109 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298 %110 = bitcast %struct.list_head* %109 to i64* %111 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %112 = bitcast %struct.list_head** %111 to i64* %113 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 70, i32 1 %114 = bitcast %struct.list_head** %113 to i64* %115 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %116 = bitcast %struct.list_head** %115 to i64* %117 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 146, i32 1 %118 = bitcast %struct.list_head** %117 to i64* %119 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %120 = bitcast %struct.list_head** %119 to i64* %121 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 222, i32 1 %122 = bitcast %struct.list_head** %121 to i64* %123 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %124 = bitcast %struct.list_head** %123 to i64* %125 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 298, i32 1 %126 = bitcast %struct.list_head** %125 to i64* %127 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 8, i32 1 %128 = bitcast %struct.list_head** %127 to i64* %129 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 71 %130 = bitcast %struct.list_head* %129 to i64* %131 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 84, i32 1 %132 = bitcast %struct.list_head** %131 to i64* %133 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 147 %134 = bitcast %struct.list_head* %133 to i64* %135 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 160, i32 1 %136 = bitcast %struct.list_head** %135 to i64* %137 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 223 %138 = bitcast %struct.list_head* %137 to i64* %139 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 236, i32 1 %140 = bitcast %struct.list_head** %139 to i64* %141 = getelementptr %struct.lruvec, %struct.lruvec* %11, i64 -98, i32 0, i64 299 %142 = bitcast %struct.list_head* %141 to i64* br label %143 %144 = phi i8 [ 0, %2 ], [ %560, %679 ] %145 = load i64, i64* %14, align 8 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %16) #78 %146 = load i64, i64* %17, align 8 store i64 %146, i64* %18, align 8 %147 = load i64, i64* %19, align 8 store i64 %147, i64* %20, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %21, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %148 = load i16, i16* %22, align 8 %149 = and i16 %148, 4 %150 = icmp eq i16 %149, 0 br i1 %150, label %151, label %198 %152 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 12) #78 %153 = load i64, i64* %25, align 8 %154 = icmp eq i64 %152, %153 br i1 %154, label %155, label %168 %156 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 0) #78 %157 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 1) #78 %158 = add i64 %157, %156 %159 = lshr i64 %158, 18 %160 = icmp eq i64 %159, 0 br i1 %160, label %164, label %161 %165 = phi i64 [ %163, %161 ], [ 1, %155 ] %166 = mul i64 %165, %156 %167 = icmp ult i64 %166, %157 br i1 %167, label %168, label %171 %172 = load i16, i16* %22, align 8 %173 = and i16 %172, -2 br label %174 %175 = phi i16 [ %173, %171 ], [ %170, %168 ] store i16 %175, i16* %22, align 8 %176 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 13) #78 %177 = load i64, i64* %26, align 8 %178 = icmp eq i64 %176, %177 br i1 %178, label %179, label %192 %193 = load i16, i16* %22, align 8 %194 = or i16 %193, 2 br label %200 %201 = phi i16 [ %199, %198 ], [ %197, %195 ], [ %194, %192 ] store i16 %201, i16* %22, align 8 %202 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %24, i32 2) #78 %203 = load i8, i8* %27, align 1 %204 = sext i8 %203 to i64 %205 = and i64 %204, 4294967295 %206 = lshr i64 %202, %205 %207 = icmp ne i64 %206, 0 %208 = load i16, i16* %22, align 8 %209 = and i16 %208, 2 %210 = icmp eq i16 %209, 0 %211 = and i1 %207, %210 %212 = and i16 %208, -2049 %213 = select i1 %211, i16 2048, i16 0 %214 = or i16 %212, %213 store i16 %214, i16* %22, align 8 %215 = load i32, i32* %28, align 64 %216 = call i64 @sum_zone_node_page_state(i32 %215, i32 0) #78 %217 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 3) #78 %218 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 2) #78 %219 = load volatile i64, i64* %67, align 8 %220 = icmp eq i64 %219, 0 br i1 %220, label %225, label %221 %226 = phi i64 [ %224, %221 ], [ 0, %200 ] %227 = load volatile i64, i64* %70, align 8 %228 = icmp eq i64 %227, 0 br i1 %228, label %693, label %688 %689 = load i64, i64* %71, align 16 %690 = load i64, i64* %72, align 8 %691 = add i64 %689, %226 %692 = add i64 %691, %690 br label %693 %694 = phi i64 [ %692, %688 ], [ %226, %225 ] %695 = load volatile i64, i64* %73, align 8 %696 = icmp eq i64 %695, 0 br i1 %696, label %702, label %697 %698 = load i64, i64* %74, align 16 %699 = load i64, i64* %75, align 8 %700 = add i64 %698, %694 %701 = add i64 %700, %699 br label %702 %703 = phi i64 [ %701, %697 ], [ %694, %693 ] %704 = load volatile i64, i64* %76, align 8 %705 = icmp eq i64 %704, 0 br i1 %705, label %711, label %706 %707 = load i64, i64* %77, align 16 %708 = load i64, i64* %78, align 8 %709 = add i64 %707, %703 %710 = add i64 %709, %708 br label %711 %712 = phi i64 [ %710, %706 ], [ %703, %702 ] %713 = call i64 bitcast (i64 (%struct.pglist_data.124547*, i32)* @node_page_state to i64 (%struct.pglist_data*, i32)*)(%struct.pglist_data* %0, i32 0) #78 %714 = add i64 %217, %216 %715 = add i64 %714, %218 %716 = icmp ule i64 %715, %712 %717 = load i16, i16* %22, align 8 %718 = and i16 %717, 1 %719 = icmp eq i16 %718, 0 %720 = and i1 %716, %719 br i1 %720, label %229, label %236 %237 = phi i16 [ %235, %229 ], [ 0, %711 ] %238 = and i16 %717, -4097 %239 = or i16 %238, %237 store i16 %239, i16* %22, align 8 %240 = call i32 @__cond_resched() #78 %241 = load i64, i64* %31, align 8 %242 = load i32, i32* @vm_swappiness, align 4 %243 = load i16, i16* %22, align 8 %244 = and i16 %243, 64 %245 = icmp eq i16 %244, 0 br i1 %245, label %289, label %246 %247 = load i32, i32* %35, align 64 %248 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nr_swap_pages, i64 0, i32 0), align 8 %249 = icmp sgt i64 %248, 0 br i1 %249, label %260, label %250 %251 = load i8, i8* @numa_demotion_enabled, align 1, !range !8 %252 = icmp eq i8 %251, 0 br i1 %252, label %289, label %253 %254 = and i16 %243, 8192 %255 = icmp eq i16 %254, 0 %256 = or i1 %36, %255 br i1 %256, label %257, label %289 %258 = call i32 @next_demotion_node(i32 %247) #78 %259 = icmp eq i32 %258, -1 br i1 %259, label %289, label %260 %261 = icmp ne i32 %242, 0 %262 = load i8, i8* %27, align 1 %263 = icmp eq i8 %262, 0 %264 = and i1 %261, %263 br i1 %264, label %289, label %265 %266 = load i16, i16* %22, align 8 %267 = and i16 %266, 4096 %268 = icmp eq i16 %267, 0 br i1 %268, label %269, label %289 %270 = and i16 %266, 2048 %271 = icmp eq i16 %270, 0 br i1 %271, label %272, label %289 %273 = load i64, i64* %18, align 8 %274 = load i64, i64* %20, align 8 %275 = add i64 %274, %273 %276 = add i64 %275, %273 %277 = sext i32 %242 to i64 %278 = add i64 %274, 1 %279 = add i64 %278, %275 %280 = add i64 %279, %276 %281 = mul i64 %280, %277 %282 = add i64 %276, 1 %283 = udiv i64 %281, %282 %284 = sub i32 200, %242 %285 = sext i32 %284 to i64 %286 = mul i64 %280, %285 %287 = udiv i64 %286, %279 %288 = add i64 %287, %283 br label %289 %290 = phi i64 [ %287, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %291 = phi i64 [ %283, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %292 = phi i1 [ true, %272 ], [ false, %236 ], [ false, %257 ], [ true, %260 ], [ true, %265 ], [ false, %269 ], [ false, %250 ], [ false, %253 ] %293 = phi i1 [ false, %272 ], [ true, %236 ], [ true, %257 ], [ false, %260 ], [ false, %265 ], [ true, %269 ], [ true, %250 ], [ true, %253 ] %294 = phi i32 [ 1, %272 ], [ 3, %236 ], [ 3, %257 ], [ 0, %260 ], [ 2, %265 ], [ 3, %269 ], [ 3, %250 ], [ 3, %253 ] %295 = phi i64 [ %288, %272 ], [ 0, %236 ], [ 0, %257 ], [ 0, %260 ], [ 0, %265 ], [ 0, %269 ], [ 0, %250 ], [ 0, %253 ] %296 = load i8, i8* %37, align 4 %297 = sext i8 %296 to i32 %298 = icmp sgt i8 %296, -1 %299 = icmp ult i32 %297, 3 %300 = select i1 %299, i32 %297, i32 3 %301 = add nuw nsw i32 %300, 1 %302 = load i8, i8* %27, align 1 %303 = sext i8 %302 to i64 %304 = and i64 %303, 4294967295 br i1 %298, label %305, label %315 %306 = load volatile i64, i64* %80, align 8 %307 = icmp eq i64 %306, 0 br i1 %307, label %312, label %308 %309 = load volatile i64, i64* %82, align 8 %310 = icmp sgt i64 %309, 0 %311 = select i1 %310, i64 %309, i64 0 br label %312 %313 = phi i64 [ %311, %308 ], [ 0, %305 ] %314 = icmp eq i32 %300, 0 br i1 %314, label %315, label %721 %722 = load volatile i64, i64* %84, align 8 %723 = icmp eq i64 %722, 0 br i1 %723, label %729, label %724 %725 = load volatile i64, i64* %86, align 8 %726 = icmp sgt i64 %725, 0 %727 = select i1 %726, i64 %725, i64 0 %728 = add nuw i64 %727, %313 br label %729 %730 = phi i64 [ %728, %724 ], [ %313, %721 ] %731 = icmp eq i32 %301, 2 br i1 %731, label %315, label %732 %733 = load volatile i64, i64* %88, align 8 %734 = icmp eq i64 %733, 0 br i1 %734, label %740, label %735 %736 = load volatile i64, i64* %90, align 8 %737 = icmp sgt i64 %736, 0 %738 = select i1 %737, i64 %736, i64 0 %739 = add i64 %738, %730 br label %740 %741 = phi i64 [ %739, %735 ], [ %730, %732 ] %742 = icmp eq i32 %301, 3 br i1 %742, label %315, label %743 %744 = load volatile i64, i64* %92, align 8 %745 = icmp eq i64 %744, 0 br i1 %745, label %315, label %746 %316 = phi i64 [ 0, %289 ], [ %313, %312 ], [ %730, %729 ], [ %741, %740 ], [ %750, %746 ], [ %741, %743 ] %317 = lshr i64 %316, %304 switch i32 %294, label %323 [ i32 0, label %324 i32 1, label %318 i32 3, label %321 i32 2, label %321 ] %322 = select i1 %292, i64 %317, i64 0 br label %324 %325 = phi i64 [ %320, %318 ], [ %317, %315 ], [ %322, %321 ] store i64 %325, i64* %33, align 16 br i1 %298, label %453, label %463 %454 = load volatile i64, i64* %96, align 8 %455 = icmp eq i64 %454, 0 br i1 %455, label %460, label %456 %457 = load volatile i64, i64* %98, align 8 %458 = icmp sgt i64 %457, 0 %459 = select i1 %458, i64 %457, i64 0 br label %460 %461 = phi i64 [ %459, %456 ], [ 0, %453 ] %462 = icmp eq i32 %300, 0 br i1 %462, label %463, label %751 %752 = load volatile i64, i64* %100, align 8 %753 = icmp eq i64 %752, 0 br i1 %753, label %759, label %754 %755 = load volatile i64, i64* %102, align 8 %756 = icmp sgt i64 %755, 0 %757 = select i1 %756, i64 %755, i64 0 %758 = add nuw i64 %757, %461 br label %759 %760 = phi i64 [ %758, %754 ], [ %461, %751 ] %761 = icmp eq i32 %301, 2 br i1 %761, label %463, label %762 %763 = load volatile i64, i64* %104, align 8 %764 = icmp eq i64 %763, 0 br i1 %764, label %770, label %765 %766 = load volatile i64, i64* %106, align 8 %767 = icmp sgt i64 %766, 0 %768 = select i1 %767, i64 %766, i64 0 %769 = add i64 %768, %760 br label %770 %771 = phi i64 [ %769, %765 ], [ %760, %762 ] %772 = icmp eq i32 %301, 3 br i1 %772, label %463, label %773 %774 = load volatile i64, i64* %108, align 8 %775 = icmp eq i64 %774, 0 br i1 %775, label %463, label %776 %464 = phi i64 [ 0, %324 ], [ %461, %460 ], [ %760, %759 ], [ %771, %770 ], [ %780, %776 ], [ %771, %773 ] %465 = lshr i64 %464, %304 switch i32 %294, label %323 [ i32 0, label %471 i32 1, label %468 i32 3, label %466 i32 2, label %466 ] %469 = mul i64 %465, %291 %470 = udiv i64 %469, %295 br label %471 %472 = phi i64 [ %470, %468 ], [ %465, %463 ], [ %467, %466 ] store i64 %472, i64* %38, align 8 br i1 %298, label %473, label %483 %474 = load volatile i64, i64* %112, align 8 %475 = icmp eq i64 %474, 0 br i1 %475, label %480, label %476 %477 = load volatile i64, i64* %114, align 8 %478 = icmp sgt i64 %477, 0 %479 = select i1 %478, i64 %477, i64 0 br label %480 %481 = phi i64 [ %479, %476 ], [ 0, %473 ] %482 = icmp eq i32 %300, 0 br i1 %482, label %483, label %781 %782 = load volatile i64, i64* %116, align 8 %783 = icmp eq i64 %782, 0 br i1 %783, label %789, label %784 %785 = load volatile i64, i64* %118, align 8 %786 = icmp sgt i64 %785, 0 %787 = select i1 %786, i64 %785, i64 0 %788 = add nuw i64 %787, %481 br label %789 %790 = phi i64 [ %788, %784 ], [ %481, %781 ] %791 = icmp eq i32 %301, 2 br i1 %791, label %483, label %792 %793 = load volatile i64, i64* %120, align 8 %794 = icmp eq i64 %793, 0 br i1 %794, label %800, label %795 %796 = load volatile i64, i64* %122, align 8 %797 = icmp sgt i64 %796, 0 %798 = select i1 %797, i64 %796, i64 0 %799 = add i64 %798, %790 br label %800 %801 = phi i64 [ %799, %795 ], [ %790, %792 ] %802 = icmp eq i32 %301, 3 br i1 %802, label %483, label %803 %804 = load volatile i64, i64* %124, align 8 %805 = icmp eq i64 %804, 0 br i1 %805, label %483, label %806 %484 = phi i64 [ 0, %471 ], [ %481, %480 ], [ %790, %789 ], [ %801, %800 ], [ %810, %806 ], [ %801, %803 ] %485 = lshr i64 %484, %304 switch i32 %294, label %323 [ i32 0, label %491 i32 1, label %488 i32 3, label %486 i32 2, label %486 ] %489 = mul i64 %485, %290 %490 = udiv i64 %489, %295 br label %491 %492 = phi i64 [ %490, %488 ], [ %485, %483 ], [ %487, %486 ] store i64 %492, i64* %39, align 16 br i1 %298, label %493, label %503 %494 = load volatile i64, i64* %128, align 8 %495 = icmp eq i64 %494, 0 br i1 %495, label %500, label %496 %497 = load volatile i64, i64* %130, align 8 %498 = icmp sgt i64 %497, 0 %499 = select i1 %498, i64 %497, i64 0 br label %500 %501 = phi i64 [ %499, %496 ], [ 0, %493 ] %502 = icmp eq i32 %300, 0 br i1 %502, label %503, label %811 %812 = load volatile i64, i64* %132, align 8 %813 = icmp eq i64 %812, 0 br i1 %813, label %819, label %814 %815 = load volatile i64, i64* %134, align 8 %816 = icmp sgt i64 %815, 0 %817 = select i1 %816, i64 %815, i64 0 %818 = add nuw i64 %817, %501 br label %819 %820 = phi i64 [ %818, %814 ], [ %501, %811 ] %821 = icmp eq i32 %301, 2 br i1 %821, label %503, label %822 %823 = load volatile i64, i64* %136, align 8 %824 = icmp eq i64 %823, 0 br i1 %824, label %830, label %825 %826 = load volatile i64, i64* %138, align 8 %827 = icmp sgt i64 %826, 0 %828 = select i1 %827, i64 %826, i64 0 %829 = add i64 %828, %820 br label %830 %831 = phi i64 [ %829, %825 ], [ %820, %822 ] %832 = icmp eq i32 %301, 3 br i1 %832, label %503, label %833 %834 = load volatile i64, i64* %140, align 8 %835 = icmp eq i64 %834, 0 br i1 %835, label %503, label %836 %504 = phi i64 [ 0, %491 ], [ %501, %500 ], [ %820, %819 ], [ %831, %830 ], [ %840, %836 ], [ %831, %833 ] %505 = lshr i64 %504, %304 switch i32 %294, label %323 [ i32 0, label %511 i32 1, label %508 i32 3, label %506 i32 2, label %506 ] %509 = mul i64 %505, %290 %510 = udiv i64 %509, %295 br label %511 %512 = phi i64 [ %510, %508 ], [ %505, %503 ], [ %507, %506 ] store i64 %512, i64* %40, align 8 %513 = load i32, i32* %42, align 4 %514 = and i32 %513, 131072 %515 = icmp eq i32 %514, 0 %516 = icmp eq i8 %302, 12 %517 = and i1 %516, %515 call void @blk_start_plug(%struct.blk_plug* nonnull %5) #78 %518 = load i64, i64* %43, align 16 %519 = load i64, i64* %44, align 8 %520 = add i64 %518, 1 %521 = add i64 %520, %519 %522 = load i64, i64* %41, align 16 %523 = load i64, i64* %45, align 8 %524 = add i64 %522, 1 %525 = add i64 %524, %523 %526 = or i64 %492, %325 %527 = or i64 %526, %512 %528 = icmp eq i64 %527, 0 br i1 %528, label %421, label %326 %327 = phi i64 [ %365, %364 ], [ %325, %511 ] %328 = phi i64 [ %366, %364 ], [ 0, %511 ] %329 = phi i64 [ %358, %364 ], [ 0, %511 ] %330 = icmp eq i64 %327, 0 br i1 %330, label %357, label %331 %332 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %328 %333 = icmp ult i64 %327, 32 %334 = select i1 %333, i64 %327, i64 32 %335 = sub i64 %327, %334 store i64 %335, i64* %332, align 8 %336 = trunc i64 %328 to i32 %337 = and i32 %336, 2147483645 %338 = icmp eq i32 %337, 1 br i1 %338, label %339, label %352 %353 = call fastcc i64 @shrink_inactive_list(i64 %334, %struct.lruvec* %11, %struct.scan_control* %1, i32 %336) #78 br label %354 %355 = phi i64 [ %353, %352 ], [ 0, %350 ], [ 0, %349 ] %356 = add i64 %355, %329 br label %357 %358 = phi i64 [ %356, %354 ], [ %329, %326 ] %359 = add nuw nsw i64 %328, 1 %360 = icmp eq i64 %359, 4 br i1 %360, label %367, label %361 %368 = call i32 @__cond_resched() #78 %369 = icmp ult i64 %358, %241 %370 = or i1 %517, %369 br i1 %370, label %414, label %371 %372 = load i64, i64* %39, align 16 %373 = load i64, i64* %40, align 8 %374 = add i64 %373, %372 %375 = load i64, i64* %33, align 16 %376 = load i64, i64* %38, align 8 %377 = add i64 %376, %375 %378 = icmp ne i64 %374, 0 %379 = icmp ne i64 %377, 0 %380 = and i1 %378, %379 br i1 %380, label %381, label %421 %382 = icmp ugt i64 %374, %377 %383 = select i1 %382, i64 %377, i64 %374 %384 = select i1 %382, i64 %525, i64 %521 %385 = select i1 %382, i32 2, i32 0 %386 = select i1 %382, i32 0, i32 2 %387 = mul i64 %383, 100 %388 = udiv i64 %387, %384 %389 = zext i32 %386 to i64 %390 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %389 store i64 0, i64* %390, align 16 %391 = or i32 %386, 1 %392 = zext i32 %391 to i64 %393 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %392 store i64 0, i64* %393, align 8 %394 = zext i32 %385 to i64 %395 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %394 %396 = load i64, i64* %395, align 16 %397 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %394 %398 = load i64, i64* %397, align 16 %399 = sub i64 %396, %398 %400 = sub i64 100, %388 %401 = mul i64 %396, %400 %402 = udiv i64 %401, 100 store i64 %403, i64* %397, align 16 %404 = or i32 %385, 1 %405 = zext i32 %404 to i64 %406 = getelementptr [5 x i64], [5 x i64]* %4, i64 0, i64 %405 %407 = load i64, i64* %406, align 8 %408 = getelementptr [5 x i64], [5 x i64]* %3, i64 0, i64 %405 %409 = load i64, i64* %408, align 8 %410 = sub i64 %407, %409 %411 = mul i64 %407, %400 %412 = udiv i64 %411, 100 store i64 %413, i64* %408, align 8 br label %414 %415 = load i64, i64* %33, align 16 %416 = load i64, i64* %40, align 8 %417 = load i64, i64* %39, align 16 %418 = or i64 %416, %415 %419 = or i64 %418, %417 %420 = icmp eq i64 %419, 0 br i1 %420, label %421, label %364 %422 = phi i64 [ 0, %511 ], [ %358, %371 ], [ %358, %414 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %5) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 do_madvise 7 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %9 to i32 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %12 = inttoptr i64 %11 to %struct.task_struct* %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 38 %14 = load %struct.mm_struct*, %struct.mm_struct** %13, align 64 %15 = tail call i32 @do_madvise(%struct.mm_struct* %14, i64 %4, i64 %7, i32 %10) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %82, %312 ], [ -12, %78 ], [ %82, %310 ], [ -12, %323 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %12) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 do_madvise 7 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %7 to i32 %9 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %10 = inttoptr i64 %9 to %struct.task_struct* %11 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %10, i64 0, i32 38 %12 = load %struct.mm_struct*, %struct.mm_struct** %11, align 64 %13 = tail call i32 @do_madvise(%struct.mm_struct* %12, i64 %3, i64 %5, i32 %8) #78 Function:do_madvise %5 = alloca %struct.mmu_notifier_range, align 8 %6 = alloca %struct.mmu_gather, align 8 %7 = alloca %struct.madvise_walk_private, align 8 %8 = alloca %struct.mmu_gather, align 8 %9 = alloca %struct.madvise_walk_private, align 8 %10 = alloca %struct.mmu_gather, align 8 %11 = alloca %struct.vm_area_struct*, align 8 %12 = alloca %struct.blk_plug, align 8 %13 = bitcast %struct.vm_area_struct** %11 to i8* store %struct.vm_area_struct* null, %struct.vm_area_struct** %11, align 8 %14 = bitcast %struct.blk_plug* %12 to i8* switch i32 %3, label %339 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 22, label %15 i32 23, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %1, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %339 %19 = add i64 %2, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %2, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %339 %25 = add i64 %20, %1 %26 = icmp ult i64 %25, %1 br i1 %26, label %339, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %339, label %29 switch i32 %3, label %30 [ i32 9, label %39 i32 3, label %39 i32 4, label %39 i32 20, label %39 i32 21, label %39 i32 8, label %39 i32 22, label %39 i32 23, label %39 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %40)) #6 to label %41 [label %40], !srcloc !4 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %0, i1 zeroext false) #78 br label %41 %42 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %0, i64 0, i32 0, i32 17 tail call void @down_read(%struct.rw_semaphore* %42) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@do_madvise, %43)) #6 to label %44 [label %43], !srcloc !4 tail call void @__mmap_lock_do_trace_acquire_returned(%struct.mm_struct* %0, i1 zeroext false, i1 zeroext true) #78 br label %44 %45 = phi i1 [ false, %37 ], [ true, %41 ], [ true, %43 ] %46 = call %struct.vm_area_struct* @find_vma_prev(%struct.mm_struct* %0, i64 %1, %struct.vm_area_struct** nonnull %11) #78 %47 = icmp eq %struct.vm_area_struct* %46, null br i1 %47, label %53, label %48 %49 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %46, i64 0, i32 0 %50 = load i64, i64* %49, align 8 %51 = icmp ult i64 %50, %1 br i1 %51, label %52, label %54 store %struct.vm_area_struct* %46, %struct.vm_area_struct** %11, align 8 br label %54 call void @blk_start_plug(%struct.blk_plug* nonnull %12) #78 %55 = bitcast %struct.mmu_notifier_range* %5 to i8* %56 = bitcast %struct.mmu_gather* %6 to i8* %57 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 3 %59 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 0 %60 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 1 %62 = getelementptr inbounds %struct.mmu_notifier_range, %struct.mmu_notifier_range* %5, i64 0, i32 4 %63 = bitcast %struct.mmu_gather* %8 to i8* %64 = bitcast %struct.madvise_walk_private* %7 to i8* %65 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 0 %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %7, i64 0, i32 1 %67 = bitcast %struct.mmu_gather* %10 to i8* %68 = bitcast %struct.madvise_walk_private* %9 to i8* %69 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 0 %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %9, i64 0, i32 1 br label %71 %72 = phi i32 [ 0, %54 ], [ %82, %323 ] %73 = phi %struct.vm_area_struct* [ %46, %54 ], [ %325, %323 ] %74 = phi i64 [ %1, %54 ], [ %324, %323 ] %75 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 0 %76 = load i64, i64* %75, align 8 %77 = icmp ult i64 %74, %76 br i1 %77, label %78, label %80 %79 = icmp ult i64 %76, %25 br i1 %79, label %80, label %329 %81 = phi i64 [ %76, %78 ], [ %74, %71 ] %82 = phi i32 [ -12, %78 ], [ %72, %71 ] %83 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 1 %84 = load i64, i64* %83, align 8 %85 = icmp ult i64 %25, %84 %86 = select i1 %85, i64 %25, i64 %84 switch i32 %3, label %209 [ i32 9, label %87 i32 3, label %89 i32 20, label %90 i32 21, label %102 i32 8, label %136 i32 4, label %136 i32 22, label %207 i32 23, label %207 ] %210 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 6 %211 = load %struct.mm_struct*, %struct.mm_struct** %210, align 8 %212 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %73, i64 0, i32 8 %213 = load i64, i64* %212, align 8 switch i32 %3, label %254 [ i32 0, label %214 i32 2, label %216 i32 1, label %219 i32 10, label %222 i32 11, label %224 i32 18, label %229 i32 19, label %238 i32 16, label %240 i32 17, label %242 i32 15, label %250 i32 14, label %250 ] %243 = and i64 %213, 4194304 %244 = icmp ne i64 %243, 0 %245 = and i64 %213, 268715008 %246 = icmp eq i64 %245, 0 %247 = or i1 %244, %246 br i1 %247, label %248, label %329 %330 = phi i32 [ -12, %53 ], [ %328, %327 ], [ -22, %242 ], [ -12, %284 ], [ -12, %273 ], [ -22, %229 ], [ -22, %224 ], [ -22, %141 ], [ -22, %136 ], [ %82, %312 ], [ -12, %78 ], [ %82, %310 ], [ -12, %323 ] call void @blk_finish_plug(%struct.blk_plug* nonnull %12) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 __se_sys_io_submit 7 __ia32_sys_io_submit ------------- Path:  Function:__ia32_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_io_submit(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #78 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void @blk_finish_plug(%struct.blk_plug* nonnull %4) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 __se_sys_io_submit 7 __x64_sys_io_submit ------------- Path:  Function:__x64_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_io_submit(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %74, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #78 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %74, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 64 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #78 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void @blk_finish_plug(%struct.blk_plug* nonnull %4) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_finish_plug 6 __ia32_compat_sys_io_submit ------------- Path:  Function:__ia32_compat_sys_io_submit %2 = alloca %struct.blk_plug, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast %struct.blk_plug* %2 to i8* %13 = icmp sgt i32 %10, -1 br i1 %13, label %14, label %82, !prof !4, !misexpect !5 %15 = and i64 %4, 4294967295 %16 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %15) #78 %17 = icmp eq %struct.kioctx* %16, null br i1 %17, label %82, label %18, !prof !6, !misexpect !5 %19 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %16, i64 0, i32 7 %20 = load i32, i32* %19, align 64 %21 = icmp ult i32 %20, %10 %22 = select i1 %21, i32 %20, i32 %10 %23 = icmp sgt i32 %22, 2 br i1 %23, label %24, label %25 %26 = icmp sgt i32 %22, 0 br i1 %26, label %27, label %57 %28 = zext i32 %22 to i64 br label %29 %30 = phi i64 [ 0, %27 ], [ %46, %45 ] %32 = getelementptr i32, i32* %11, i64 %30 %33 = call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %32, i64 4, i64 %31) #6, !srcloc !7 %34 = extractvalue { i32*, i32, i64 } %33, 0 %35 = extractvalue { i32*, i32, i64 } %33, 2 %36 = ptrtoint i32* %34 to i64 %37 = and i64 %36, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %51, !prof !4, !misexpect !5 %40 = extractvalue { i32*, i32, i64 } %33, 1 %41 = zext i32 %40 to i64 %42 = inttoptr i64 %41 to %struct.iocb* %43 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %16, %struct.iocb* %42, i1 zeroext true) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %48 %46 = add nuw nsw i64 %30, 1 %47 = icmp eq i64 %46, %28 br i1 %47, label %53, label %29 %54 = phi i32 [ %49, %48 ], [ %52, %51 ], [ %22, %45 ] %55 = phi i64 [ %50, %48 ], [ -14, %51 ], [ 0, %45 ] br i1 %23, label %56, label %57 call void @blk_finish_plug(%struct.blk_plug* nonnull %2) #78 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.296233* %5 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %4, i64 0, i32 120 %6 = load %struct.blk_plug*, %struct.blk_plug** %5, align 16 %7 = icmp eq %struct.blk_plug* %6, %0 br i1 %7, label %8, label %52 %9 = bitcast %struct.list_head* %2 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 %14 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %15 = icmp eq %struct.list_head* %14, %12 br i1 %15, label %45, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %21 %22 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %23 = icmp eq %struct.list_head* %22, %12 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %17, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %10, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %11, align 8 store volatile %struct.list_head* %12, %struct.list_head** %13, align 8 store volatile %struct.list_head* %12, %struct.list_head** %17, align 8 br label %28 %29 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %30 = icmp eq %struct.list_head* %29, %2 br i1 %30, label %18, label %31 %32 = phi %struct.list_head* [ %43, %31 ], [ %29, %28 ] %33 = bitcast %struct.list_head* %32 to %struct.blk_plug_cb* %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 %35 = load %struct.list_head*, %struct.list_head** %34, align 8 %36 = getelementptr %struct.list_head, %struct.list_head* %32, i64 0, i32 0 %37 = load %struct.list_head*, %struct.list_head** %36, align 8 %38 = getelementptr inbounds %struct.list_head, %struct.list_head* %37, i64 0, i32 1 store %struct.list_head* %35, %struct.list_head** %38, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 store volatile %struct.list_head* %37, %struct.list_head** %39, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %36, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %34, align 8 %40 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 1 %41 = bitcast %struct.list_head* %40 to void (%struct.blk_plug_cb*, i1)** %42 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %41, align 8 call void %42(%struct.blk_plug_cb* %33, i1 zeroext false) #78 %43 = load volatile %struct.list_head*, %struct.list_head** %10, align 8 %44 = icmp eq %struct.list_head* %43, %2 br i1 %44, label %18, label %31 %19 = load volatile %struct.list_head*, %struct.list_head** %13, align 8 %20 = icmp eq %struct.list_head* %19, %12 br i1 %20, label %45, label %21 %46 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %47 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %48 = load volatile %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %46 br i1 %49, label %51, label %50 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 blk_poll 7 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %4 = load %struct.file.294911*, %struct.file.294911** %3, align 8 %5 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %4, i64 0, i32 18 %6 = load %struct.address_space.294992*, %struct.address_space.294992** %5, align 8 %7 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %6, i64 0, i32 0 %8 = load %struct.inode.294985*, %struct.inode.294985** %7, align 8 %9 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %8) #78 %10 = getelementptr inbounds %struct.block_device.294846, %struct.block_device.294846* %9, i64 0, i32 16 %11 = load %struct.gendisk.294844*, %struct.gendisk.294844** %10, align 8 %12 = getelementptr inbounds %struct.gendisk.294844, %struct.gendisk.294844* %11, i64 0, i32 9 %13 = load %struct.request_queue.294836*, %struct.request_queue.294836** %12, align 8 %14 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 7 %15 = bitcast %union.anon.68.294590* %14 to i32* %16 = load volatile i32, i32* %15, align 8 %17 = tail call i32 bitcast (i32 (%struct.request_queue.296182*, i32, i1)* @blk_poll to i32 (%struct.request_queue.294836*, i32, i1)*)(%struct.request_queue.294836* %13, i32 %16, i1 zeroext %1) #78 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.300462, align 8 %5 = icmp eq i32 %1, -1 br i1 %5, label %197, label %6 %7 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %0, i64 0, i32 11 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 65536 %10 = icmp eq i64 %9, 0 br i1 %10, label %197, label %11 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.296233** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.296233**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.296233* %14 = getelementptr inbounds %struct.task_struct.296233, %struct.task_struct.296233* %13, i64 0, i32 120 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 16 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %15, i1 zeroext false) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 _nfs4_do_setattr 11 nfs4_do_setattr 12 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #78 %6 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr, %struct.iattr* %2, i64 0, i32 8 %21 = load %struct.file*, %struct.file** %20, align 8 %22 = getelementptr inbounds %struct.file, %struct.file* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.236429** %24 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %23, align 8 %25 = icmp eq %struct.nfs_open_context.236429* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.236429* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr* %2, %struct.nfs_open_context.236429* %31, %struct.nfs4_label* null) #79 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = load %struct.super_block*, %struct.super_block** %11, align 8 %13 = getelementptr inbounds %struct.super_block, %struct.super_block* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.236401** %15 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %14, align 16 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.236429* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.236428* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %26 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 2 %27 = bitcast %struct.nfs_fh** %24 to %struct.seqcount_spinlock** %28 = bitcast %struct.nfs_setattrargs* %8 to i8* store %struct.seqcount_spinlock* %26, %struct.seqcount_spinlock** %27, align 8 %29 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %30 = bitcast %struct.nfs4_stateid_struct* %29 to i8* %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr* %3, %struct.iattr** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %32, align 8 %33 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %34 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %34, i32** %33, align 8 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %35, align 8 %36 = bitcast %struct.nfs_setattrres* %9 to i8* %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 %38 = bitcast %struct.nfs_setattrres* %9 to i8* store %struct.nfs_fattr* %2, %struct.nfs_fattr** %37, align 8 %39 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %39, align 8 %40 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.236401* %15, %struct.nfs_server.236401** %40, align 8 %41 = bitcast %struct.nfs4_exception* %10 to i8* %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.236428* %22, %struct.nfs4_state.236428** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode* %0, %struct.inode** %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %29, %struct.nfs4_stateid_struct** %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %46, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %47, align 1 %48 = getelementptr inbounds %struct.iattr, %struct.iattr* %3, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = and i32 %49, 6145 %51 = icmp eq i32 %50, 0 %52 = select i1 %51, i64 256, i64 131328 %53 = and i32 %49, 6 %54 = icmp eq i32 %53, 0 %55 = or i64 %52, 4096 %56 = select i1 %54, i64 %52, i64 %55 %57 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 35, i64 0 %58 = bitcast i32* %57 to i8* %59 = icmp eq %struct.inode* %0, null %60 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %25, i64 38 %61 = bitcast %struct.seqcount_spinlock* %60 to i64* %62 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 1 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %15, i64 0, i32 0 %64 = icmp eq %struct.nfs4_state.236428* %22, null %65 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %22, i64 0, i32 13 br label %66 br i1 %59, label %92, label %67 %93 = call fastcc i32 @_nfs4_do_setattr(%struct.inode* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.236429* %4) #79 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %11 = load %struct.super_block*, %struct.super_block** %10, align 8 %12 = getelementptr inbounds %struct.super_block, %struct.super_block* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.236401** %14 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %13, align 16 %15 = bitcast %struct.rpc_message* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 9), %struct.rpc_procinfo** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #78 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr*, %struct.iattr** %26, align 8 %28 = getelementptr inbounds %struct.iattr, %struct.iattr* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 2 %36 = call zeroext i1 @nfs4_copy_delegation_stateid(%struct.inode* %0, i32 2, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #78 br i1 %36, label %62, label %37 %38 = icmp eq %struct.nfs_open_context.236429* %4, null br i1 %38, label %57, label %39 %40 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %4, i64 0, i32 5 %41 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %40, align 8 %42 = icmp eq %struct.nfs4_state.236428* %41, null br i1 %42, label %57, label %43 %44 = getelementptr inbounds %struct.nfs4_state.236428, %struct.nfs4_state.236428* %41, i64 0, i32 5 %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 512 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %156 %49 = call %struct.nfs_lock_context.236430* bitcast (%struct.nfs_lock_context.216978* (%struct.nfs_open_context.216977*)* @nfs_get_lock_context to %struct.nfs_lock_context.236430* (%struct.nfs_open_context.236429*)*)(%struct.nfs_open_context.236429* nonnull %4) #78 %50 = icmp ugt %struct.nfs_lock_context.236430* %49, inttoptr (i64 -4096 to %struct.nfs_lock_context.236430*) br i1 %50, label %51, label %54 %55 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %40, align 8 %56 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %55, i32 2, %struct.nfs_lock_context.236430* %49, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #78 call void bitcast (void (%struct.nfs_lock_context.216978*)* @nfs_put_lock_context to void (%struct.nfs_lock_context.236430*)*)(%struct.nfs_lock_context.236430* %49) #78 switch i32 %56, label %62 [ i32 -5, label %156 i32 -11, label %57 ] %63 = load %struct.cred*, %struct.cred** %9, align 8 %64 = icmp eq %struct.cred* %63, null br i1 %64, label %66, label %65 %67 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %14, i64 0, i32 3 %68 = bitcast %struct.rpc_clnt** %67 to i64* %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0 %71 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0 %72 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %72, align 8 %73 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 1 %74 = load i8, i8* %73, align 8 %75 = and i8 %74, -4 %76 = or i8 %75, 1 store i8 %76, i8* %73, align 8 %77 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %77, align 8 %78 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %14, i64 0, i32 10 %79 = load i32, i32* %78, align 8 %80 = lshr i32 %79, 29 %81 = trunc i32 %80 to i16 %82 = and i16 %81, 4 %83 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %14, i64 0, i32 0 %84 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %83, align 8 %85 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %86 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 store %struct.nfs_server.236401* %14, %struct.nfs_server.236401** %86, align 8 %87 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 store %struct.nfs4_sequence_args.236412* %70, %struct.nfs4_sequence_args.236412** %87, align 8 %88 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 store %struct.nfs4_sequence_res.236414* %71, %struct.nfs4_sequence_res.236414** %88, align 8 %89 = bitcast %struct.rpc_task_setup* %7 to i8* %90 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %91 = bitcast %struct.rpc_clnt** %90 to i64* store i64 %69, i64* %91, align 8 %92 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %93 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %94 = bitcast %struct.rpc_xprt** %92 to i8* store %struct.rpc_message* %8, %struct.rpc_message** %93, align 8 %95 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %96 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %84, i64 0, i32 31 %97 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %96, align 8 %98 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %97, i64 0, i32 10 %99 = bitcast %struct.rpc_call_ops** %98 to i64* %100 = load i64, i64* %99, align 8 %101 = bitcast %struct.rpc_call_ops** %95 to i64* store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %103 = bitcast i8** %102 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %103, align 8 %104 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %104, align 8 %105 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 store i16 %82, i16* %105, align 8 %106 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 9 store i8 0, i8* %106, align 2 %107 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_server_capabilities 11 nfs4_proc_get_root ------------- Path:  Function:nfs4_proc_get_root %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 %6 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %5, i64 0, i32 24 %7 = load %struct.nfs4_label*, %struct.nfs4_label** %6, align 8 %8 = tail call i32 @nfs4_server_capabilities(%struct.nfs_server.236401* %0, %struct.nfs_fh* %1) #78 Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast [3 x i32]* %5 to i8* %13 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %14 = bitcast i32* %13 to i64* %15 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %16 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %21 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %22 = bitcast %struct.rpc_message* %8 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_server_caps_arg** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_res** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %29 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %30 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %31 = bitcast %struct.rpc_clnt** %30 to i64* %32 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %55 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %56 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %57 = bitcast i32* %56 to i8* %58 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %59 = getelementptr [3 x i32], [3 x i32]* %58, i64 0, i64 0 %60 = bitcast [3 x i32]* %58 to i8* %61 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 9 %62 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %63 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %64 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %65 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 36 %66 = bitcast [3 x i32]* %65 to i8* %67 = getelementptr %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 36, i64 2 %68 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 38, i64 0 %69 = bitcast [3 x i32]* %58 to i64* %70 = getelementptr %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 38, i64 1 %71 = getelementptr %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 38, i64 2 %72 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %73 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %74 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %75 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 37, i64 0 %76 = bitcast i32* %75 to i8* %77 = bitcast i32* %72 to i8* %78 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 39 %79 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %80 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 40 %81 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %82 store i64 0, i64* %14, align 4 %83 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %15, align 8 %84 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %83, i64 0, i32 15 %85 = load i32, i32* %84, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 30), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %25, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %27, align 8 store %struct.cred* null, %struct.cred** %28, align 8 store i32 8293, i32* %20, align 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %88, label %87 store i32 2048, i32* %29, align 4 br label %88 %89 = load i64, i64* %31, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %35, align 8 %90 = load i32, i32* %36, align 8 %91 = lshr i32 %90, 29 %92 = trunc i32 %91 to i16 %93 = and i16 %92, 4 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %38, align 8 store %struct.nfs4_sequence_args.236412* %17, %struct.nfs4_sequence_args.236412** %39, align 8 store %struct.nfs4_sequence_res.236414* %32, %struct.nfs4_sequence_res.236414** %40, align 8 store i64 %89, i64* %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %45, align 8 %94 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %83, i64 0, i32 31 %95 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %94, align 8 %96 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %95, i64 0, i32 10 %97 = bitcast %struct.rpc_call_ops** %96 to i64* %98 = load i64, i64* %97, align 8 store i64 %98, i64* %48, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %93, i16* %52, align 8 store i8 0, i8* %53, align 2 %99 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_server_capabilities ------------- Path:  Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast [3 x i32]* %5 to i8* %13 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %14 = bitcast i32* %13 to i64* %15 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %16 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %21 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %22 = bitcast %struct.rpc_message* %8 to i8* %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_server_caps_arg** %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_res** %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %29 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %30 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %31 = bitcast %struct.rpc_clnt** %30 to i64* %32 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %37 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %4 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %55 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %56 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %57 = bitcast i32* %56 to i8* %58 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %59 = getelementptr [3 x i32], [3 x i32]* %58, i64 0, i64 0 %60 = bitcast [3 x i32]* %58 to i8* %61 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 9 %62 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %63 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %64 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %65 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 36 %66 = bitcast [3 x i32]* %65 to i8* %67 = getelementptr %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 36, i64 2 %68 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 38, i64 0 %69 = bitcast [3 x i32]* %58 to i64* %70 = getelementptr %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 38, i64 1 %71 = getelementptr %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 38, i64 2 %72 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %73 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %74 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %75 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 37, i64 0 %76 = bitcast i32* %75 to i8* %77 = bitcast i32* %72 to i8* %78 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 39 %79 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %80 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 40 %81 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %82 store i64 0, i64* %14, align 4 %83 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %15, align 8 %84 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %83, i64 0, i32 15 %85 = load i32, i32* %84, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 30), %struct.rpc_procinfo** %23, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %25, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %27, align 8 store %struct.cred* null, %struct.cred** %28, align 8 store i32 8293, i32* %20, align 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %88, label %87 store i32 2048, i32* %29, align 4 br label %88 %89 = load i64, i64* %31, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %35, align 8 %90 = load i32, i32* %36, align 8 %91 = lshr i32 %90, 29 %92 = trunc i32 %91 to i16 %93 = and i16 %92, 4 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %38, align 8 store %struct.nfs4_sequence_args.236412* %17, %struct.nfs4_sequence_args.236412** %39, align 8 store %struct.nfs4_sequence_res.236414* %32, %struct.nfs4_sequence_res.236414** %40, align 8 store i64 %89, i64* %43, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %45, align 8 %94 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %83, i64 0, i32 31 %95 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %94, align 8 %96 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %95, i64 0, i32 10 %97 = bitcast %struct.rpc_call_ops** %96 to i64* %98 = load i64, i64* %97, align 8 store i64 %98, i64* %48, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %93, i16* %52, align 8 store i8 0, i8* %53, align 2 %99 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 26), %struct.rpc_procinfo** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 %60 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %60) #78 %61 = load i64, i64* %28, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %30, align 8 %62 = load i8, i8* %31, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %31, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %32, align 8 %64 = load i32, i32* %33, align 8 %65 = lshr i32 %64, 29 %66 = trunc i32 %65 to i16 %67 = and i16 %66, 4 %68 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %34, align 8 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %36, align 8 store %struct.nfs4_sequence_args.236412* %25, %struct.nfs4_sequence_args.236412** %37, align 8 store %struct.nfs4_sequence_res.236414* %29, %struct.nfs4_sequence_res.236414** %38, align 8 store i64 %61, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %69 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %68, i64 0, i32 31 %70 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %69, align 8 %71 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %70, i64 0, i32 10 %72 = bitcast %struct.rpc_call_ops** %71 to i64* %73 = load i64, i64* %72, align 8 store i64 %73, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %67, i16* %50, align 8 store i8 0, i8* %51, align 2 %74 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_do_fsinfo 11 nfs4_proc_fsinfo ------------- Path:  Function:nfs4_proc_fsinfo %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %5) #78 %6 = tail call fastcc i32 @nfs4_do_fsinfo(%struct.nfs_server.236401* %0, %struct.nfs_fh* %1, %struct.nfs_fsinfo* %2) #79 Function:nfs4_do_fsinfo %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_fsinfo_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %17 = bitcast %struct.nfs4_fsinfo_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 1 %20 = bitcast i64* %19 to i8* %21 = bitcast %struct.rpc_message* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_fsinfo_res** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %29 = bitcast %struct.rpc_clnt** %28 to i64* %30 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %33 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %35 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup* %5 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %45 = bitcast %struct.rpc_xprt** %43 to i8* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %47 = bitcast %struct.rpc_call_ops** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %53 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %55 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.cred* null, %struct.cred** %27, align 8 %56 = load i64, i64* %29, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %33, align 8 %57 = load i32, i32* %34, align 8 %58 = lshr i32 %57, 29 %59 = trunc i32 %58 to i16 %60 = and i16 %59, 4 %61 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %35, align 8 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %37, align 8 store %struct.nfs4_sequence_args.236412* %13, %struct.nfs4_sequence_args.236412** %38, align 8 store %struct.nfs4_sequence_res.236414* %30, %struct.nfs4_sequence_res.236414** %39, align 8 store i64 %56, i64* %42, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %62 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %61, i64 0, i32 31 %63 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %62, align 8 %64 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %63, i64 0, i32 10 %65 = bitcast %struct.rpc_call_ops** %64 to i64* %66 = load i64, i64* %65, align 8 store i64 %66, i64* %47, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 %60, i16* %51, align 8 store i8 0, i8* %52, align 2 %67 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #78 %70 = ptrtoint %struct.rpc_task* %67 to i64 %71 = trunc i64 %70 to i32 br label %75 %76 = phi i32 [ %71, %69 ], [ %74, %72 ] %77 = load %struct.nfs_fattr*, %struct.nfs_fattr** %53, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_fsinfo to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_do_fsinfo, %78)) #6 to label %92 [label %78], !srcloc !4 %93 = icmp eq i32 %76, 0 br i1 %93, label %94, label %100 %101 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %0, i32 %76, %struct.nfs4_exception* nonnull %9) #79 %102 = load i8, i8* %54, align 8 %103 = and i8 %102, 8 %104 = icmp eq i8 %103, 0 br i1 %104, label %105, label %55 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 10), %struct.rpc_procinfo** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.cred* null, %struct.cred** %27, align 8 %56 = load i64, i64* %29, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %33, align 8 %57 = load i32, i32* %34, align 8 %58 = lshr i32 %57, 29 %59 = trunc i32 %58 to i16 %60 = and i16 %59, 4 %61 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %35, align 8 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %37, align 8 store %struct.nfs4_sequence_args.236412* %13, %struct.nfs4_sequence_args.236412** %38, align 8 store %struct.nfs4_sequence_res.236414* %30, %struct.nfs4_sequence_res.236414** %39, align 8 store i64 %56, i64* %42, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %44, align 8 %62 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %61, i64 0, i32 31 %63 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %62, align 8 %64 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %63, i64 0, i32 10 %65 = bitcast %struct.rpc_call_ops** %64 to i64* %66 = load i64, i64* %65, align 8 store i64 %66, i64* %47, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 %60, i16* %51, align 8 store i8 0, i8* %52, align 2 %67 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_statfs ------------- Path:  Function:nfs4_proc_statfs %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_statfs_res, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %17 = bitcast %struct.nfs4_statfs_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 1 %19 = bitcast %struct.rpc_message* %8 to i8* %20 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 %21 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.nfs4_server_caps_arg** %23 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %24 = bitcast i8** %23 to %struct.nfs4_statfs_res** %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 %26 = getelementptr inbounds %struct.nfs_fsstat, %struct.nfs_fsstat* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 10 %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %53 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 27), %struct.rpc_procinfo** %20, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %22, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %24, align 8 store %struct.cred* null, %struct.cred** %25, align 8 %54 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %54) #78 %55 = load i64, i64* %28, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %30, align 8 %56 = load i8, i8* %31, align 8 %57 = and i8 %56, -4 store i8 %57, i8* %31, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %32, align 8 %58 = load i32, i32* %33, align 8 %59 = lshr i32 %58, 29 %60 = trunc i32 %59 to i16 %61 = and i16 %60, 4 %62 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %34, align 8 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %36, align 8 store %struct.nfs4_sequence_args.236412* %13, %struct.nfs4_sequence_args.236412** %37, align 8 store %struct.nfs4_sequence_res.236414* %29, %struct.nfs4_sequence_res.236414** %38, align 8 store i64 %55, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %63 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %62, i64 0, i32 31 %64 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %61, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #78 %71 = ptrtoint %struct.rpc_task* %68 to i64 %72 = trunc i64 %71 to i32 br label %76 %77 = phi i32 [ %72, %70 ], [ %75, %73 ] %78 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %0, i32 %77, %struct.nfs4_exception* nonnull %9) #79 %79 = load i8, i8* %52, align 8 %80 = and i8 %79, 8 %81 = icmp eq i8 %80, 0 br i1 %81, label %82, label %53 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %18, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 27), %struct.rpc_procinfo** %20, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %22, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %24, align 8 store %struct.cred* null, %struct.cred** %25, align 8 %54 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %54) #78 %55 = load i64, i64* %28, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %30, align 8 %56 = load i8, i8* %31, align 8 %57 = and i8 %56, -4 store i8 %57, i8* %31, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %32, align 8 %58 = load i32, i32* %33, align 8 %59 = lshr i32 %58, 29 %60 = trunc i32 %59 to i16 %61 = and i16 %60, 4 %62 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %34, align 8 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %36, align 8 store %struct.nfs4_sequence_args.236412* %13, %struct.nfs4_sequence_args.236412** %37, align 8 store %struct.nfs4_sequence_res.236414* %29, %struct.nfs4_sequence_res.236414** %38, align 8 store i64 %55, i64* %41, align 8 store %struct.rpc_message* %8, %struct.rpc_message** %43, align 8 %63 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %62, i64 0, i32 31 %64 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %63, align 8 %65 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %64, i64 0, i32 10 %66 = bitcast %struct.rpc_call_ops** %65 to i64* %67 = load i64, i64* %66, align 8 store i64 %67, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 %61, i16* %50, align 8 store i8 0, i8* %51, align 2 %68 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_readdir ------------- Path:  Function:nfs4_proc_readdir %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_readdir_arg, align 8 %6 = alloca %struct.nfs4_readdir_res, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 0 %12 = bitcast %struct.nfs4_readdir_arg* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 1 %15 = bitcast %struct.nfs_fh** %14 to %struct.seqcount_spinlock** %16 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 2 %17 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 4 %18 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 5 %19 = bitcast i64* %16 to i8* %20 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 5 %21 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 4 %22 = bitcast %struct.page*** %21 to i64* %23 = bitcast %struct.page*** %20 to i64* %24 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 6 %25 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 7 %26 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 8 %27 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 6 %28 = bitcast %struct.nfs4_readdir_res* %6 to i8* %29 = bitcast %struct.rpc_message* %7 to i8* %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.nfs4_readdir_arg** %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %34 = bitcast i8** %33 to %struct.nfs4_readdir_res** %35 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %36 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 1 %37 = bitcast %struct.cred** %36 to i64* %38 = bitcast %struct.cred** %35 to i64* %39 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 3 %40 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 3, i32 0, i64 0 %42 = bitcast i8* %41 to i64* %43 = getelementptr inbounds %struct.nfs_readdir_arg, %struct.nfs_readdir_arg* %0, i64 0, i32 2 %44 = bitcast i32** %43 to i64** %45 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 0 %47 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %5, i64 0, i32 0, i32 0 %48 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 0, i32 0 %49 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %51 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %52 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %53 = bitcast %struct.rpc_task_setup* %4 to i8* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %55 = bitcast %struct.rpc_clnt** %54 to i64* %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %58 = bitcast %struct.rpc_xprt** %56 to i8* %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %60 = bitcast %struct.rpc_call_ops** %59 to i64* %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %62 = bitcast i8** %61 to %struct.nfs4_call_sync_data** %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %64 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %65 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %66 = bitcast %union.anon.110* %1 to i64** %67 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %6, i64 0, i32 1, i32 0, i64 0 %68 = bitcast i8* %67 to i64* %69 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %70 %71 = load %struct.dentry*, %struct.dentry** %11, align 8 %72 = getelementptr inbounds %struct.dentry, %struct.dentry* %71, i64 0, i32 5 %73 = load %struct.inode*, %struct.inode** %72, align 8 %74 = getelementptr inbounds %struct.inode, %struct.inode* %73, i64 0, i32 8 %75 = load %struct.super_block*, %struct.super_block** %74, align 8 %76 = getelementptr inbounds %struct.super_block, %struct.super_block* %75, i64 0, i32 28 %77 = bitcast i8** %76 to %struct.nfs_server.236401** %78 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %77, align 16 %79 = getelementptr %struct.inode, %struct.inode* %73, i64 -1, i32 24, i32 2 %80 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %79, i64 2 store %struct.seqcount_spinlock* %80, %struct.seqcount_spinlock** %15, align 8 %81 = load i32, i32* %18, align 8 store i32 %81, i32* %17, align 8 %82 = load i64, i64* %22, align 8 store i64 %82, i64* %23, align 8 store i32 0, i32* %24, align 8 %83 = load i8, i8* %27, align 4, !range !4 store i8 %83, i8* %26, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 29), %struct.rpc_procinfo** %30, align 8 store %struct.nfs4_readdir_arg* %5, %struct.nfs4_readdir_arg** %32, align 8 store %struct.nfs4_readdir_res* %6, %struct.nfs4_readdir_res** %34, align 8 %84 = load i64, i64* %37, align 8 store i64 %84, i64* %38, align 8 %85 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %78, i64 0, i32 10 %86 = load i32, i32* %85, align 8 %87 = and i32 %86, 262144 %88 = icmp eq i32 %87, 0 %89 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %78, i64 0, i32 36, i64 0 %90 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %78, i64 0, i32 35, i64 0 %91 = select i1 %88, i32* %89, i32* %90 store i32* %91, i32** %25, align 8 %92 = load i64, i64* %39, align 8 %93 = icmp ugt i64 %92, 2 %94 = inttoptr i64 %82 to i64* br i1 %93, label %95, label %98 %99 = icmp eq i64 %92, 2 br i1 %99, label %173, label %100 %101 = load i64, i64* %94, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %102 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !6 %103 = inttoptr i64 %102 to %struct.task_struct* %104 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %103, i64 0, i32 166 %105 = load i32, i32* %104, align 8 %106 = add i32 %105, 1 store i32 %106, i32* %104, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %107 = load i64, i64* @vmemmap_base, align 8 %108 = sub i64 %101, %107 %109 = shl i64 %108, 6 %110 = load i64, i64* @page_offset_base, align 8 %111 = add i64 %109, %110 %112 = inttoptr i64 %111 to i8* %113 = inttoptr i64 %111 to i32* %114 = icmp eq i64 %92, 0 br i1 %114, label %115, label %141 %116 = getelementptr i8, i8* %112, i64 4 %117 = bitcast i8* %116 to i32* store i32 16777216, i32* %113, align 4 %118 = getelementptr i8, i8* %112, i64 8 %119 = bitcast i8* %118 to i32* store i32 0, i32* %117, align 4 %120 = getelementptr i8, i8* %112, i64 12 %121 = bitcast i8* %120 to i32* store i32 16777216, i32* %119, align 4 %122 = getelementptr i8, i8* %112, i64 16 store i32 16777216, i32* %121, align 4 %123 = bitcast i8* %122 to i32* store i32 46, i32* %123, align 4 %124 = getelementptr i8, i8* %112, i64 20 %125 = bitcast i8* %124 to i32* %126 = getelementptr i8, i8* %112, i64 24 %127 = bitcast i8* %126 to i32* store i32 16777216, i32* %125, align 4 %128 = getelementptr i8, i8* %112, i64 28 %129 = bitcast i8* %128 to i32* store i32 33558528, i32* %127, align 4 %130 = getelementptr i8, i8* %112, i64 32 %131 = bitcast i8* %130 to i32* store i32 201326592, i32* %129, align 4 %132 = getelementptr i8, i8* %112, i64 36 store i32 33554432, i32* %131, align 4 %133 = load %struct.inode*, %struct.inode** %72, align 8 %134 = getelementptr %struct.inode, %struct.inode* %133, i64 -1, i32 24, i32 2 %135 = bitcast %struct.seqcount_spinlock* %134 to i64* %136 = load i64, i64* %135, align 8 %138 = bitcast i8* %132 to i64* store i64 %137, i64* %138, align 1 %139 = getelementptr i8, i8* %112, i64 44 %140 = bitcast i8* %139 to i32* br label %141 %142 = phi i32* [ %140, %115 ], [ %113, %100 ] %143 = getelementptr i32, i32* %142, i64 1 store i32 16777216, i32* %142, align 4 %144 = getelementptr i32, i32* %142, i64 2 store i32 0, i32* %143, align 4 %145 = getelementptr i32, i32* %142, i64 3 store i32 33554432, i32* %144, align 4 %146 = getelementptr i32, i32* %142, i64 4 store i32 33554432, i32* %145, align 4 store i32 11822, i32* %146, align 4 %147 = getelementptr i32, i32* %142, i64 5 %148 = getelementptr i32, i32* %142, i64 6 store i32 16777216, i32* %147, align 4 %149 = getelementptr i32, i32* %142, i64 7 store i32 33558528, i32* %148, align 4 %150 = getelementptr i32, i32* %142, i64 8 store i32 201326592, i32* %149, align 4 %151 = getelementptr i32, i32* %142, i64 9 store i32 33554432, i32* %150, align 4 %152 = getelementptr inbounds %struct.dentry, %struct.dentry* %71, i64 0, i32 3 %153 = load %struct.dentry*, %struct.dentry** %152, align 8 %154 = getelementptr inbounds %struct.dentry, %struct.dentry* %153, i64 0, i32 5 %155 = load %struct.inode*, %struct.inode** %154, align 8 %156 = getelementptr %struct.inode, %struct.inode* %155, i64 -1, i32 24, i32 2 %157 = bitcast %struct.seqcount_spinlock* %156 to i64* %158 = load i64, i64* %157, align 8 %160 = bitcast i32* %151 to i64* store i64 %159, i64* %160, align 1 %161 = getelementptr i32, i32* %142, i64 11 %162 = ptrtoint i32* %161 to i64 %163 = sub i64 %162, %111 %164 = trunc i64 %163 to i32 store i32 %164, i32* %24, align 8 %165 = load i32, i32* %17, align 8 %166 = sub i32 %165, %164 store i32 %166, i32* %17, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %167 = load i32, i32* %104, align 8 %168 = add i32 %167, -1 store i32 %168, i32* %104, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %169 = load i32, i32* %24, align 8 %170 = load i8, i8* %40, align 8 %171 = load i32, i32* %85, align 8 %172 = and i8 %170, -4 br label %173 %174 = phi i32 [ %86, %95 ], [ %86, %98 ], [ %171, %141 ] %175 = phi i8 [ 0, %95 ], [ 0, %98 ], [ %172, %141 ] %176 = phi i32 [ 0, %95 ], [ 0, %98 ], [ %169, %141 ] store i32 %176, i32* %45, align 8 %177 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %78, i64 0, i32 3 %178 = bitcast %struct.rpc_clnt** %177 to i64* %179 = load i64, i64* %178, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %47, align 8 store i8 %175, i8* %40, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %48, align 8 %180 = lshr i32 %174, 29 %181 = trunc i32 %180 to i16 %182 = and i16 %181, 4 %183 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %78, i64 0, i32 0 %184 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %183, align 8 store %struct.nfs_server.236401* %78, %struct.nfs_server.236401** %50, align 8 store %struct.nfs4_sequence_args.236412* %13, %struct.nfs4_sequence_args.236412** %51, align 8 store %struct.nfs4_sequence_res.236414* %46, %struct.nfs4_sequence_res.236414** %52, align 8 store i64 %179, i64* %55, align 8 store %struct.rpc_message* %7, %struct.rpc_message** %57, align 8 %185 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %184, i64 0, i32 31 %186 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %185, align 8 %187 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %186, i64 0, i32 10 %188 = bitcast %struct.rpc_call_ops** %187 to i64* %189 = load i64, i64* %188, align 8 store i64 %189, i64* %60, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %62, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %63, align 8 store i16 %182, i16* %64, align 8 store i8 0, i8* %65, align 2 %190 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 _nfs4_proc_remove 11 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = icmp eq %struct.inode* %7, null br i1 %8, label %17, label %9 %18 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %20 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %21 %22 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %18, i32 1) #79 %38 = load %struct.super_block*, %struct.super_block** %19, align 8 %39 = getelementptr inbounds %struct.super_block, %struct.super_block* %38, i64 0, i32 28 %40 = bitcast i8** %39 to %struct.nfs_server.236401** %41 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %40, align 16 %42 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %41, i32 %22, %struct.nfs4_exception* nonnull %3) #79 %43 = load i8, i8* %20, align 8 %44 = and i8 %43, 8 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %21 %22 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %18, i32 1) #79 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.236413, align 8 %7 = alloca %struct.nfs_removeres.236415, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.236401** %13 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %12, align 16 %14 = bitcast %struct.nfs_removeargs.236413* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 2 %19 = bitcast %struct.nfs_fh** %16 to %struct.seqcount_spinlock** %20 = bitcast %struct.nfs_removeargs.236413* %6 to i8* store %struct.seqcount_spinlock* %18, %struct.seqcount_spinlock** %19, align 8 %21 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 2 %22 = bitcast %struct.qstr* %21 to i8* %23 = bitcast %struct.qstr* %1 to i8* %24 = bitcast %struct.nfs_removeres.236415* %7 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %7, i64 0, i32 1 %26 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %7, i64 0, i32 0, i32 1 %27 = bitcast i64* %26 to i8* store %struct.nfs_server.236401* %13, %struct.nfs_server.236401** %25, align 8 %28 = bitcast %struct.rpc_message* %8 to i8* %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %31 = bitcast i8** %30 to %struct.nfs_removeargs.236413** store %struct.nfs_removeargs.236413* %6, %struct.nfs_removeargs.236413** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %33 = bitcast i8** %32 to %struct.nfs_removeres.236415** store %struct.nfs_removeres.236415* %7, %struct.nfs_removeres.236415** %33, align 8 %34 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* null, %struct.cred** %34, align 8 %35 = load volatile i64, i64* @jiffies, align 64 %36 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %13, i64 0, i32 3 %37 = bitcast %struct.rpc_clnt** %36 to i64* %38 = load i64, i64* %37, align 8 %39 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %7, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %40, align 8 %41 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 1 store i8 1, i8* %41, align 8 %42 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %42, align 8 %43 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %13, i64 0, i32 10 %44 = load i32, i32* %43, align 8 %45 = lshr i32 %44, 29 %46 = trunc i32 %45 to i16 %47 = and i16 %46, 4 %48 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %13, i64 0, i32 0 %49 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %48, align 8 %50 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %51 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.236401* %13, %struct.nfs_server.236401** %51, align 8 %52 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.236412* %15, %struct.nfs4_sequence_args.236412** %52, align 8 %53 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.236414* %39, %struct.nfs4_sequence_res.236414** %53, align 8 %54 = bitcast %struct.rpc_task_setup* %5 to i8* %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %56 = bitcast %struct.rpc_clnt** %55 to i64* store i64 %38, i64* %56, align 8 %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %59 = bitcast %struct.rpc_xprt** %57 to i8* store %struct.rpc_message* %8, %struct.rpc_message** %58, align 8 %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %49, i64 0, i32 31 %62 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %61, align 8 %63 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %62, i64 0, i32 10 %64 = bitcast %struct.rpc_call_ops** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = bitcast %struct.rpc_call_ops** %60 to i64* store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %68 = bitcast i8** %67 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %68, align 8 %69 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %69, align 8 %70 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i16 %47, i16* %70, align 8 %71 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 store i8 0, i8* %71, align 2 %72 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 _nfs4_proc_remove 11 nfs4_proc_rmdir ------------- Path:  Function:nfs4_proc_rmdir %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %7 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %8 %9 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %1, i32 2) #78 %25 = load %struct.super_block*, %struct.super_block** %6, align 8 %26 = getelementptr inbounds %struct.super_block, %struct.super_block* %25, i64 0, i32 28 %27 = bitcast i8** %26 to %struct.nfs_server.236401** %28 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %27, align 16 %29 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %28, i32 %9, %struct.nfs4_exception* nonnull %3) #78 %30 = load i8, i8* %7, align 8 %31 = and i8 %30, 8 %32 = icmp eq i8 %31, 0 br i1 %32, label %33, label %8 %9 = call fastcc i32 @_nfs4_proc_remove(%struct.inode* %0, %struct.qstr* %1, i32 2) #78 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup, align 8 %6 = alloca %struct.nfs_removeargs.236413, align 8 %7 = alloca %struct.nfs_removeres.236415, align 8 %8 = alloca %struct.rpc_message, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %10 = load %struct.super_block*, %struct.super_block** %9, align 8 %11 = getelementptr inbounds %struct.super_block, %struct.super_block* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.236401** %13 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %12, align 16 %14 = bitcast %struct.nfs_removeargs.236413* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 1 %17 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %18 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %17, i64 2 %19 = bitcast %struct.nfs_fh** %16 to %struct.seqcount_spinlock** %20 = bitcast %struct.nfs_removeargs.236413* %6 to i8* store %struct.seqcount_spinlock* %18, %struct.seqcount_spinlock** %19, align 8 %21 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 2 %22 = bitcast %struct.qstr* %21 to i8* %23 = bitcast %struct.qstr* %1 to i8* %24 = bitcast %struct.nfs_removeres.236415* %7 to i8* %25 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %7, i64 0, i32 1 %26 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %7, i64 0, i32 0, i32 1 %27 = bitcast i64* %26 to i8* store %struct.nfs_server.236401* %13, %struct.nfs_server.236401** %25, align 8 %28 = bitcast %struct.rpc_message* %8 to i8* %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 0 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 21), %struct.rpc_procinfo** %29, align 8 %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 1 %31 = bitcast i8** %30 to %struct.nfs_removeargs.236413** store %struct.nfs_removeargs.236413* %6, %struct.nfs_removeargs.236413** %31, align 8 %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 2 %33 = bitcast i8** %32 to %struct.nfs_removeres.236415** store %struct.nfs_removeres.236415* %7, %struct.nfs_removeres.236415** %33, align 8 %34 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %8, i64 0, i32 3 store %struct.cred* null, %struct.cred** %34, align 8 %35 = load volatile i64, i64* @jiffies, align 64 %36 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %13, i64 0, i32 3 %37 = bitcast %struct.rpc_clnt** %36 to i64* %38 = load i64, i64* %37, align 8 %39 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %7, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %40, align 8 %41 = getelementptr inbounds %struct.nfs_removeargs.236413, %struct.nfs_removeargs.236413* %6, i64 0, i32 0, i32 1 store i8 1, i8* %41, align 8 %42 = getelementptr inbounds %struct.nfs_removeres.236415, %struct.nfs_removeres.236415* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %42, align 8 %43 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %13, i64 0, i32 10 %44 = load i32, i32* %43, align 8 %45 = lshr i32 %44, 29 %46 = trunc i32 %45 to i16 %47 = and i16 %46, 4 %48 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %13, i64 0, i32 0 %49 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %48, align 8 %50 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %51 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.236401* %13, %struct.nfs_server.236401** %51, align 8 %52 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.236412* %15, %struct.nfs4_sequence_args.236412** %52, align 8 %53 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.236414* %39, %struct.nfs4_sequence_res.236414** %53, align 8 %54 = bitcast %struct.rpc_task_setup* %5 to i8* %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 1 %56 = bitcast %struct.rpc_clnt** %55 to i64* store i64 %38, i64* %56, align 8 %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 2 %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 4 %59 = bitcast %struct.rpc_xprt** %57 to i8* store %struct.rpc_message* %8, %struct.rpc_message** %58, align 8 %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 5 %61 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %49, i64 0, i32 31 %62 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %61, align 8 %63 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %62, i64 0, i32 10 %64 = bitcast %struct.rpc_call_ops** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = bitcast %struct.rpc_call_ops** %60 to i64* store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 6 %68 = bitcast i8** %67 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %68, align 8 %69 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %69, align 8 %70 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 8 store i16 %47, i16* %70, align 8 %71 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %5, i64 0, i32 9 store i8 0, i8* %71, align 2 %72 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %5) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_readlink ------------- Path:  Function:nfs4_proc_readlink %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.page*, align 8 %8 = alloca %struct.nfs4_readlink, align 8 %9 = alloca %struct.nfs4_readlink_res, align 8 %10 = alloca %struct.rpc_message, align 8 %11 = alloca %struct.nfs4_exception, align 8 %12 = bitcast %struct.nfs4_exception* %11 to i8* %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 5 store i8 1, i8* %13, align 1 %14 = bitcast %struct.page** %7 to i8* %15 = bitcast %struct.nfs4_readlink* %8 to i8* %16 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 1 %18 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 2 %20 = bitcast %struct.nfs_fh** %17 to %struct.seqcount_spinlock** %21 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 2 %22 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 3 %23 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 4 %24 = bitcast %struct.nfs4_readlink_res* %9 to i8* %25 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0, i32 1 %26 = bitcast i64* %25 to i8* %27 = bitcast %struct.rpc_message* %10 to i8* %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 0 %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 1 %30 = bitcast i8** %29 to %struct.nfs4_readlink** %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 2 %32 = bitcast i8** %31 to %struct.nfs4_readlink_res** %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %10, i64 0, i32 3 %34 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup* %6 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %56 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 4 br label %57 store %struct.page* %1, %struct.page** %7, align 8 store %struct.seqcount_spinlock* %19, %struct.seqcount_spinlock** %20, align 8 store i32 %2, i32* %21, align 8 store i32 %3, i32* %22, align 4 store %struct.page** %7, %struct.page*** %23, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 28), %struct.rpc_procinfo** %28, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %30, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %32, align 8 store %struct.cred* null, %struct.cred** %33, align 8 %58 = load %struct.super_block*, %struct.super_block** %34, align 8 %59 = getelementptr inbounds %struct.super_block, %struct.super_block* %58, i64 0, i32 28 %60 = bitcast i8** %59 to %struct.nfs_server.236401** %61 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %60, align 16 %62 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %61, i64 0, i32 3 %63 = bitcast %struct.rpc_clnt** %62 to i64* %64 = load i64, i64* %63, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %36, align 8 store i8 0, i8* %37, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %38, align 8 %65 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %61, i64 0, i32 10 %66 = load i32, i32* %65, align 8 %67 = lshr i32 %66, 29 %68 = trunc i32 %67 to i16 %69 = and i16 %68, 4 %70 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %61, i64 0, i32 0 %71 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %70, align 8 store %struct.nfs_server.236401* %61, %struct.nfs_server.236401** %40, align 8 store %struct.nfs4_sequence_args.236412* %16, %struct.nfs4_sequence_args.236412** %41, align 8 store %struct.nfs4_sequence_res.236414* %35, %struct.nfs4_sequence_res.236414** %42, align 8 store i64 %64, i64* %45, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %47, align 8 %72 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %71, i64 0, i32 31 %73 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %72, align 8 %74 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %73, i64 0, i32 10 %75 = bitcast %struct.rpc_call_ops** %74 to i64* %76 = load i64, i64* %75, align 8 store i64 %76, i64* %50, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %52, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %53, align 8 store i16 %69, i16* %54, align 8 store i8 0, i8* %55, align 2 %77 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #78 %80 = ptrtoint %struct.rpc_task* %77 to i64 %81 = trunc i64 %80 to i32 br label %85 %86 = phi i32 [ %81, %79 ], [ %84, %82 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_readlink to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_readlink, %87)) #6 to label %101 [label %87], !srcloc !4 %102 = load %struct.super_block*, %struct.super_block** %34, align 8 %103 = getelementptr inbounds %struct.super_block, %struct.super_block* %102, i64 0, i32 28 %104 = bitcast i8** %103 to %struct.nfs_server.236401** %105 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %104, align 16 %106 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %105, i32 %86, %struct.nfs4_exception* nonnull %11) #79 %107 = load i8, i8* %56, align 8 %108 = and i8 %107, 8 %109 = icmp eq i8 %108, 0 br i1 %109, label %110, label %57 store %struct.page* %1, %struct.page** %7, align 8 store %struct.seqcount_spinlock* %19, %struct.seqcount_spinlock** %20, align 8 store i32 %2, i32* %21, align 8 store i32 %3, i32* %22, align 4 store %struct.page** %7, %struct.page*** %23, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 28), %struct.rpc_procinfo** %28, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %30, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %32, align 8 store %struct.cred* null, %struct.cred** %33, align 8 %58 = load %struct.super_block*, %struct.super_block** %34, align 8 %59 = getelementptr inbounds %struct.super_block, %struct.super_block* %58, i64 0, i32 28 %60 = bitcast i8** %59 to %struct.nfs_server.236401** %61 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %60, align 16 %62 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %61, i64 0, i32 3 %63 = bitcast %struct.rpc_clnt** %62 to i64* %64 = load i64, i64* %63, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %36, align 8 store i8 0, i8* %37, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %38, align 8 %65 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %61, i64 0, i32 10 %66 = load i32, i32* %65, align 8 %67 = lshr i32 %66, 29 %68 = trunc i32 %67 to i16 %69 = and i16 %68, 4 %70 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %61, i64 0, i32 0 %71 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %70, align 8 store %struct.nfs_server.236401* %61, %struct.nfs_server.236401** %40, align 8 store %struct.nfs4_sequence_args.236412* %16, %struct.nfs4_sequence_args.236412** %41, align 8 store %struct.nfs4_sequence_res.236414* %35, %struct.nfs4_sequence_res.236414** %42, align 8 store i64 %64, i64* %45, align 8 store %struct.rpc_message* %10, %struct.rpc_message** %47, align 8 %72 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %71, i64 0, i32 31 %73 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %72, align 8 %74 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %73, i64 0, i32 10 %75 = bitcast %struct.rpc_call_ops** %74 to i64* %76 = load i64, i64* %75, align 8 store i64 %76, i64* %50, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %52, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %53, align 8 store i16 %69, i16* %54, align 8 store i8 0, i8* %55, align 2 %77 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 2 %17 = bitcast %struct.nfs_fh** %14 to %struct.seqcount_spinlock** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %4, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %56 = bitcast %struct.nfs_fattr** %33 to i8** %57 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %58 %59 = load %struct.super_block*, %struct.super_block** %11, align 8 %60 = getelementptr inbounds %struct.super_block, %struct.super_block* %59, i64 0, i32 28 %61 = bitcast i8** %60 to %struct.nfs_server.236401** %62 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %61, align 16 store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 store i32* null, i32** %18, align 8 %63 = load i32, i32* %20, align 8 store i32 %63, i32* %19, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %22, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 17), %struct.rpc_procinfo** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %64 = load i64, i64* %31, align 8 store i64 %64, i64* %32, align 8 %65 = call i32 @nfs4_have_delegation(%struct.inode* %0, i32 1) #78 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %72 %68 = call %struct.nfs_fattr* @nfs_alloc_fattr() #78 store %struct.nfs_fattr* %68, %struct.nfs_fattr** %33, align 8 %69 = icmp eq %struct.nfs_fattr* %68, null br i1 %69, label %109, label %70 %71 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %62, i64 0, i32 38, i64 0 store i32* %71, i32** %18, align 8 br label %72 %73 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %62, i64 0, i32 3 %74 = bitcast %struct.rpc_clnt** %73 to i64* %75 = load i64, i64* %74, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %35, align 8 %76 = load i8, i8* %36, align 8 %77 = and i8 %76, -4 store i8 %77, i8* %36, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %37, align 8 %78 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %62, i64 0, i32 10 %79 = load i32, i32* %78, align 8 %80 = lshr i32 %79, 29 %81 = trunc i32 %80 to i16 %82 = and i16 %81, 4 %83 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %62, i64 0, i32 0 %84 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %83, align 8 store %struct.nfs_server.236401* %62, %struct.nfs_server.236401** %39, align 8 store %struct.nfs4_sequence_args.236412* %13, %struct.nfs4_sequence_args.236412** %40, align 8 store %struct.nfs4_sequence_res.236414* %34, %struct.nfs4_sequence_res.236414** %41, align 8 store i64 %75, i64* %44, align 8 store %struct.rpc_message* %7, %struct.rpc_message** %46, align 8 %85 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %84, i64 0, i32 31 %86 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %85, align 8 %87 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %86, i64 0, i32 10 %88 = bitcast %struct.rpc_call_ops** %87 to i64* %89 = load i64, i64* %88, align 8 store i64 %89, i64* %49, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 %82, i16* %53, align 8 store i8 0, i8* %54, align 2 %90 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %4) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_lookupp ------------- Path:  Function:nfs4_proc_lookupp %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup, align 8 %7 = alloca %struct.nfs4_server_caps_arg, align 8 %8 = alloca %struct.nfs4_lookup_res, align 8 %9 = alloca %struct.rpc_message, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = bitcast %struct.nfs4_server_caps_arg* %7 to i8* %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 1 %16 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %17 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %16, i64 2 %18 = bitcast %struct.nfs_fh** %15 to %struct.seqcount_spinlock** %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 2 %20 = bitcast %struct.nfs4_lookup_res* %8 to i8* %21 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 1 %22 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 2 %23 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 3 %24 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 4 %25 = bitcast %struct.rpc_message* %9 to i8* %26 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 0 %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs4_server_caps_arg** %29 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs4_lookup_res** %31 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %9, i64 0, i32 3 %32 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup* %6 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %6, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %55 %56 = load %struct.super_block*, %struct.super_block** %13, align 8 %57 = getelementptr inbounds %struct.super_block, %struct.super_block* %56, i64 0, i32 28 %58 = bitcast i8** %57 to %struct.nfs_server.236401** %59 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %58, align 16 %60 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %59, i64 0, i32 3 %61 = bitcast %struct.rpc_clnt** %60 to i64* %62 = load i64, i64* %61, align 8 store %struct.seqcount_spinlock* %17, %struct.seqcount_spinlock** %18, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %59, i64 0, i32 35, i64 0 store %struct.nfs_server.236401* %59, %struct.nfs_server.236401** %21, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %22, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %23, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %24, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 61), %struct.rpc_procinfo** %26, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %28, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %30, align 8 store %struct.cred* null, %struct.cred** %31, align 8 store i32* %63, i32** %19, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #78 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %34, align 8 %64 = load i8, i8* %35, align 8 %65 = and i8 %64, -4 store i8 %65, i8* %35, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %36, align 8 %66 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %59, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = lshr i32 %67, 29 %69 = trunc i32 %68 to i16 %70 = and i16 %69, 4 %71 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %59, i64 0, i32 0 %72 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %71, align 8 store %struct.nfs_server.236401* %59, %struct.nfs_server.236401** %38, align 8 store %struct.nfs4_sequence_args.236412* %33, %struct.nfs4_sequence_args.236412** %39, align 8 store %struct.nfs4_sequence_res.236414* %32, %struct.nfs4_sequence_res.236414** %40, align 8 store i64 %62, i64* %43, align 8 store %struct.rpc_message* %9, %struct.rpc_message** %45, align 8 %73 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %72, i64 0, i32 31 %74 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %73, align 8 %75 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %74, i64 0, i32 10 %76 = bitcast %struct.rpc_call_ops** %75 to i64* %77 = load i64, i64* %76, align 8 store i64 %77, i64* %48, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %70, i16* %52, align 8 store i8 0, i8* %53, align 2 %78 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #78 %81 = ptrtoint %struct.rpc_task* %78 to i64 %82 = trunc i64 %81 to i32 br label %86 %87 = phi i32 [ %82, %80 ], [ %85, %83 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_lookupp to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_proc_lookupp, %88)) #6 to label %102 [label %88], !srcloc !4 %103 = load %struct.super_block*, %struct.super_block** %13, align 8 %104 = getelementptr inbounds %struct.super_block, %struct.super_block* %103, i64 0, i32 28 %105 = bitcast i8** %104 to %struct.nfs_server.236401** %106 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %105, align 16 %107 = call i32 @nfs4_handle_exception(%struct.nfs_server.236401* %106, i32 %87, %struct.nfs4_exception* nonnull %10) #79 %108 = load i8, i8* %54, align 8 %109 = and i8 %108, 8 %110 = icmp eq i8 %109, 0 br i1 %110, label %111, label %55 %56 = load %struct.super_block*, %struct.super_block** %13, align 8 %57 = getelementptr inbounds %struct.super_block, %struct.super_block* %56, i64 0, i32 28 %58 = bitcast i8** %57 to %struct.nfs_server.236401** %59 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %58, align 16 %60 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %59, i64 0, i32 3 %61 = bitcast %struct.rpc_clnt** %60 to i64* %62 = load i64, i64* %61, align 8 store %struct.seqcount_spinlock* %17, %struct.seqcount_spinlock** %18, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %59, i64 0, i32 35, i64 0 store %struct.nfs_server.236401* %59, %struct.nfs_server.236401** %21, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %22, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %23, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %24, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 61), %struct.rpc_procinfo** %26, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %28, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %30, align 8 store %struct.cred* null, %struct.cred** %31, align 8 store i32* %63, i32** %19, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #78 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %34, align 8 %64 = load i8, i8* %35, align 8 %65 = and i8 %64, -4 store i8 %65, i8* %35, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %36, align 8 %66 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %59, i64 0, i32 10 %67 = load i32, i32* %66, align 8 %68 = lshr i32 %67, 29 %69 = trunc i32 %68 to i16 %70 = and i16 %69, 4 %71 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %59, i64 0, i32 0 %72 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %71, align 8 store %struct.nfs_server.236401* %59, %struct.nfs_server.236401** %38, align 8 store %struct.nfs4_sequence_args.236412* %33, %struct.nfs4_sequence_args.236412** %39, align 8 store %struct.nfs4_sequence_res.236414* %32, %struct.nfs4_sequence_res.236414** %40, align 8 store i64 %62, i64* %43, align 8 store %struct.rpc_message* %9, %struct.rpc_message** %45, align 8 %73 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %72, i64 0, i32 31 %74 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %73, align 8 %75 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %74, i64 0, i32 10 %76 = bitcast %struct.rpc_call_ops** %75 to i64* %77 = load i64, i64* %76, align 8 store i64 %77, i64* %48, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 %70, i16* %52, align 8 store i8 0, i8* %53, align 2 %78 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %6) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_lookup_common 11 nfs4_proc_lookup ------------- Path:  Function:nfs4_proc_lookup %6 = alloca %struct.rpc_clnt*, align 8 %7 = bitcast %struct.rpc_clnt** %6 to i8* %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.236401** %12 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %12, i64 0, i32 3 %14 = bitcast %struct.rpc_clnt** %13 to i64* %15 = load i64, i64* %14, align 8 %16 = bitcast %struct.rpc_clnt** %6 to i64* store i64 %15, i64* %16, align 8 %17 = call fastcc i32 @nfs4_proc_lookup_common(%struct.rpc_clnt** nonnull %6, %struct.inode* %0, %struct.dentry* %1, %struct.nfs_fh* %2, %struct.nfs_fattr* %3, %struct.nfs4_label* %4) #78 Function:nfs4_proc_lookup_common %7 = alloca %struct.nfs4_call_sync_data, align 8 %8 = alloca %struct.rpc_task_setup, align 8 %9 = alloca %struct.nfs4_lookup_arg, align 8 %10 = alloca %struct.nfs4_lookup_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 5 store i8 1, i8* %14, align 1 %15 = load %struct.rpc_clnt*, %struct.rpc_clnt** %0, align 8 %16 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 4 %17 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %18 = bitcast %struct.nfs4_lookup_arg* %9 to i8* %19 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0 %20 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 1 %21 = getelementptr %struct.inode, %struct.inode* %1, i64 -1, i32 24, i32 2 %22 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %21, i64 2 %23 = bitcast %struct.nfs_fh** %20 to %struct.seqcount_spinlock** %24 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 2 %25 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 3 %26 = bitcast %struct.nfs4_lookup_res* %10 to i8* %27 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 0 %28 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 1 %29 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 2 %30 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 3 %31 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 4 %32 = bitcast %struct.rpc_message* %11 to i8* %33 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %34 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %35 = bitcast i8** %34 to %struct.nfs4_lookup_arg** %36 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %37 = bitcast i8** %36 to %struct.nfs4_lookup_res** %38 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %39 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 9 %40 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 0 %41 = getelementptr inbounds %struct.dentry, %struct.dentry* %2, i64 0, i32 5 %42 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.nfs4_lookup_arg, %struct.nfs4_lookup_arg* %9, i64 0, i32 0, i32 1 %44 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %10, i64 0, i32 0, i32 0 %45 = bitcast %struct.nfs4_call_sync_data* %7 to i8* %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 0 %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 1 %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 2 %49 = bitcast %struct.rpc_task_setup* %8 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 1 %51 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 2 %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 4 %53 = bitcast %struct.rpc_xprt** %51 to i8* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 5 %55 = bitcast %struct.rpc_call_ops** %54 to i64* %56 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 6 %57 = bitcast i8** %56 to %struct.nfs4_call_sync_data** %58 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 7 %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 8 %60 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %8, i64 0, i32 9 %61 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %62 %63 = phi %struct.rpc_clnt* [ %15, %6 ], [ %203, %201 ] %64 = load %struct.super_block*, %struct.super_block** %17, align 8 %65 = getelementptr inbounds %struct.super_block, %struct.super_block* %64, i64 0, i32 28 %66 = bitcast i8** %65 to %struct.nfs_server.236401** %67 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %66, align 16 store %struct.seqcount_spinlock* %22, %struct.seqcount_spinlock** %23, align 8 store %struct.qstr* %16, %struct.qstr** %24, align 8 %68 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %67, i64 0, i32 35, i64 0 store i32* %68, i32** %25, align 8 store %struct.nfs_server.236401* %67, %struct.nfs_server.236401** %28, align 8 store %struct.nfs_fattr* %4, %struct.nfs_fattr** %29, align 8 store %struct.nfs_fh* %3, %struct.nfs_fh** %30, align 8 store %struct.nfs4_label* %5, %struct.nfs4_label** %31, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 19), %struct.rpc_procinfo** %33, align 8 store %struct.nfs4_lookup_arg* %9, %struct.nfs4_lookup_arg** %35, align 8 store %struct.nfs4_lookup_res* %10, %struct.nfs4_lookup_res** %37, align 8 store %struct.cred* null, %struct.cred** %38, align 8 %69 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %67, i64 0, i32 10 %70 = load i32, i32* %69, align 8 %71 = lshr i32 %70, 29 %72 = trunc i32 %71 to i16 %73 = and i16 %72, 4 %74 = load %struct.super_block*, %struct.super_block** %39, align 8 %75 = getelementptr inbounds %struct.super_block, %struct.super_block* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.236401** %77 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %77, i64 0, i32 8 %79 = load i32, i32* %78, align 8 %80 = and i32 %79, 8388608 %81 = icmp eq i32 %80, 0 br i1 %81, label %95, label %82 %83 = load i32, i32* %40, align 8 %84 = and i32 %83, 7340032 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %87 = load %struct.inode*, %struct.inode** %41, align 8 %88 = getelementptr %struct.inode, %struct.inode* %87, i64 -1, i32 24, i32 2 %89 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %88, i64 2 %90 = bitcast %struct.seqcount_spinlock* %89 to i16* %91 = load i16, i16* %90, align 2 %92 = icmp eq i16 %91, 0 %93 = or i16 %73, 4096 %94 = select i1 %92, i16 %73, i16 %93 br label %95 %96 = phi i16 [ %73, %82 ], [ %73, %62 ], [ %94, %86 ] store i32* %68, i32** %25, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %4) #78 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %42, align 8 %97 = load i8, i8* %43, align 8 %98 = and i8 %97, -4 store i8 %98, i8* %43, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %44, align 8 %99 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %67, i64 0, i32 0 %100 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %99, align 8 store %struct.nfs_server.236401* %67, %struct.nfs_server.236401** %46, align 8 store %struct.nfs4_sequence_args.236412* %19, %struct.nfs4_sequence_args.236412** %47, align 8 store %struct.nfs4_sequence_res.236414* %27, %struct.nfs4_sequence_res.236414** %48, align 8 store %struct.rpc_clnt* %63, %struct.rpc_clnt** %50, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %52, align 8 %101 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %100, i64 0, i32 31 %102 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %101, align 8 %103 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %102, i64 0, i32 10 %104 = bitcast %struct.rpc_call_ops** %103 to i64* %105 = load i64, i64* %104, align 8 store i64 %105, i64* %55, align 8 store %struct.nfs4_call_sync_data* %7, %struct.nfs4_call_sync_data** %57, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %58, align 8 store i16 %96, i16* %59, align 8 store i8 0, i8* %60, align 2 %106 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %8) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_insert_requests 4 blk_mq_flush_plug_list 5 blk_flush_plug_list 6 io_schedule_timeout 7 mempool_alloc 8 rpc_new_task 9 rpc_run_task 10 nfs4_proc_getattr ------------- Path:  Function:nfs4_proc_getattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup, align 8 %8 = alloca [3 x i32], align 4 %9 = alloca %struct.nfs4_server_caps_arg, align 8 %10 = alloca %struct.nfs4_getattr_res, align 8 %11 = alloca %struct.rpc_message, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 5 store i8 1, i8* %14, align 1 %15 = bitcast [3 x i32]* %8 to i8* %16 = bitcast %struct.nfs4_server_caps_arg* %9 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 0 %21 = bitcast %struct.nfs4_getattr_res* %10 to i8* %22 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0 %23 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 1 %24 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 2 %25 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 3 %26 = bitcast %struct.rpc_message* %11 to i8* %27 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 0 %28 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs4_server_caps_arg** %30 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs4_getattr_res** %32 = getelementptr inbounds %struct.rpc_message, %struct.rpc_message* %11, i64 0, i32 3 %33 = icmp eq %struct.inode* %4, null %34 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 8 %35 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 35, i64 0 %36 = bitcast i32* %35 to i8* %37 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 24, i32 2 %38 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %37, i64 38 %39 = bitcast %struct.seqcount_spinlock* %38 to i64* %40 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 1 %41 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 0 %42 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 1 %43 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0, i32 0 %44 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 3 %45 = bitcast %struct.rpc_clnt** %44 to i64* %46 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %0, i64 0, i32 0 %47 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %48 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 %51 = bitcast %struct.rpc_task_setup* %7 to i8* %52 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 1 %53 = bitcast %struct.rpc_clnt** %52 to i64* %54 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 2 %55 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 4 %56 = bitcast %struct.rpc_xprt** %54 to i8* %57 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 5 %58 = bitcast %struct.rpc_call_ops** %57 to i64* %59 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 6 %60 = bitcast i8** %59 to %struct.nfs4_call_sync_data** %61 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 7 %62 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 8 %63 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %7, i64 0, i32 9 %64 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %65 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %23, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %24, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %25, align 8 store %struct.rpc_procinfo* getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 18), %struct.rpc_procinfo** %27, align 8 store %struct.nfs4_server_caps_arg* %9, %struct.nfs4_server_caps_arg** %29, align 8 store %struct.nfs4_getattr_res* %10, %struct.nfs4_getattr_res** %31, align 8 store %struct.cred* null, %struct.cred** %32, align 8 br i1 %33, label %66, label %67 %68 = load i32, i32* %34, align 8 %69 = lshr i32 %68, 11 %70 = trunc i32 %69 to i16 %71 = and i16 %70, 4096 %72 = call i32 @nfs4_have_delegation(%struct.inode* nonnull %4, i32 1) #78 %73 = icmp eq i32 %72, 0 br i1 %73, label %101, label %74 %75 = load volatile i64, i64* %39, align 8 %76 = load i32, i32* %40, align 4 %77 = and i32 %76, -513 store i32 %77, i32* %40, align 4 %78 = and i64 %75, 2048 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %83 %81 = load i32, i32* %20, align 4 %82 = and i32 %81, -17 store i32 %82, i32* %20, align 4 br label %83 %84 = and i64 %75, 256 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %89 %87 = load i32, i32* %20, align 4 %88 = and i32 %87, -9 store i32 %88, i32* %20, align 4 br label %89 %90 = and i64 %75, 131072 %91 = icmp eq i64 %90, 0 %92 = and i32 %76, -515 %93 = select i1 %91, i32 %92, i32 %77 %94 = and i64 %75, 135168 %95 = icmp eq i64 %94, 135168 br i1 %95, label %101, label %96 %97 = and i64 %75, 4096 %98 = icmp eq i64 %97, 0 %99 = and i32 %93, -561 %100 = select i1 %98, i32 %99, i32 %93 store i32 %100, i32* %40, align 4 br label %101 %102 = phi i16 [ 0, %66 ], [ %71, %67 ], [ %71, %89 ], [ %71, %96 ] call void @nfs_fattr_init(%struct.nfs_fattr* %2) #78 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %41, align 8 %103 = load i8, i8* %42, align 8 %104 = and i8 %103, -4 store i8 %104, i8* %42, align 8 store %struct.nfs4_slot.236411* null, %struct.nfs4_slot.236411** %43, align 8 %105 = load i64, i64* %45, align 8 %106 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %46, align 8 store %struct.nfs_server.236401* %0, %struct.nfs_server.236401** %48, align 8 store %struct.nfs4_sequence_args.236412* %17, %struct.nfs4_sequence_args.236412** %49, align 8 store %struct.nfs4_sequence_res.236414* %22, %struct.nfs4_sequence_res.236414** %50, align 8 store i64 %105, i64* %53, align 8 store %struct.rpc_message* %11, %struct.rpc_message** %55, align 8 %107 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %106, i64 0, i32 31 %108 = load %struct.nfs4_minor_version_ops.236469*, %struct.nfs4_minor_version_ops.236469** %107, align 8 %109 = getelementptr inbounds %struct.nfs4_minor_version_ops.236469, %struct.nfs4_minor_version_ops.236469* %108, i64 0, i32 10 %110 = bitcast %struct.rpc_call_ops** %109 to i64* %111 = load i64, i64* %110, align 8 store i64 %111, i64* %58, align 8 store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %60, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %61, align 8 store i16 %102, i16* %62, align 8 store i8 0, i8* %63, align 2 %112 = call %struct.rpc_task* @rpc_run_task(%struct.rpc_task_setup* nonnull %7) #78 Function:rpc_run_task %2 = tail call %struct.rpc_task* @rpc_new_task(%struct.rpc_task_setup* %0) #78 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup, %struct.rpc_task_setup* %0, i64 0, i32 0 %3 = load %struct.rpc_task*, %struct.rpc_task** %2, align 8 %4 = icmp eq %struct.rpc_task* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #78 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #78 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %69, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 0 %26 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %28 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %29 %30 = phi i32 [ %11, %18 ], [ %10, %54 ] %31 = icmp eq i32 %30, %10 br label %32 %33 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #78 %34 = load i32, i32* %20, align 8 %35 = icmp eq i32 %34, 0 br i1 %35, label %53, label %36, !prof !4, !misexpect !5 br i1 %31, label %59, label %54 br i1 %6, label %60, label %61 %62 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %63 = inttoptr i64 %62 to %struct.task_struct* store %struct.task_struct* %63, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile %struct.list_head* %24, %struct.list_head** %25, align 8 store volatile %struct.list_head* %24, %struct.list_head** %26, align 8 store i32 0, i32* %27, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %28, %struct.wait_queue_entry* nonnull %3, i32 2) #78 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %33) #78 %64 = call i64 @io_schedule_timeout(i64 5000) #78 Function:io_schedule_timeout %2 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %3 = inttoptr i64 %2 to %struct.task_struct* %4 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 50 %5 = load i8, i8* %4, align 16 %6 = or i8 %5, 4 store i8 %6, i8* %4, align 16 %7 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %3, i64 0, i32 120 %8 = load %struct.blk_plug*, %struct.blk_plug** %7, align 16 %9 = icmp eq %struct.blk_plug* %8, null br i1 %9, label %11, label %10 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %8, i1 zeroext true) #78 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 0, i32 0 %9 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %10 = icmp eq %struct.list_head* %9, %7 br i1 %10, label %40, label %11 %12 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 br label %16 %17 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %18 = icmp eq %struct.list_head* %17, %7 br i1 %18, label %23, label %19 %20 = load %struct.list_head*, %struct.list_head** %12, align 8 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %21, align 8 store %struct.list_head* %17, %struct.list_head** %5, align 8 %22 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %22, align 8 store %struct.list_head* %20, %struct.list_head** %6, align 8 store volatile %struct.list_head* %7, %struct.list_head** %8, align 8 store volatile %struct.list_head* %7, %struct.list_head** %12, align 8 br label %23 %24 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %25 = icmp eq %struct.list_head* %24, %3 br i1 %25, label %13, label %26 %27 = phi %struct.list_head* [ %38, %26 ], [ %24, %23 ] %28 = bitcast %struct.list_head* %27 to %struct.blk_plug_cb* %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 1 %30 = load %struct.list_head*, %struct.list_head** %29, align 8 %31 = getelementptr %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %32 = load %struct.list_head*, %struct.list_head** %31, align 8 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %32, i64 0, i32 1 store %struct.list_head* %30, %struct.list_head** %33, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %30, i64 0, i32 0 store volatile %struct.list_head* %32, %struct.list_head** %34, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %31, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %29, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 1 %36 = bitcast %struct.list_head* %35 to void (%struct.blk_plug_cb*, i1)** %37 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %36, align 8 call void %37(%struct.blk_plug_cb* %28, i1 zeroext %1) #78 %38 = load volatile %struct.list_head*, %struct.list_head** %5, align 8 %39 = icmp eq %struct.list_head* %38, %3 br i1 %39, label %13, label %26 %14 = load volatile %struct.list_head*, %struct.list_head** %8, align 8 %15 = icmp eq %struct.list_head* %14, %7 br i1 %15, label %40, label %16 %41 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %43 = load volatile %struct.list_head*, %struct.list_head** %42, align 8 %44 = icmp eq %struct.list_head* %43, %41 br i1 %44, label %46, label %45 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #78 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0, i32 0 %10 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %11 = icmp eq %struct.list_head* %10, %8 br i1 %11, label %104, label %12 %13 = load volatile %struct.list_head*, %struct.list_head** %9, align 8 %14 = icmp eq %struct.list_head* %13, %8 br i1 %14, label %20, label %15 %21 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %22 = load i16, i16* %21, align 8 %23 = icmp ugt i16 %22, 2 br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %26 = load i8, i8* %25, align 2, !range !4 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 store i16 0, i16* %21, align 8 %30 = bitcast %struct.list_head* %4 to i8* %31 = bitcast %struct.list_head* %3 to i8** %32 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 %33 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 %34 = xor i1 %1, true %35 = load i8*, i8** %31, align 8 %36 = bitcast i8* %35 to %struct.list_head* br label %37 %38 = phi %struct.list_head* [ %101, %100 ], [ %36, %29 ] %39 = phi i8* [ %103, %100 ], [ %35, %29 ] %40 = getelementptr i8, i8* %39, i64 -72 %41 = getelementptr i8, i8* %39, i64 -56 %42 = bitcast i8* %41 to %struct.blk_mq_hw_ctx.296144** %43 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %42, align 8 %44 = getelementptr i8, i8* %39, i64 -64 %45 = bitcast i8* %44 to %struct.blk_mq_ctx.296146** %46 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %45, align 8 %47 = bitcast i8* %39 to %struct.list_head** %48 = load %struct.list_head*, %struct.list_head** %47, align 8 %49 = icmp eq %struct.list_head* %48, %3 br i1 %49, label %73, label %50 %51 = phi %struct.list_head* [ %71, %68 ], [ %48, %37 ] %52 = phi i32 [ %69, %68 ], [ 1, %37 ] %53 = getelementptr %struct.list_head, %struct.list_head* %51, i64 -5, i32 1 %54 = bitcast %struct.list_head** %53 to %struct.request_queue.296182** %55 = load %struct.request_queue.296182*, %struct.request_queue.296182** %54, align 8 %56 = icmp eq %struct.request_queue.296182* %55, null br i1 %56, label %57, label %58, !prof !5, !misexpect !6 %59 = getelementptr inbounds %struct.list_head*, %struct.list_head** %53, i64 2 %60 = bitcast %struct.list_head** %59 to %struct.blk_mq_hw_ctx.296144** %61 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %60, align 8 %62 = icmp eq %struct.blk_mq_hw_ctx.296144* %61, %43 br i1 %62, label %63, label %73 %74 = phi i32 [ 1, %37 ], [ %69, %68 ], [ %52, %63 ], [ %52, %58 ] %75 = phi %struct.list_head* [ %3, %37 ], [ %3, %68 ], [ %51, %63 ], [ %51, %58 ] %76 = icmp eq %struct.list_head* %38, %75 br i1 %76, label %77, label %78 store volatile %struct.list_head* %4, %struct.list_head** %32, align 8 store volatile %struct.list_head* %4, %struct.list_head** %33, align 8 br label %83 %84 = bitcast i8* %40 to %struct.request_queue.296182** %85 = load %struct.request_queue.296182*, %struct.request_queue.296182** %84, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@blk_mq_flush_plug_list, %86)) #6 to label %100 [label %86], !srcloc !8 call void bitcast (void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*, i1)* @blk_mq_sched_insert_requests to void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*, i1)*)(%struct.blk_mq_hw_ctx.296144* %43, %struct.blk_mq_ctx.296146* %46, %struct.list_head* nonnull %4, i1 zeroext %1) #78 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 7 %6 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %6, i64 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %7, i64 0, i32 0 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %19 = load %struct.request_queue.301923*, %struct.request_queue.301923** %5, align 8 %20 = getelementptr inbounds %struct.request_queue.301923, %struct.request_queue.301923* %19, i64 0, i32 1 %21 = load %struct.elevator_queue.301905*, %struct.elevator_queue.301905** %20, align 8 %22 = icmp eq %struct.elevator_queue.301905* %21, null br i1 %22, label %28, label %23 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 8 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %37, label %33 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.list_head*)* @blk_mq_try_issue_list_directly to void (%struct.blk_mq_hw_ctx.301886*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.list_head* %2) #78 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %35 = load volatile %struct.list_head*, %struct.list_head** %34, align 8 %36 = icmp eq %struct.list_head* %35, %2 br i1 %36, label %39, label %37 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_ctx.296146*, %struct.list_head*)* @blk_mq_insert_requests to void (%struct.blk_mq_hw_ctx.301886*, %struct.blk_mq_ctx.301888*, %struct.list_head*)*)(%struct.blk_mq_hw_ctx.301886* %0, %struct.blk_mq_ctx.301888* %1, %struct.list_head* %2) #78 br label %38 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext %3) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_restart 4 __blk_mq_free_request 5 blk_mq_put_rq_ref 6 bt_for_each 7 blk_mq_queue_tag_busy_iter 8 blk_mq_in_flight_rw 9 part_inflight_show ------------- Path:  Function:part_inflight_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device.296127, %struct.device.296127* %0, i64 -1, i32 31 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 51, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.gendisk.296190** %8 = load %struct.gendisk.296190*, %struct.gendisk.296190** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %8, i64 0, i32 9 %10 = load %struct.request_queue.296182*, %struct.request_queue.296182** %9, align 8 %11 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %12 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %10, i64 0, i32 5 %13 = load %struct.blk_mq_ops.296170*, %struct.blk_mq_ops.296170** %12, align 8 %14 = icmp eq %struct.blk_mq_ops.296170* %13, null %15 = bitcast i64* %4 to i32* br i1 %14, label %22, label %16 %17 = bitcast %struct.list_head* %5 to %struct.block_device.296192* call void @blk_mq_in_flight_rw(%struct.request_queue.296182* %10, %struct.block_device.296192* %17, i32* nonnull %15) #78 Function:blk_mq_in_flight_rw %4 = alloca %struct.mq_inflight, align 8 %5 = bitcast %struct.mq_inflight* %4 to i8* %6 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %4, i64 0, i32 0 store %struct.block_device.296192* %1, %struct.block_device.296192** %6, align 8 %7 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %4, i64 0, i32 1 %8 = bitcast [2 x i32]* %7 to i64* store i64 0, i64* %8, align 8 call void bitcast (void (%struct.request_queue.300716*, i1 (%struct.blk_mq_hw_ctx.300684*, %struct.request.300693*, i8*, i1)*, i8*)* @blk_mq_queue_tag_busy_iter to void (%struct.request_queue.296182*, i1 (%struct.blk_mq_hw_ctx.296144*, %struct.request.296153*, i8*, i1)*, i8*)*)(%struct.request_queue.296182* %0, i1 (%struct.blk_mq_hw_ctx.296144*, %struct.request.296153*, i8*, i1)* nonnull @blk_mq_check_inflight, i8* nonnull %5) #78 Function:blk_mq_queue_tag_busy_iter tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.request_queue.300716, %struct.request_queue.300716* %0, i64 0, i32 2, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 3 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !5, !misexpect !6 %9 = inttoptr i64 %5 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 1, i64* %9) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br label %29 %30 = getelementptr inbounds %struct.request_queue.300716, %struct.request_queue.300716* %0, i64 0, i32 9 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %64, label %33 %34 = getelementptr inbounds %struct.request_queue.300716, %struct.request_queue.300716* %0, i64 0, i32 8 br label %35 %36 = phi i32 [ %31, %33 ], [ %61, %60 ] %37 = phi i32 [ 0, %33 ], [ %62, %60 ] %38 = load %struct.blk_mq_hw_ctx.300684**, %struct.blk_mq_hw_ctx.300684*** %34, align 8 %39 = sext i32 %37 to i64 %40 = getelementptr %struct.blk_mq_hw_ctx.300684*, %struct.blk_mq_hw_ctx.300684** %38, i64 %39 %41 = load %struct.blk_mq_hw_ctx.300684*, %struct.blk_mq_hw_ctx.300684** %40, align 8 %42 = getelementptr inbounds %struct.blk_mq_hw_ctx.300684, %struct.blk_mq_hw_ctx.300684* %41, i64 0, i32 19 %43 = load %struct.blk_mq_tags.300683*, %struct.blk_mq_tags.300683** %42, align 64 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.300684, %struct.blk_mq_hw_ctx.300684* %41, i64 0, i32 14 %45 = load i16, i16* %44, align 2 %46 = icmp ne i16 %45, 0 %47 = icmp ne %struct.blk_mq_tags.300683* %43, null %48 = and i1 %47, %46 br i1 %48, label %49, label %60 %50 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %43, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %56, label %53 %57 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %43, i64 0, i32 3 %58 = load %struct.sbitmap_queue*, %struct.sbitmap_queue** %57, align 8 tail call fastcc void @bt_for_each(%struct.blk_mq_hw_ctx.300684* %41, %struct.sbitmap_queue* %58, i1 (%struct.blk_mq_hw_ctx.300684*, %struct.request.300693*, i8*, i1)* %1, i8* %2, i1 zeroext false) #79 Function:bt_for_each %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 1 %9 = load i32, i32* %7, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %116, label %11 %12 = bitcast i64* %6 to i8* %13 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 4 %14 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 2 %15 = getelementptr inbounds %struct.blk_mq_hw_ctx.300684, %struct.blk_mq_hw_ctx.300684* %0, i64 0, i32 19 %16 = getelementptr inbounds %struct.blk_mq_hw_ctx.300684, %struct.blk_mq_hw_ctx.300684* %0, i64 0, i32 7 br label %17 %18 = phi i32 [ %9, %11 ], [ %110, %109 ] %19 = phi i32 [ 0, %11 ], [ %114, %109 ] %20 = phi i32 [ 0, %11 ], [ %29, %109 ] store i64 0, i64* %6, align 8 %21 = load %struct.sbitmap_word*, %struct.sbitmap_word** %13, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 0 %24 = load i64, i64* %23, align 64 %25 = trunc i64 %24 to i32 %26 = sub i32 %18, %20 %27 = icmp ugt i32 %26, %25 %28 = select i1 %27, i32 %25, i32 %26 %29 = add i32 %28, %20 %30 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 2 %31 = load i64, i64* %30, align 64 %32 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 4 %33 = load i64, i64* %32, align 64 %34 = xor i64 %33, -1 %35 = and i64 %31, %34 store i64 %35, i64* %6, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %109, label %37 %38 = zext i32 %28 to i64 br label %39 %40 = phi i64 [ 0, %37 ], [ %93, %92 ] %41 = and i64 %40, 4294967295 %42 = call i64 @_find_next_bit(i64* nonnull %6, i64* null, i64 %38, i64 %41, i64 0, i64 0) #78 %43 = trunc i64 %42 to i32 %44 = icmp ugt i32 %28, %43 br i1 %44, label %45, label %107 %46 = load i32, i32* %8, align 4 %47 = shl i32 %19, %46 %48 = add i32 %47, %43 %49 = load %struct.blk_mq_tags.300683*, %struct.blk_mq_tags.300683** %15, align 64 br i1 %4, label %54, label %50 %51 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %49, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, %48 br label %54 %55 = phi i32 [ %48, %45 ], [ %53, %50 ] %56 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %49, i64 0, i32 10, i32 0, i32 0 %57 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %56) #78 %58 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %49, i64 0, i32 7 %59 = load %struct.request.300693**, %struct.request.300693*** %58, align 8 %60 = zext i32 %55 to i64 %61 = getelementptr %struct.request.300693*, %struct.request.300693** %59, i64 %60 %62 = load %struct.request.300693*, %struct.request.300693** %61, align 8 %63 = icmp eq %struct.request.300693* %62, null br i1 %63, label %91, label %64 %65 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %62, i64 0, i32 5 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %55 br i1 %67, label %68, label %91 %69 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %62, i64 0, i32 24 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %69, i64 0, i32 0, i32 0 %71 = load volatile i32, i32* %70, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %83, label %73 %74 = phi i32 [ %81, %80 ], [ %71, %68 ] %75 = add i32 %74, 1 %76 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32 %75, i32* %70, i32 %74) #6, !srcloc !4 %77 = extractvalue { i8, i32 } %76, 0 %78 = and i8 %77, 1 %79 = icmp eq i8 %78, 0 br i1 %79, label %80, label %83, !prof !5, !misexpect !6 %81 = extractvalue { i8, i32 } %76, 1 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %73 %84 = phi i32 [ 0, %68 ], [ %74, %73 ], [ 0, %80 ] %85 = add i32 %84, 1 %86 = or i32 %85, %84 %87 = icmp sgt i32 %86, -1 br i1 %87, label %89, label %88, !prof !7, !misexpect !6 %90 = icmp eq i32 %84, 0 br i1 %90, label %91, label %94 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %56, i64 %57) #78 %95 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %62, i64 0, i32 0 %96 = load %struct.request_queue.300716*, %struct.request_queue.300716** %95, align 8 %97 = load %struct.request_queue.300716*, %struct.request_queue.300716** %16, align 8 %98 = icmp eq %struct.request_queue.300716* %96, %97 br i1 %98, label %99, label %105 %100 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %62, i64 0, i32 2 %101 = load %struct.blk_mq_hw_ctx.300684*, %struct.blk_mq_hw_ctx.300684** %100, align 8 %102 = icmp eq %struct.blk_mq_hw_ctx.300684* %101, %0 br i1 %102, label %103, label %105 call void bitcast (void (%struct.request.296153*)* @blk_mq_put_rq_ref to void (%struct.request.300693*)*)(%struct.request.300693* nonnull %62) #78 Function:blk_mq_put_rq_ref %2 = tail call zeroext i1 bitcast (i1 (%struct.request.295259*)* @is_flush_rq to i1 (%struct.request.296153*)*)(%struct.request.296153* %0) #78 br i1 %2, label %3, label %6 %7 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 24 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call fastcc void @__blk_mq_free_request(%struct.request.296153* %0) #79 Function:__blk_mq_free_request %2 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 0 %3 = load %struct.request_queue.296182*, %struct.request_queue.296182** %2, align 8 %4 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 1 %5 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %4, align 8 %6 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 2 %7 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %6, align 8 %8 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %3, i64 0, i32 18 %11 = load %struct.device.296127*, %struct.device.296127** %10, align 8 %12 = icmp eq %struct.device.296127* %11, null br i1 %12, label %21, label %13 store %struct.blk_mq_hw_ctx.296144* null, %struct.blk_mq_hw_ctx.296144** %6, align 8 %22 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 5 %23 = load i32, i32* %22, align 8 %24 = icmp eq i32 %23, -1 br i1 %24, label %28, label %25 %29 = icmp eq i32 %9, -1 br i1 %29, label %33, label %30 tail call void bitcast (void (%struct.blk_mq_hw_ctx.301886*)* @blk_mq_sched_restart to void (%struct.blk_mq_hw_ctx.296144*)*)(%struct.blk_mq_hw_ctx.296144* %7) #78 Function:blk_mq_sched_restart %2 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 0, i32 2 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 4 %5 = icmp eq i64 %4, 0 br i1 %5, label %8, label %6 %7 = bitcast i64* %2 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -5, i8* %7) #6, !srcloc !4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext true) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_restart 4 __blk_mq_free_request 5 blk_mq_put_rq_ref 6 bt_for_each 7 blk_mq_queue_tag_busy_iter 8 blk_mq_in_flight 9 part_stat_show ------------- Path:  Function:part_stat_show %4 = alloca %struct.disk_stats, align 8 %5 = getelementptr %struct.device.296127, %struct.device.296127* %0, i64 -1, i32 31 %6 = bitcast %struct.list_head* %5 to %struct.block_device.296192* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 51, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.gendisk.296190** %9 = load %struct.gendisk.296190*, %struct.gendisk.296190** %8, align 8 %10 = getelementptr inbounds %struct.gendisk.296190, %struct.gendisk.296190* %9, i64 0, i32 9 %11 = load %struct.request_queue.296182*, %struct.request_queue.296182** %10, align 8 %12 = bitcast %struct.disk_stats* %4 to i8* call fastcc void @part_stat_read_all(%struct.block_device.296192* %6, %struct.disk_stats* nonnull %4) #78 %13 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %11, i64 0, i32 5 %14 = load %struct.blk_mq_ops.296170*, %struct.blk_mq_ops.296170** %13, align 8 %15 = icmp eq %struct.blk_mq_ops.296170* %14, null br i1 %15, label %18, label %16 %17 = tail call i32 @blk_mq_in_flight(%struct.request_queue.296182* %11, %struct.block_device.296192* %6) #79 Function:blk_mq_in_flight %3 = alloca %struct.mq_inflight, align 8 %4 = bitcast %struct.mq_inflight* %3 to i8* %5 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %3, i64 0, i32 0 store %struct.block_device.296192* %1, %struct.block_device.296192** %5, align 8 %6 = getelementptr inbounds %struct.mq_inflight, %struct.mq_inflight* %3, i64 0, i32 1 %7 = bitcast [2 x i32]* %6 to i64* store i64 0, i64* %7, align 8 call void bitcast (void (%struct.request_queue.300716*, i1 (%struct.blk_mq_hw_ctx.300684*, %struct.request.300693*, i8*, i1)*, i8*)* @blk_mq_queue_tag_busy_iter to void (%struct.request_queue.296182*, i1 (%struct.blk_mq_hw_ctx.296144*, %struct.request.296153*, i8*, i1)*, i8*)*)(%struct.request_queue.296182* %0, i1 (%struct.blk_mq_hw_ctx.296144*, %struct.request.296153*, i8*, i1)* nonnull @blk_mq_check_inflight, i8* nonnull %4) #78 Function:blk_mq_queue_tag_busy_iter tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.request_queue.300716, %struct.request_queue.300716* %0, i64 0, i32 2, i32 0 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 3 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %10, !prof !5, !misexpect !6 %9 = inttoptr i64 %5 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 1, i64* %9) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 tail call void @rcu_read_unlock_strict() #78 br label %29 %30 = getelementptr inbounds %struct.request_queue.300716, %struct.request_queue.300716* %0, i64 0, i32 9 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %64, label %33 %34 = getelementptr inbounds %struct.request_queue.300716, %struct.request_queue.300716* %0, i64 0, i32 8 br label %35 %36 = phi i32 [ %31, %33 ], [ %61, %60 ] %37 = phi i32 [ 0, %33 ], [ %62, %60 ] %38 = load %struct.blk_mq_hw_ctx.300684**, %struct.blk_mq_hw_ctx.300684*** %34, align 8 %39 = sext i32 %37 to i64 %40 = getelementptr %struct.blk_mq_hw_ctx.300684*, %struct.blk_mq_hw_ctx.300684** %38, i64 %39 %41 = load %struct.blk_mq_hw_ctx.300684*, %struct.blk_mq_hw_ctx.300684** %40, align 8 %42 = getelementptr inbounds %struct.blk_mq_hw_ctx.300684, %struct.blk_mq_hw_ctx.300684* %41, i64 0, i32 19 %43 = load %struct.blk_mq_tags.300683*, %struct.blk_mq_tags.300683** %42, align 64 %44 = getelementptr inbounds %struct.blk_mq_hw_ctx.300684, %struct.blk_mq_hw_ctx.300684* %41, i64 0, i32 14 %45 = load i16, i16* %44, align 2 %46 = icmp ne i16 %45, 0 %47 = icmp ne %struct.blk_mq_tags.300683* %43, null %48 = and i1 %47, %46 br i1 %48, label %49, label %60 %50 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %43, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp eq i32 %51, 0 br i1 %52, label %56, label %53 %57 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %43, i64 0, i32 3 %58 = load %struct.sbitmap_queue*, %struct.sbitmap_queue** %57, align 8 tail call fastcc void @bt_for_each(%struct.blk_mq_hw_ctx.300684* %41, %struct.sbitmap_queue* %58, i1 (%struct.blk_mq_hw_ctx.300684*, %struct.request.300693*, i8*, i1)* %1, i8* %2, i1 zeroext false) #79 Function:bt_for_each %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 1 %9 = load i32, i32* %7, align 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %116, label %11 %12 = bitcast i64* %6 to i8* %13 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 4 %14 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %1, i64 0, i32 0, i32 2 %15 = getelementptr inbounds %struct.blk_mq_hw_ctx.300684, %struct.blk_mq_hw_ctx.300684* %0, i64 0, i32 19 %16 = getelementptr inbounds %struct.blk_mq_hw_ctx.300684, %struct.blk_mq_hw_ctx.300684* %0, i64 0, i32 7 br label %17 %18 = phi i32 [ %9, %11 ], [ %110, %109 ] %19 = phi i32 [ 0, %11 ], [ %114, %109 ] %20 = phi i32 [ 0, %11 ], [ %29, %109 ] store i64 0, i64* %6, align 8 %21 = load %struct.sbitmap_word*, %struct.sbitmap_word** %13, align 8 %22 = zext i32 %19 to i64 %23 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 0 %24 = load i64, i64* %23, align 64 %25 = trunc i64 %24 to i32 %26 = sub i32 %18, %20 %27 = icmp ugt i32 %26, %25 %28 = select i1 %27, i32 %25, i32 %26 %29 = add i32 %28, %20 %30 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 2 %31 = load i64, i64* %30, align 64 %32 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %21, i64 %22, i32 4 %33 = load i64, i64* %32, align 64 %34 = xor i64 %33, -1 %35 = and i64 %31, %34 store i64 %35, i64* %6, align 8 %36 = icmp eq i64 %35, 0 br i1 %36, label %109, label %37 %38 = zext i32 %28 to i64 br label %39 %40 = phi i64 [ 0, %37 ], [ %93, %92 ] %41 = and i64 %40, 4294967295 %42 = call i64 @_find_next_bit(i64* nonnull %6, i64* null, i64 %38, i64 %41, i64 0, i64 0) #78 %43 = trunc i64 %42 to i32 %44 = icmp ugt i32 %28, %43 br i1 %44, label %45, label %107 %46 = load i32, i32* %8, align 4 %47 = shl i32 %19, %46 %48 = add i32 %47, %43 %49 = load %struct.blk_mq_tags.300683*, %struct.blk_mq_tags.300683** %15, align 64 br i1 %4, label %54, label %50 %51 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %49, i64 0, i32 1 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, %48 br label %54 %55 = phi i32 [ %48, %45 ], [ %53, %50 ] %56 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %49, i64 0, i32 10, i32 0, i32 0 %57 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %56) #78 %58 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %49, i64 0, i32 7 %59 = load %struct.request.300693**, %struct.request.300693*** %58, align 8 %60 = zext i32 %55 to i64 %61 = getelementptr %struct.request.300693*, %struct.request.300693** %59, i64 %60 %62 = load %struct.request.300693*, %struct.request.300693** %61, align 8 %63 = icmp eq %struct.request.300693* %62, null br i1 %63, label %91, label %64 %65 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %62, i64 0, i32 5 %66 = load i32, i32* %65, align 8 %67 = icmp eq i32 %66, %55 br i1 %67, label %68, label %91 %69 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %62, i64 0, i32 24 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %69, i64 0, i32 0, i32 0 %71 = load volatile i32, i32* %70, align 4 %72 = icmp eq i32 %71, 0 br i1 %72, label %83, label %73 %74 = phi i32 [ %81, %80 ], [ %71, %68 ] %75 = add i32 %74, 1 %76 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %70, i32 %75, i32* %70, i32 %74) #6, !srcloc !4 %77 = extractvalue { i8, i32 } %76, 0 %78 = and i8 %77, 1 %79 = icmp eq i8 %78, 0 br i1 %79, label %80, label %83, !prof !5, !misexpect !6 %81 = extractvalue { i8, i32 } %76, 1 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %73 %84 = phi i32 [ 0, %68 ], [ %74, %73 ], [ 0, %80 ] %85 = add i32 %84, 1 %86 = or i32 %85, %84 %87 = icmp sgt i32 %86, -1 br i1 %87, label %89, label %88, !prof !7, !misexpect !6 %90 = icmp eq i32 %84, 0 br i1 %90, label %91, label %94 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %56, i64 %57) #78 %95 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %62, i64 0, i32 0 %96 = load %struct.request_queue.300716*, %struct.request_queue.300716** %95, align 8 %97 = load %struct.request_queue.300716*, %struct.request_queue.300716** %16, align 8 %98 = icmp eq %struct.request_queue.300716* %96, %97 br i1 %98, label %99, label %105 %100 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %62, i64 0, i32 2 %101 = load %struct.blk_mq_hw_ctx.300684*, %struct.blk_mq_hw_ctx.300684** %100, align 8 %102 = icmp eq %struct.blk_mq_hw_ctx.300684* %101, %0 br i1 %102, label %103, label %105 call void bitcast (void (%struct.request.296153*)* @blk_mq_put_rq_ref to void (%struct.request.300693*)*)(%struct.request.300693* nonnull %62) #78 Function:blk_mq_put_rq_ref %2 = tail call zeroext i1 bitcast (i1 (%struct.request.295259*)* @is_flush_rq to i1 (%struct.request.296153*)*)(%struct.request.296153* %0) #78 br i1 %2, label %3, label %6 %7 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 24 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call fastcc void @__blk_mq_free_request(%struct.request.296153* %0) #79 Function:__blk_mq_free_request %2 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 0 %3 = load %struct.request_queue.296182*, %struct.request_queue.296182** %2, align 8 %4 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 1 %5 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %4, align 8 %6 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 2 %7 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %6, align 8 %8 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %3, i64 0, i32 18 %11 = load %struct.device.296127*, %struct.device.296127** %10, align 8 %12 = icmp eq %struct.device.296127* %11, null br i1 %12, label %21, label %13 store %struct.blk_mq_hw_ctx.296144* null, %struct.blk_mq_hw_ctx.296144** %6, align 8 %22 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 5 %23 = load i32, i32* %22, align 8 %24 = icmp eq i32 %23, -1 br i1 %24, label %28, label %25 %29 = icmp eq i32 %9, -1 br i1 %29, label %33, label %30 tail call void bitcast (void (%struct.blk_mq_hw_ctx.301886*)* @blk_mq_sched_restart to void (%struct.blk_mq_hw_ctx.296144*)*)(%struct.blk_mq_hw_ctx.296144* %7) #78 Function:blk_mq_sched_restart %2 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 0, i32 2 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 4 %5 = icmp eq i64 %4, 0 br i1 %5, label %8, label %6 %7 = bitcast i64* %2 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -5, i8* %7) #6, !srcloc !4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext true) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 kblockd_mod_delayed_work_on 1 __blk_mq_delay_run_hw_queue 2 blk_mq_run_hw_queue 3 blk_mq_sched_restart 4 __blk_mq_free_request 5 blk_mq_put_rq_ref 6 blk_mq_tagset_busy_iter 7 scsi_host_busy 8 show_host_busy ------------- Path:  Function:show_host_busy %4 = getelementptr %struct.device, %struct.device* %0, i64 -2, i32 2 %5 = bitcast %struct.device_private** %4 to %struct.Scsi_Host.625387* %6 = tail call i32 bitcast (i32 (%struct.Scsi_Host*)* @scsi_host_busy to i32 (%struct.Scsi_Host.625387*)*)(%struct.Scsi_Host.625387* %5) #78 Function:scsi_host_busy %2 = alloca i32, align 4 %3 = bitcast i32* %2 to i8* store i32 0, i32* %2, align 4 %4 = getelementptr inbounds %struct.Scsi_Host, %struct.Scsi_Host* %0, i64 0, i32 13 call void bitcast (void (%struct.blk_mq_tag_set.300710*, i1 (%struct.request.300693*, i8*, i1)*, i8*)* @blk_mq_tagset_busy_iter to void (%struct.blk_mq_tag_set*, i1 (%struct.request*, i8*, i1)*, i8*)*)(%struct.blk_mq_tag_set* %4, i1 (%struct.request*, i8*, i1)* nonnull @scsi_host_check_in_flight, i8* nonnull %3) #78 Function:blk_mq_tagset_busy_iter %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.blk_mq_tag_set.300710, %struct.blk_mq_tag_set.300710* %0, i64 0, i32 3 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %232, label %9 %10 = getelementptr inbounds %struct.blk_mq_tag_set.300710, %struct.blk_mq_tag_set.300710* %0, i64 0, i32 14 %11 = bitcast i64* %4 to i8* %12 = bitcast i64* %5 to i8* br label %13 %14 = phi i32 [ 0, %9 ], [ %229, %228 ] %15 = load %struct.blk_mq_tags.300683**, %struct.blk_mq_tags.300683*** %10, align 8 %16 = icmp eq %struct.blk_mq_tags.300683** %15, null br i1 %16, label %228, label %17 %18 = sext i32 %14 to i64 %19 = getelementptr %struct.blk_mq_tags.300683*, %struct.blk_mq_tags.300683** %15, i64 %18 %20 = load %struct.blk_mq_tags.300683*, %struct.blk_mq_tags.300683** %19, align 8 %21 = icmp eq %struct.blk_mq_tags.300683* %20, null br i1 %21, label %228, label %22 %23 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %20, i64 0, i32 1 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %126, label %26 %27 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %20, i64 0, i32 7 %28 = load %struct.request.300693**, %struct.request.300693*** %27, align 8 %29 = icmp eq %struct.request.300693** %28, null br i1 %29, label %126, label %30 %31 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %20, i64 0, i32 4 %32 = load %struct.sbitmap_queue*, %struct.sbitmap_queue** %31, align 8 %33 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %32, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %32, i64 0, i32 0, i32 1 %35 = load i32, i32* %33, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %126, label %37 %38 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %32, i64 0, i32 0, i32 4 %39 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %32, i64 0, i32 0, i32 2 %40 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %20, i64 0, i32 10, i32 0, i32 0 br label %41 %42 = phi i32 [ %35, %37 ], [ %120, %119 ] %43 = phi i32 [ 0, %37 ], [ %124, %119 ] %44 = phi i32 [ 0, %37 ], [ %53, %119 ] store i64 0, i64* %4, align 8 %45 = load %struct.sbitmap_word*, %struct.sbitmap_word** %38, align 8 %46 = zext i32 %43 to i64 %47 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %45, i64 %46, i32 0 %48 = load i64, i64* %47, align 64 %49 = trunc i64 %48 to i32 %50 = sub i32 %42, %44 %51 = icmp ugt i32 %50, %49 %52 = select i1 %51, i32 %49, i32 %50 %53 = add i32 %52, %44 %54 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %45, i64 %46, i32 2 %55 = load i64, i64* %54, align 64 %56 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %45, i64 %46, i32 4 %57 = load i64, i64* %56, align 64 %58 = xor i64 %57, -1 %59 = and i64 %55, %58 store i64 %59, i64* %4, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %119, label %61 %62 = zext i32 %52 to i64 br label %63 %64 = phi i64 [ 0, %61 ], [ %108, %107 ] %65 = and i64 %64, 4294967295 %66 = call i64 @_find_next_bit(i64* nonnull %4, i64* null, i64 %62, i64 %65, i64 0, i64 0) #78 %67 = trunc i64 %66 to i32 %68 = icmp ugt i32 %52, %67 br i1 %68, label %69, label %117 %118 = load i32, i32* %33, align 8 br label %119 %120 = phi i32 [ %118, %117 ], [ %42, %41 ] %121 = add i32 %43, 1 %122 = load i32, i32* %39, align 8 %123 = icmp ult i32 %121, %122 %124 = select i1 %123, i32 %121, i32 0 %125 = icmp ugt i32 %120, %53 br i1 %125, label %41, label %126 %127 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %20, i64 0, i32 7 %128 = load %struct.request.300693**, %struct.request.300693*** %127, align 8 %129 = icmp eq %struct.request.300693** %128, null br i1 %129, label %228, label %130 %131 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %20, i64 0, i32 3 %132 = load %struct.sbitmap_queue*, %struct.sbitmap_queue** %131, align 8 %133 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %132, i64 0, i32 0, i32 0 %134 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %132, i64 0, i32 0, i32 1 %135 = load i32, i32* %133, align 8 %136 = icmp eq i32 %135, 0 br i1 %136, label %228, label %137 %138 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %132, i64 0, i32 0, i32 4 %139 = getelementptr inbounds %struct.sbitmap_queue, %struct.sbitmap_queue* %132, i64 0, i32 0, i32 2 %140 = getelementptr inbounds %struct.blk_mq_tags.300683, %struct.blk_mq_tags.300683* %20, i64 0, i32 10, i32 0, i32 0 br label %141 %142 = phi i32 [ %135, %137 ], [ %222, %221 ] %143 = phi i32 [ 0, %137 ], [ %226, %221 ] %144 = phi i32 [ 0, %137 ], [ %153, %221 ] store i64 0, i64* %5, align 8 %145 = load %struct.sbitmap_word*, %struct.sbitmap_word** %138, align 8 %146 = zext i32 %143 to i64 %147 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %145, i64 %146, i32 0 %148 = load i64, i64* %147, align 64 %149 = trunc i64 %148 to i32 %150 = sub i32 %142, %144 %151 = icmp ugt i32 %150, %149 %152 = select i1 %151, i32 %149, i32 %150 %153 = add i32 %152, %144 %154 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %145, i64 %146, i32 2 %155 = load i64, i64* %154, align 64 %156 = getelementptr %struct.sbitmap_word, %struct.sbitmap_word* %145, i64 %146, i32 4 %157 = load i64, i64* %156, align 64 %158 = xor i64 %157, -1 %159 = and i64 %155, %158 store i64 %159, i64* %5, align 8 %160 = icmp eq i64 %159, 0 br i1 %160, label %221, label %161 %162 = zext i32 %152 to i64 br label %163 %164 = phi i64 [ 0, %161 ], [ %210, %209 ] %165 = and i64 %164, 4294967295 %166 = call i64 @_find_next_bit(i64* nonnull %5, i64* null, i64 %162, i64 %165, i64 0, i64 0) #78 %167 = trunc i64 %166 to i32 %168 = icmp ugt i32 %152, %167 br i1 %168, label %169, label %219 %170 = load i32, i32* %134, align 4 %171 = shl i32 %143, %170 %172 = add i32 %171, %167 %173 = load i32, i32* %23, align 4 %174 = add i32 %172, %173 %175 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %140) #78 %176 = load %struct.request.300693**, %struct.request.300693*** %127, align 8 %177 = zext i32 %174 to i64 %178 = getelementptr %struct.request.300693*, %struct.request.300693** %176, i64 %177 %179 = load %struct.request.300693*, %struct.request.300693** %178, align 8 %180 = icmp eq %struct.request.300693* %179, null br i1 %180, label %208, label %181 %182 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %179, i64 0, i32 5 %183 = load i32, i32* %182, align 8 %184 = icmp eq i32 %183, %174 br i1 %184, label %185, label %208 %186 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %179, i64 0, i32 24 %187 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %186, i64 0, i32 0, i32 0 %188 = load volatile i32, i32* %187, align 4 %189 = icmp eq i32 %188, 0 br i1 %189, label %200, label %190 %191 = phi i32 [ %198, %197 ], [ %188, %185 ] %192 = add i32 %191, 1 %193 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %187, i32 %192, i32* %187, i32 %191) #6, !srcloc !4 %194 = extractvalue { i8, i32 } %193, 0 %195 = and i8 %194, 1 %196 = icmp eq i8 %195, 0 br i1 %196, label %197, label %200, !prof !5, !misexpect !6 %198 = extractvalue { i8, i32 } %193, 1 %199 = icmp eq i32 %198, 0 br i1 %199, label %200, label %190 %201 = phi i32 [ 0, %185 ], [ %191, %190 ], [ 0, %197 ] %202 = add i32 %201, 1 %203 = or i32 %202, %201 %204 = icmp sgt i32 %203, -1 br i1 %204, label %206, label %205, !prof !7, !misexpect !6 %207 = icmp eq i32 %201, 0 br i1 %207, label %208, label %211 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %140, i64 %175) #78 %212 = getelementptr inbounds %struct.request.300693, %struct.request.300693* %179, i64 0, i32 23 %213 = load volatile i32, i32* %212, align 8 %214 = icmp eq i32 %213, 0 br i1 %214, label %217, label %215 call void bitcast (void (%struct.request.296153*)* @blk_mq_put_rq_ref to void (%struct.request.300693*)*)(%struct.request.300693* nonnull %179) #78 Function:blk_mq_put_rq_ref %2 = tail call zeroext i1 bitcast (i1 (%struct.request.295259*)* @is_flush_rq to i1 (%struct.request.296153*)*)(%struct.request.296153* %0) #78 br i1 %2, label %3, label %6 %7 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 24 %8 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %7, i64 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call fastcc void @__blk_mq_free_request(%struct.request.296153* %0) #79 Function:__blk_mq_free_request %2 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 0 %3 = load %struct.request_queue.296182*, %struct.request_queue.296182** %2, align 8 %4 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 1 %5 = load %struct.blk_mq_ctx.296146*, %struct.blk_mq_ctx.296146** %4, align 8 %6 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 2 %7 = load %struct.blk_mq_hw_ctx.296144*, %struct.blk_mq_hw_ctx.296144** %6, align 8 %8 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 6 %9 = load i32, i32* %8, align 4 %10 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %3, i64 0, i32 18 %11 = load %struct.device.296127*, %struct.device.296127** %10, align 8 %12 = icmp eq %struct.device.296127* %11, null br i1 %12, label %21, label %13 store %struct.blk_mq_hw_ctx.296144* null, %struct.blk_mq_hw_ctx.296144** %6, align 8 %22 = getelementptr inbounds %struct.request.296153, %struct.request.296153* %0, i64 0, i32 5 %23 = load i32, i32* %22, align 8 %24 = icmp eq i32 %23, -1 br i1 %24, label %28, label %25 %29 = icmp eq i32 %9, -1 br i1 %29, label %33, label %30 tail call void bitcast (void (%struct.blk_mq_hw_ctx.301886*)* @blk_mq_sched_restart to void (%struct.blk_mq_hw_ctx.296144*)*)(%struct.blk_mq_hw_ctx.296144* %7) #78 Function:blk_mq_sched_restart %2 = getelementptr inbounds %struct.blk_mq_hw_ctx.301886, %struct.blk_mq_hw_ctx.301886* %0, i64 0, i32 0, i32 2 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 4 %5 = icmp eq i64 %4, 0 br i1 %5, label %8, label %6 %7 = bitcast i64* %2 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -5, i8* %7) #6, !srcloc !4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.blk_mq_hw_ctx.296144*, i1)* @blk_mq_run_hw_queue to void (%struct.blk_mq_hw_ctx.301886*, i1)*)(%struct.blk_mq_hw_ctx.301886* %0, i1 zeroext true) #78 Function:blk_mq_run_hw_queue %3 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 32 %6 = icmp eq i64 %5, 0 br i1 %6, label %7, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %11 %12 = phi i32 [ 0, %7 ], [ %10, %8 ] %13 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %14 = load %struct.request_queue.296182*, %struct.request_queue.296182** %13, align 8 %15 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %14, i64 0, i32 11 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 16777216 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 1 %21 = getelementptr inbounds %struct.list_head, %struct.list_head* %20, i64 0, i32 0 %22 = load volatile %struct.list_head*, %struct.list_head** %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %23 = icmp eq %struct.list_head* %22, %20 br i1 %23, label %24, label %44 %45 = phi i1 [ true, %28 ], [ true, %24 ], [ %43, %42 ], [ false, %36 ], [ false, %31 ], [ true, %19 ] %46 = load i64, i64* %3, align 8 %47 = and i64 %46, 32 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void @rcu_read_unlock_strict() #78 br label %55 br i1 %45, label %56, label %67 tail call fastcc void @__blk_mq_delay_run_hw_queue(%struct.blk_mq_hw_ctx.296144* %0, i1 zeroext %1, i64 0) #79 Function:__blk_mq_delay_run_hw_queue %4 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 0, i32 2 %5 = load volatile i64, i64* %4, align 8 %6 = and i64 %5, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 br i1 %1, label %23, label %9 %10 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 32 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %23 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %15 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !7 %16 = zext i32 %15 to i64 %17 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 2, i64 0, i32 0, i64 0 %18 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %17, i64 %16) #6, !srcloc !8 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %22, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br label %23 %24 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 3 %25 = load i32, i32* %24, align 32 %26 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 7 %27 = load %struct.request_queue.296182*, %struct.request_queue.296182** %26, align 8 %28 = getelementptr inbounds %struct.request_queue.296182, %struct.request_queue.296182* %27, i64 0, i32 9 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, 1 br i1 %30, label %65, label %31 %66 = phi i32 [ %57, %64 ], [ 64, %63 ], [ 64, %23 ] %67 = getelementptr inbounds %struct.blk_mq_hw_ctx.296144, %struct.blk_mq_hw_ctx.296144* %0, i64 0, i32 1 %68 = trunc i64 %2 to i32 %69 = tail call i64 @__msecs_to_jiffies(i32 %68) #80 %70 = tail call i32 @kblockd_mod_delayed_work_on(i32 %66, %struct.delayed_work* %67, i64 %69) #80 Function:kblockd_mod_delayed_work_on %4 = load %struct.workqueue_struct*, %struct.workqueue_struct** @kblockd_workqueue, align 8 %5 = tail call zeroext i1 @mod_delayed_work_on(i32 %0, %struct.workqueue_struct* %4, %struct.delayed_work* %1, i64 %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_pidlist_stop ------------- Path:  Function:cgroup_pidlist_stop %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.kernfs_open_file** %5 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %4, align 8 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %5, i64 0, i32 3 %7 = bitcast i8** %6 to %struct.cgroup_file_ctx** %8 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %7, align 8 %9 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %8, i64 0, i32 3, i32 0 %10 = load %struct.cgroup_pidlist*, %struct.cgroup_pidlist** %9, align 8 %11 = icmp eq %struct.cgroup_pidlist* %10, null br i1 %11, label %17, label %12 %13 = load %struct.workqueue_struct*, %struct.workqueue_struct** @cgroup_pidlist_destroy_wq, align 8 %14 = getelementptr inbounds %struct.cgroup_pidlist, %struct.cgroup_pidlist* %10, i64 0, i32 5 %15 = tail call zeroext i1 @mod_delayed_work_on(i32 64, %struct.workqueue_struct* %13, %struct.delayed_work* %14, i64 1000) #78 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_pidlist_stop ------------- Path:  Function:cgroup_pidlist_stop %3 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.kernfs_open_file** %5 = load %struct.kernfs_open_file*, %struct.kernfs_open_file** %4, align 8 %6 = getelementptr inbounds %struct.kernfs_open_file, %struct.kernfs_open_file* %5, i64 0, i32 3 %7 = bitcast i8** %6 to %struct.cgroup_file_ctx** %8 = load %struct.cgroup_file_ctx*, %struct.cgroup_file_ctx** %7, align 8 %9 = getelementptr inbounds %struct.cgroup_file_ctx, %struct.cgroup_file_ctx* %8, i64 0, i32 3, i32 0 %10 = load %struct.cgroup_pidlist*, %struct.cgroup_pidlist** %9, align 8 %11 = icmp eq %struct.cgroup_pidlist* %10, null br i1 %11, label %17, label %12 %13 = load %struct.workqueue_struct*, %struct.workqueue_struct** @cgroup_pidlist_destroy_wq, align 8 %14 = getelementptr inbounds %struct.cgroup_pidlist, %struct.cgroup_pidlist* %10, i64 0, i32 5 %15 = tail call zeroext i1 @mod_delayed_work_on(i32 64, %struct.workqueue_struct* %13, %struct.delayed_work* %14, i64 1000) #78 ------------- Good: 1455 Bad: 34 Ignored: 1879 Check Use of Function:nfs_rename Check Use of Function:set_regdom Check Use of Function:selinux_policy_cancel Check Use of Function:proc_ptrace_connector Check Use of Function:selinux_status_update_policyload Check Use of Function:selinux_status_update_setenforce Check Use of Function:i915_sw_fence_complete Check Use of Function:xa_find_after Check Use of Function:acpi_handle_printk Check Use of Function:intel_display_finish_reset Check Use of Function:drm_mode_destroy Check Use of Function:intel_gt_reset Check Use of Function:intel_display_prepare_reset Check Use of Function:intel_legacy_cursor_update Check Use of Function:drm_mode_object_put Check Use of Function:security_shm_associate Use: =BAD PATH= Call Stack: 0 ksys_shmget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #78 Function:compat_ksys_ipc %7 = alloca i64, align 8 %8 = bitcast i64* %7 to %struct.util_est* %9 = alloca i64, align 8 %10 = lshr i32 %0, 16 %11 = trunc i32 %0 to i16 switch i16 %11, label %115 [ i16 1, label %12 i16 4, label %17 i16 2, label %24 i16 3, label %27 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %101 i16 23, label %106 i16 24, label %110 ] %107 = zext i32 %2 to i64 %108 = tail call i64 @ksys_shmget(i32 %1, i64 %107, i32 %3) #78 Function:ksys_shmget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %7 = inttoptr i64 %6 to %struct.task_struct* %8 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %7, i64 0, i32 94 %9 = load %struct.nsproxy*, %struct.nsproxy** %8, align 8 %10 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %9, i64 0, i32 2 %11 = load %struct.ipc_namespace*, %struct.ipc_namespace** %10, align 8 %12 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %12, align 8 %13 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %13, align 4 %14 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2, i32 0 store i64 %1, i64* %14, align 8 %15 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %11, i64 0, i32 0, i64 2 %16 = call i32 bitcast (i32 (%struct.ipc_namespace.264868*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265757*, %struct.ipc_params*)*)(%struct.ipc_namespace* %11, %struct.ipc_ids* %15, %struct.ipc_ops.265757* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_shmget ------------- Path:  Function:__x64_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %8 to i32 %11 = bitcast %struct.ipc_params* %2 to i8* %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct* %14 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %13, i64 0, i32 94 %15 = load %struct.nsproxy*, %struct.nsproxy** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace*, %struct.ipc_namespace** %16, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %10, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %6, i64* %20, align 8 %21 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %17, i64 0, i32 0, i64 2 %22 = call i32 bitcast (i32 (%struct.ipc_namespace.264868*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265757*, %struct.ipc_params*)*)(%struct.ipc_namespace* %17, %struct.ipc_ids* %21, %struct.ipc_ops.265757* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_shmget ------------- Path:  Function:__ia32_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %14 = inttoptr i64 %13 to %struct.task_struct* %15 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %14, i64 0, i32 94 %16 = load %struct.nsproxy*, %struct.nsproxy** %15, align 8 %17 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace*, %struct.ipc_namespace** %17, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %10, i32* %19, align 8 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %20, align 4 %21 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %7, i64* %21, align 8 %22 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %18, i64 0, i32 0, i64 2 %23 = call i32 bitcast (i32 (%struct.ipc_namespace.264868*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace*, %struct.ipc_ids*, %struct.ipc_ops.265757*, %struct.ipc_params*)*)(%struct.ipc_namespace* %18, %struct.ipc_ids* %22, %struct.ipc_ops.265757* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #78 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:usblp_ioctl Check Use of Function:xt_compat_match_offset Check Use of Function:pci_read_config_byte Use: =BAD PATH= Call Stack: 0 subordinate_bus_number_show ------------- Path:  Function:subordinate_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.318968* store i8 0, i8* %4, align 1 %7 = call i32 @pci_read_config_byte(%struct.pci_dev.318968* %6, i32 26, i8* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 secondary_bus_number_show ------------- Path:  Function:secondary_bus_number_show %4 = alloca i8, align 1 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 13 %6 = bitcast %struct.irq_domain** %5 to %struct.pci_dev.318968* store i8 0, i8* %4, align 1 %7 = call i32 @pci_read_config_byte(%struct.pci_dev.318968* %6, i32 25, i8* nonnull %4) #78 ------------- Good: 184 Bad: 2 Ignored: 344 Check Use of Function:drm_atomic_helper_update_plane Check Use of Function:nfs_file_write Check Use of Function:acpi_scan_lock_release Check Use of Function:i915_reset_error_state Check Use of Function:drm_internal_framebuffer_create Check Use of Function:drm_crtc_vblank_get Check Use of Function:drm_crtc_vblank_count Check Use of Function:n_tty_open Check Use of Function:pin_kill Check Use of Function:drm_plane_check_pixel_format Check Use of Function:drm_crtc_vblank_put Check Use of Function:hiddev_ioctl Check Use of Function:drm_framebuffer_lookup Check Use of Function:drm_framebuffer_check_src_coords Check Use of Function:drm_event_reserve_init Check Use of Function:drm_property_change_valid_put Check Use of Function:munlock_vma_page Check Use of Function:drm_mode_crtc_set_obj_prop Check Use of Function:__drm_atomic_state_free Check Use of Function:consume_skb Use: =BAD PATH= Call Stack: 0 msg_zerocopy_callback 1 __pskb_pull_tail 2 skb_vlan_untag 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 tcp_recvmsg 10 inet6_recvmsg 11 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %187 = phi i32 [ %48, %46 ], [ %173, %172 ], [ %185, %176 ], [ %48, %73 ], [ %48, %63 ] %188 = phi i8* [ %47, %46 ], [ %174, %172 ], [ %184, %176 ], [ %47, %73 ], [ %47, %63 ] %189 = zext i32 %187 to i64 %190 = getelementptr i8, i8* %188, i64 %189 %191 = getelementptr inbounds i8, i8* %190, i64 2 %192 = load i8, i8* %191, align 2 %193 = icmp eq i8 %192, 0 br i1 %193, label %254, label %194 %195 = phi i64 [ %243, %240 ], [ 0, %186 ] %196 = phi i8* [ %247, %240 ], [ %190, %186 ] %197 = phi i32 [ %242, %240 ], [ %1, %186 ] %198 = phi i32 [ %241, %240 ], [ 0, %186 ] %199 = getelementptr inbounds i8, i8* %196, i64 48 %200 = bitcast i8* %199 to [17 x %struct.page_frag.756147]* %201 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %195, i32 1 %202 = load i32, i32* %201, align 8 %203 = icmp slt i32 %197, %202 br i1 %203, label %223, label %204 %224 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %195 %225 = sext i32 %198 to i64 %226 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225 %227 = bitcast %struct.page_frag.756147* %226 to i8* %228 = bitcast %struct.page_frag.756147* %224 to i8* %229 = icmp eq i32 %197, 0 br i1 %229, label %238, label %230 %231 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225, i32 2 %232 = load i32, i32* %231, align 4 %233 = add i32 %232, %197 store i32 %233, i32* %231, align 4 %234 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225, i32 1 %235 = load i32, i32* %234, align 8 %236 = sub i32 %235, %197 store i32 %236, i32* %234, align 8 %237 = icmp eq i64 %195, 0 br i1 %237, label %258, label %238 %259 = load i32, i32* %3, align 8 %260 = add i32 %259, %1 store i32 %260, i32* %3, align 8 %261 = load i32, i32* %36, align 4 %262 = sub i32 %261, %1 store i32 %262, i32* %36, align 4 %263 = icmp ne i32 %262, 0 %264 = icmp eq %struct.sk_buff.756266* %0, null %265 = or i1 %264, %263 br i1 %265, label %298, label %266 %267 = load i8*, i8** %39, align 8 %268 = load i32, i32* %6, align 4 %269 = zext i32 %268 to i64 %270 = getelementptr i8, i8* %267, i64 %269 %271 = load i8, i8* %270, align 8 %272 = and i8 %271, 1 %273 = icmp eq i8 %272, 0 br i1 %273, label %298, label %274 %275 = getelementptr inbounds i8, i8* %270, i64 40 %276 = bitcast i8* %275 to %struct.ubuf_info.756629** %277 = load %struct.ubuf_info.756629*, %struct.ubuf_info.756629** %276, align 8 %278 = icmp eq %struct.ubuf_info.756629* %277, null br i1 %278, label %298, label %279 %280 = ptrtoint %struct.ubuf_info.756629* %277 to i64 %281 = and i64 %280, 1 %282 = icmp eq i64 %281, 0 br i1 %282, label %283, label %291 %284 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %277, i64 0, i32 0 %285 = load void (%struct.sk_buff.756266*, %struct.ubuf_info.756629*, i1)*, void (%struct.sk_buff.756266*, %struct.ubuf_info.756629*, i1)** %284, align 8 tail call void %285(%struct.sk_buff.756266* nonnull %0, %struct.ubuf_info.756629* nonnull %277, i1 zeroext false) #79 Function:msg_zerocopy_callback %4 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 1 %5 = bitcast %union.anon.226* %4 to %struct.anon.215.756633* %6 = getelementptr inbounds %struct.anon.215.756633, %struct.anon.215.756633* %5, i64 0, i32 2 %7 = load i8, i8* %6, align 2 %8 = zext i1 %2 to i8 %9 = or i8 %8, -2 %10 = and i8 %7, %9 store i8 %10, i8* %6, align 2 %11 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 2 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = getelementptr %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 -1, i32 1 %22 = bitcast %union.anon.226* %21 to %struct.sk_buff.756266* %23 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 1, i32 0, i32 1 %24 = bitcast i8** %23 to %struct.sock.756300** %25 = load %struct.sock.756300*, %struct.sock.756300** %24, align 8 %26 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 4, i32 0 %27 = load %struct.user_struct*, %struct.user_struct** %26, align 8 %28 = icmp eq %struct.user_struct* %27, null br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 4, i32 1 %31 = load i32, i32* %30, align 8 %32 = zext i32 %31 to i64 %33 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %27, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 %32, i64* %33) #6, !srcloc !8 %34 = load %struct.user_struct*, %struct.user_struct** %26, align 8 tail call void @free_uid(%struct.user_struct* %34) #78 br label %35 %36 = getelementptr inbounds %struct.anon.215.756633, %struct.anon.215.756633* %5, i64 0, i32 1 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %104, label %39 %40 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 0, i32 13, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %104 %45 = bitcast %union.anon.226* %4 to i32* %46 = load i32, i32* %45, align 8 %47 = zext i16 %37 to i32 %48 = add nsw i32 %47, -1 %49 = add i32 %48, %46 %50 = load i8, i8* %6, align 2 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 %53 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 2, i32 0, i32 1 %54 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 28 %55 = bitcast i8** %53 to i8* store i8 5, i8* %54, align 4 %56 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 36 %57 = bitcast i8* %56 to i32* store i32 %49, i32* %57, align 4 %58 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 4, i32 0, i32 1 %59 = bitcast i8** %58 to i32* store i32 %46, i32* %59, align 4 br i1 %52, label %60, label %62 %61 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 30 store i8 1, i8* %61, align 2 br label %62 %63 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4 %64 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 3, i32 0, i32 0 %65 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %64) #78 %66 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 1 %67 = load volatile %struct.sk_buff.756266*, %struct.sk_buff.756266** %66, align 8 %68 = bitcast %struct.sk_buff_head.756025* %63 to %struct.sk_buff.756266* %69 = icmp eq %struct.sk_buff.756266* %67, %68 %70 = icmp eq %struct.sk_buff.756266* %67, null %71 = or i1 %69, %70 br i1 %71, label %94, label %72 %73 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 28 %74 = load i8, i8* %73, align 4 %75 = icmp eq i8 %74, 5 br i1 %75, label %76, label %94 %77 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 32 %78 = bitcast i8* %77 to i32* %79 = load i32, i32* %78, align 4 %80 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 36 %81 = bitcast i8* %80 to i32* %82 = load i32, i32* %81, align 4 %83 = sub i32 %82, %79 %84 = zext i32 %83 to i64 %85 = zext i16 %37 to i64 %86 = add nuw nsw i64 %85, 1 %87 = add nuw nsw i64 %86, %84 %88 = icmp ult i64 %87, 4294967296 %89 = add i32 %82, 1 %90 = icmp eq i32 %89, %46 %91 = and i1 %90, %88 br i1 %91, label %92, label %94 %95 = bitcast %union.anon.226* %21 to %struct.sk_buff.756266** store volatile %struct.sk_buff.756266* %68, %struct.sk_buff.756266** %95, align 8 %96 = getelementptr %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 -1, i32 1, i32 0, i32 1 %97 = bitcast i8** %96 to %struct.sk_buff.756266** store volatile %struct.sk_buff.756266* %67, %struct.sk_buff.756266** %97, align 8 store volatile %struct.sk_buff.756266* %22, %struct.sk_buff.756266** %66, align 8 %98 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %22, %struct.sk_buff.756266** %98, align 8 %99 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 2 %100 = load i32, i32* %99, align 8 %101 = add i32 %100, 1 store volatile i32 %101, i32* %99, align 8 br label %102 %103 = phi %struct.sk_buff.756266* [ null, %94 ], [ %22, %92 ] tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %64, i64 %65) #78 tail call void bitcast (void (%struct.sock.273622*)* @sk_error_report to void (%struct.sock.756300*)*)(%struct.sock.756300* %25) #78 br label %104 %105 = phi %struct.sk_buff.756266* [ %22, %39 ], [ %103, %102 ], [ %22, %35 ] tail call void @consume_skb(%struct.sk_buff.756266* %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 msg_zerocopy_callback 1 __pskb_pull_tail 2 skb_vlan_untag 3 __netif_receive_skb_core 4 __netif_receive_skb_list_core 5 __netif_receive_skb_list 6 netif_receive_skb_list_internal 7 busy_poll_stop 8 napi_busy_loop 9 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %187 = phi i32 [ %48, %46 ], [ %173, %172 ], [ %185, %176 ], [ %48, %73 ], [ %48, %63 ] %188 = phi i8* [ %47, %46 ], [ %174, %172 ], [ %184, %176 ], [ %47, %73 ], [ %47, %63 ] %189 = zext i32 %187 to i64 %190 = getelementptr i8, i8* %188, i64 %189 %191 = getelementptr inbounds i8, i8* %190, i64 2 %192 = load i8, i8* %191, align 2 %193 = icmp eq i8 %192, 0 br i1 %193, label %254, label %194 %195 = phi i64 [ %243, %240 ], [ 0, %186 ] %196 = phi i8* [ %247, %240 ], [ %190, %186 ] %197 = phi i32 [ %242, %240 ], [ %1, %186 ] %198 = phi i32 [ %241, %240 ], [ 0, %186 ] %199 = getelementptr inbounds i8, i8* %196, i64 48 %200 = bitcast i8* %199 to [17 x %struct.page_frag.756147]* %201 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %195, i32 1 %202 = load i32, i32* %201, align 8 %203 = icmp slt i32 %197, %202 br i1 %203, label %223, label %204 %224 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %195 %225 = sext i32 %198 to i64 %226 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225 %227 = bitcast %struct.page_frag.756147* %226 to i8* %228 = bitcast %struct.page_frag.756147* %224 to i8* %229 = icmp eq i32 %197, 0 br i1 %229, label %238, label %230 %231 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225, i32 2 %232 = load i32, i32* %231, align 4 %233 = add i32 %232, %197 store i32 %233, i32* %231, align 4 %234 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225, i32 1 %235 = load i32, i32* %234, align 8 %236 = sub i32 %235, %197 store i32 %236, i32* %234, align 8 %237 = icmp eq i64 %195, 0 br i1 %237, label %258, label %238 %259 = load i32, i32* %3, align 8 %260 = add i32 %259, %1 store i32 %260, i32* %3, align 8 %261 = load i32, i32* %36, align 4 %262 = sub i32 %261, %1 store i32 %262, i32* %36, align 4 %263 = icmp ne i32 %262, 0 %264 = icmp eq %struct.sk_buff.756266* %0, null %265 = or i1 %264, %263 br i1 %265, label %298, label %266 %267 = load i8*, i8** %39, align 8 %268 = load i32, i32* %6, align 4 %269 = zext i32 %268 to i64 %270 = getelementptr i8, i8* %267, i64 %269 %271 = load i8, i8* %270, align 8 %272 = and i8 %271, 1 %273 = icmp eq i8 %272, 0 br i1 %273, label %298, label %274 %275 = getelementptr inbounds i8, i8* %270, i64 40 %276 = bitcast i8* %275 to %struct.ubuf_info.756629** %277 = load %struct.ubuf_info.756629*, %struct.ubuf_info.756629** %276, align 8 %278 = icmp eq %struct.ubuf_info.756629* %277, null br i1 %278, label %298, label %279 %280 = ptrtoint %struct.ubuf_info.756629* %277 to i64 %281 = and i64 %280, 1 %282 = icmp eq i64 %281, 0 br i1 %282, label %283, label %291 %284 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %277, i64 0, i32 0 %285 = load void (%struct.sk_buff.756266*, %struct.ubuf_info.756629*, i1)*, void (%struct.sk_buff.756266*, %struct.ubuf_info.756629*, i1)** %284, align 8 tail call void %285(%struct.sk_buff.756266* nonnull %0, %struct.ubuf_info.756629* nonnull %277, i1 zeroext false) #79 Function:msg_zerocopy_callback %4 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 1 %5 = bitcast %union.anon.226* %4 to %struct.anon.215.756633* %6 = getelementptr inbounds %struct.anon.215.756633, %struct.anon.215.756633* %5, i64 0, i32 2 %7 = load i8, i8* %6, align 2 %8 = zext i1 %2 to i8 %9 = or i8 %8, -2 %10 = and i8 %7, %9 store i8 %10, i8* %6, align 2 %11 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 2 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = getelementptr %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 -1, i32 1 %22 = bitcast %union.anon.226* %21 to %struct.sk_buff.756266* %23 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 1, i32 0, i32 1 %24 = bitcast i8** %23 to %struct.sock.756300** %25 = load %struct.sock.756300*, %struct.sock.756300** %24, align 8 %26 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 4, i32 0 %27 = load %struct.user_struct*, %struct.user_struct** %26, align 8 %28 = icmp eq %struct.user_struct* %27, null br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 4, i32 1 %31 = load i32, i32* %30, align 8 %32 = zext i32 %31 to i64 %33 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %27, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 %32, i64* %33) #6, !srcloc !8 %34 = load %struct.user_struct*, %struct.user_struct** %26, align 8 tail call void @free_uid(%struct.user_struct* %34) #78 br label %35 %36 = getelementptr inbounds %struct.anon.215.756633, %struct.anon.215.756633* %5, i64 0, i32 1 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %104, label %39 %40 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 0, i32 13, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %104 %45 = bitcast %union.anon.226* %4 to i32* %46 = load i32, i32* %45, align 8 %47 = zext i16 %37 to i32 %48 = add nsw i32 %47, -1 %49 = add i32 %48, %46 %50 = load i8, i8* %6, align 2 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 %53 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 2, i32 0, i32 1 %54 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 28 %55 = bitcast i8** %53 to i8* store i8 5, i8* %54, align 4 %56 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 36 %57 = bitcast i8* %56 to i32* store i32 %49, i32* %57, align 4 %58 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 4, i32 0, i32 1 %59 = bitcast i8** %58 to i32* store i32 %46, i32* %59, align 4 br i1 %52, label %60, label %62 %61 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 30 store i8 1, i8* %61, align 2 br label %62 %63 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4 %64 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 3, i32 0, i32 0 %65 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %64) #78 %66 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 1 %67 = load volatile %struct.sk_buff.756266*, %struct.sk_buff.756266** %66, align 8 %68 = bitcast %struct.sk_buff_head.756025* %63 to %struct.sk_buff.756266* %69 = icmp eq %struct.sk_buff.756266* %67, %68 %70 = icmp eq %struct.sk_buff.756266* %67, null %71 = or i1 %69, %70 br i1 %71, label %94, label %72 %73 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 28 %74 = load i8, i8* %73, align 4 %75 = icmp eq i8 %74, 5 br i1 %75, label %76, label %94 %77 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 32 %78 = bitcast i8* %77 to i32* %79 = load i32, i32* %78, align 4 %80 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 36 %81 = bitcast i8* %80 to i32* %82 = load i32, i32* %81, align 4 %83 = sub i32 %82, %79 %84 = zext i32 %83 to i64 %85 = zext i16 %37 to i64 %86 = add nuw nsw i64 %85, 1 %87 = add nuw nsw i64 %86, %84 %88 = icmp ult i64 %87, 4294967296 %89 = add i32 %82, 1 %90 = icmp eq i32 %89, %46 %91 = and i1 %90, %88 br i1 %91, label %92, label %94 %95 = bitcast %union.anon.226* %21 to %struct.sk_buff.756266** store volatile %struct.sk_buff.756266* %68, %struct.sk_buff.756266** %95, align 8 %96 = getelementptr %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 -1, i32 1, i32 0, i32 1 %97 = bitcast i8** %96 to %struct.sk_buff.756266** store volatile %struct.sk_buff.756266* %67, %struct.sk_buff.756266** %97, align 8 store volatile %struct.sk_buff.756266* %22, %struct.sk_buff.756266** %66, align 8 %98 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %22, %struct.sk_buff.756266** %98, align 8 %99 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 2 %100 = load i32, i32* %99, align 8 %101 = add i32 %100, 1 store volatile i32 %101, i32* %99, align 8 br label %102 %103 = phi %struct.sk_buff.756266* [ null, %94 ], [ %22, %92 ] tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %64, i64 %65) #78 tail call void bitcast (void (%struct.sock.273622*)* @sk_error_report to void (%struct.sock.756300*)*)(%struct.sock.756300* %25) #78 br label %104 %105 = phi %struct.sk_buff.756266* [ %22, %39 ], [ %103, %102 ], [ %22, %35 ] tail call void @consume_skb(%struct.sk_buff.756266* %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 msg_zerocopy_callback 1 __pskb_pull_tail 2 packet_parse_headers 3 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %187 = phi i32 [ %48, %46 ], [ %173, %172 ], [ %185, %176 ], [ %48, %73 ], [ %48, %63 ] %188 = phi i8* [ %47, %46 ], [ %174, %172 ], [ %184, %176 ], [ %47, %73 ], [ %47, %63 ] %189 = zext i32 %187 to i64 %190 = getelementptr i8, i8* %188, i64 %189 %191 = getelementptr inbounds i8, i8* %190, i64 2 %192 = load i8, i8* %191, align 2 %193 = icmp eq i8 %192, 0 br i1 %193, label %254, label %194 %195 = phi i64 [ %243, %240 ], [ 0, %186 ] %196 = phi i8* [ %247, %240 ], [ %190, %186 ] %197 = phi i32 [ %242, %240 ], [ %1, %186 ] %198 = phi i32 [ %241, %240 ], [ 0, %186 ] %199 = getelementptr inbounds i8, i8* %196, i64 48 %200 = bitcast i8* %199 to [17 x %struct.page_frag.756147]* %201 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %195, i32 1 %202 = load i32, i32* %201, align 8 %203 = icmp slt i32 %197, %202 br i1 %203, label %223, label %204 %224 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %195 %225 = sext i32 %198 to i64 %226 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225 %227 = bitcast %struct.page_frag.756147* %226 to i8* %228 = bitcast %struct.page_frag.756147* %224 to i8* %229 = icmp eq i32 %197, 0 br i1 %229, label %238, label %230 %231 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225, i32 2 %232 = load i32, i32* %231, align 4 %233 = add i32 %232, %197 store i32 %233, i32* %231, align 4 %234 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225, i32 1 %235 = load i32, i32* %234, align 8 %236 = sub i32 %235, %197 store i32 %236, i32* %234, align 8 %237 = icmp eq i64 %195, 0 br i1 %237, label %258, label %238 %259 = load i32, i32* %3, align 8 %260 = add i32 %259, %1 store i32 %260, i32* %3, align 8 %261 = load i32, i32* %36, align 4 %262 = sub i32 %261, %1 store i32 %262, i32* %36, align 4 %263 = icmp ne i32 %262, 0 %264 = icmp eq %struct.sk_buff.756266* %0, null %265 = or i1 %264, %263 br i1 %265, label %298, label %266 %267 = load i8*, i8** %39, align 8 %268 = load i32, i32* %6, align 4 %269 = zext i32 %268 to i64 %270 = getelementptr i8, i8* %267, i64 %269 %271 = load i8, i8* %270, align 8 %272 = and i8 %271, 1 %273 = icmp eq i8 %272, 0 br i1 %273, label %298, label %274 %275 = getelementptr inbounds i8, i8* %270, i64 40 %276 = bitcast i8* %275 to %struct.ubuf_info.756629** %277 = load %struct.ubuf_info.756629*, %struct.ubuf_info.756629** %276, align 8 %278 = icmp eq %struct.ubuf_info.756629* %277, null br i1 %278, label %298, label %279 %280 = ptrtoint %struct.ubuf_info.756629* %277 to i64 %281 = and i64 %280, 1 %282 = icmp eq i64 %281, 0 br i1 %282, label %283, label %291 %284 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %277, i64 0, i32 0 %285 = load void (%struct.sk_buff.756266*, %struct.ubuf_info.756629*, i1)*, void (%struct.sk_buff.756266*, %struct.ubuf_info.756629*, i1)** %284, align 8 tail call void %285(%struct.sk_buff.756266* nonnull %0, %struct.ubuf_info.756629* nonnull %277, i1 zeroext false) #79 Function:msg_zerocopy_callback %4 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 1 %5 = bitcast %union.anon.226* %4 to %struct.anon.215.756633* %6 = getelementptr inbounds %struct.anon.215.756633, %struct.anon.215.756633* %5, i64 0, i32 2 %7 = load i8, i8* %6, align 2 %8 = zext i1 %2 to i8 %9 = or i8 %8, -2 %10 = and i8 %7, %9 store i8 %10, i8* %6, align 2 %11 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 2 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = getelementptr %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 -1, i32 1 %22 = bitcast %union.anon.226* %21 to %struct.sk_buff.756266* %23 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 1, i32 0, i32 1 %24 = bitcast i8** %23 to %struct.sock.756300** %25 = load %struct.sock.756300*, %struct.sock.756300** %24, align 8 %26 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 4, i32 0 %27 = load %struct.user_struct*, %struct.user_struct** %26, align 8 %28 = icmp eq %struct.user_struct* %27, null br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 4, i32 1 %31 = load i32, i32* %30, align 8 %32 = zext i32 %31 to i64 %33 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %27, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 %32, i64* %33) #6, !srcloc !8 %34 = load %struct.user_struct*, %struct.user_struct** %26, align 8 tail call void @free_uid(%struct.user_struct* %34) #78 br label %35 %36 = getelementptr inbounds %struct.anon.215.756633, %struct.anon.215.756633* %5, i64 0, i32 1 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %104, label %39 %40 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 0, i32 13, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %104 %45 = bitcast %union.anon.226* %4 to i32* %46 = load i32, i32* %45, align 8 %47 = zext i16 %37 to i32 %48 = add nsw i32 %47, -1 %49 = add i32 %48, %46 %50 = load i8, i8* %6, align 2 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 %53 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 2, i32 0, i32 1 %54 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 28 %55 = bitcast i8** %53 to i8* store i8 5, i8* %54, align 4 %56 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 36 %57 = bitcast i8* %56 to i32* store i32 %49, i32* %57, align 4 %58 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 4, i32 0, i32 1 %59 = bitcast i8** %58 to i32* store i32 %46, i32* %59, align 4 br i1 %52, label %60, label %62 %61 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 30 store i8 1, i8* %61, align 2 br label %62 %63 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4 %64 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 3, i32 0, i32 0 %65 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %64) #78 %66 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 1 %67 = load volatile %struct.sk_buff.756266*, %struct.sk_buff.756266** %66, align 8 %68 = bitcast %struct.sk_buff_head.756025* %63 to %struct.sk_buff.756266* %69 = icmp eq %struct.sk_buff.756266* %67, %68 %70 = icmp eq %struct.sk_buff.756266* %67, null %71 = or i1 %69, %70 br i1 %71, label %94, label %72 %73 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 28 %74 = load i8, i8* %73, align 4 %75 = icmp eq i8 %74, 5 br i1 %75, label %76, label %94 %77 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 32 %78 = bitcast i8* %77 to i32* %79 = load i32, i32* %78, align 4 %80 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 36 %81 = bitcast i8* %80 to i32* %82 = load i32, i32* %81, align 4 %83 = sub i32 %82, %79 %84 = zext i32 %83 to i64 %85 = zext i16 %37 to i64 %86 = add nuw nsw i64 %85, 1 %87 = add nuw nsw i64 %86, %84 %88 = icmp ult i64 %87, 4294967296 %89 = add i32 %82, 1 %90 = icmp eq i32 %89, %46 %91 = and i1 %90, %88 br i1 %91, label %92, label %94 %95 = bitcast %union.anon.226* %21 to %struct.sk_buff.756266** store volatile %struct.sk_buff.756266* %68, %struct.sk_buff.756266** %95, align 8 %96 = getelementptr %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 -1, i32 1, i32 0, i32 1 %97 = bitcast i8** %96 to %struct.sk_buff.756266** store volatile %struct.sk_buff.756266* %67, %struct.sk_buff.756266** %97, align 8 store volatile %struct.sk_buff.756266* %22, %struct.sk_buff.756266** %66, align 8 %98 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %22, %struct.sk_buff.756266** %98, align 8 %99 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 2 %100 = load i32, i32* %99, align 8 %101 = add i32 %100, 1 store volatile i32 %101, i32* %99, align 8 br label %102 %103 = phi %struct.sk_buff.756266* [ null, %94 ], [ %22, %92 ] tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %64, i64 %65) #78 tail call void bitcast (void (%struct.sock.273622*)* @sk_error_report to void (%struct.sock.756300*)*)(%struct.sock.756300* %25) #78 br label %104 %105 = phi %struct.sk_buff.756266* [ %22, %39 ], [ %103, %102 ], [ %22, %35 ] tail call void @consume_skb(%struct.sk_buff.756266* %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 msg_zerocopy_callback 1 __pskb_pull_tail 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %187 = phi i32 [ %48, %46 ], [ %173, %172 ], [ %185, %176 ], [ %48, %73 ], [ %48, %63 ] %188 = phi i8* [ %47, %46 ], [ %174, %172 ], [ %184, %176 ], [ %47, %73 ], [ %47, %63 ] %189 = zext i32 %187 to i64 %190 = getelementptr i8, i8* %188, i64 %189 %191 = getelementptr inbounds i8, i8* %190, i64 2 %192 = load i8, i8* %191, align 2 %193 = icmp eq i8 %192, 0 br i1 %193, label %254, label %194 %195 = phi i64 [ %243, %240 ], [ 0, %186 ] %196 = phi i8* [ %247, %240 ], [ %190, %186 ] %197 = phi i32 [ %242, %240 ], [ %1, %186 ] %198 = phi i32 [ %241, %240 ], [ 0, %186 ] %199 = getelementptr inbounds i8, i8* %196, i64 48 %200 = bitcast i8* %199 to [17 x %struct.page_frag.756147]* %201 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %195, i32 1 %202 = load i32, i32* %201, align 8 %203 = icmp slt i32 %197, %202 br i1 %203, label %223, label %204 %224 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %195 %225 = sext i32 %198 to i64 %226 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225 %227 = bitcast %struct.page_frag.756147* %226 to i8* %228 = bitcast %struct.page_frag.756147* %224 to i8* %229 = icmp eq i32 %197, 0 br i1 %229, label %238, label %230 %231 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225, i32 2 %232 = load i32, i32* %231, align 4 %233 = add i32 %232, %197 store i32 %233, i32* %231, align 4 %234 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %200, i64 0, i64 %225, i32 1 %235 = load i32, i32* %234, align 8 %236 = sub i32 %235, %197 store i32 %236, i32* %234, align 8 %237 = icmp eq i64 %195, 0 br i1 %237, label %258, label %238 %259 = load i32, i32* %3, align 8 %260 = add i32 %259, %1 store i32 %260, i32* %3, align 8 %261 = load i32, i32* %36, align 4 %262 = sub i32 %261, %1 store i32 %262, i32* %36, align 4 %263 = icmp ne i32 %262, 0 %264 = icmp eq %struct.sk_buff.756266* %0, null %265 = or i1 %264, %263 br i1 %265, label %298, label %266 %267 = load i8*, i8** %39, align 8 %268 = load i32, i32* %6, align 4 %269 = zext i32 %268 to i64 %270 = getelementptr i8, i8* %267, i64 %269 %271 = load i8, i8* %270, align 8 %272 = and i8 %271, 1 %273 = icmp eq i8 %272, 0 br i1 %273, label %298, label %274 %275 = getelementptr inbounds i8, i8* %270, i64 40 %276 = bitcast i8* %275 to %struct.ubuf_info.756629** %277 = load %struct.ubuf_info.756629*, %struct.ubuf_info.756629** %276, align 8 %278 = icmp eq %struct.ubuf_info.756629* %277, null br i1 %278, label %298, label %279 %280 = ptrtoint %struct.ubuf_info.756629* %277 to i64 %281 = and i64 %280, 1 %282 = icmp eq i64 %281, 0 br i1 %282, label %283, label %291 %284 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %277, i64 0, i32 0 %285 = load void (%struct.sk_buff.756266*, %struct.ubuf_info.756629*, i1)*, void (%struct.sk_buff.756266*, %struct.ubuf_info.756629*, i1)** %284, align 8 tail call void %285(%struct.sk_buff.756266* nonnull %0, %struct.ubuf_info.756629* nonnull %277, i1 zeroext false) #79 Function:msg_zerocopy_callback %4 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 1 %5 = bitcast %union.anon.226* %4 to %struct.anon.215.756633* %6 = getelementptr inbounds %struct.anon.215.756633, %struct.anon.215.756633* %5, i64 0, i32 2 %7 = load i8, i8* %6, align 2 %8 = zext i1 %2 to i8 %9 = or i8 %8, -2 %10 = and i8 %7, %9 store i8 %10, i8* %6, align 2 %11 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 2 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = getelementptr %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 -1, i32 1 %22 = bitcast %union.anon.226* %21 to %struct.sk_buff.756266* %23 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 1, i32 0, i32 1 %24 = bitcast i8** %23 to %struct.sock.756300** %25 = load %struct.sock.756300*, %struct.sock.756300** %24, align 8 %26 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 4, i32 0 %27 = load %struct.user_struct*, %struct.user_struct** %26, align 8 %28 = icmp eq %struct.user_struct* %27, null br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 0, i32 4, i32 1 %31 = load i32, i32* %30, align 8 %32 = zext i32 %31 to i64 %33 = getelementptr inbounds %struct.user_struct, %struct.user_struct* %27, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $1,$0", "=*m,er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %33, i64 %32, i64* %33) #6, !srcloc !8 %34 = load %struct.user_struct*, %struct.user_struct** %26, align 8 tail call void @free_uid(%struct.user_struct* %34) #78 br label %35 %36 = getelementptr inbounds %struct.anon.215.756633, %struct.anon.215.756633* %5, i64 0, i32 1 %37 = load i16, i16* %36, align 4 %38 = icmp eq i16 %37, 0 br i1 %38, label %104, label %39 %40 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 0, i32 13, i32 0 %41 = load volatile i64, i64* %40, align 8 %42 = and i64 %41, 1 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %104 %45 = bitcast %union.anon.226* %4 to i32* %46 = load i32, i32* %45, align 8 %47 = zext i16 %37 to i32 %48 = add nsw i32 %47, -1 %49 = add i32 %48, %46 %50 = load i8, i8* %6, align 2 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 %53 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 2, i32 0, i32 1 %54 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 28 %55 = bitcast i8** %53 to i8* store i8 5, i8* %54, align 4 %56 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 36 %57 = bitcast i8* %56 to i32* store i32 %49, i32* %57, align 4 %58 = getelementptr inbounds %union.anon.226, %union.anon.226* %21, i64 4, i32 0, i32 1 %59 = bitcast i8** %58 to i32* store i32 %46, i32* %59, align 4 br i1 %52, label %60, label %62 %61 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %22, i64 0, i32 3, i64 30 store i8 1, i8* %61, align 2 br label %62 %63 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4 %64 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 3, i32 0, i32 0 %65 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %64) #78 %66 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 1 %67 = load volatile %struct.sk_buff.756266*, %struct.sk_buff.756266** %66, align 8 %68 = bitcast %struct.sk_buff_head.756025* %63 to %struct.sk_buff.756266* %69 = icmp eq %struct.sk_buff.756266* %67, %68 %70 = icmp eq %struct.sk_buff.756266* %67, null %71 = or i1 %69, %70 br i1 %71, label %94, label %72 %73 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 28 %74 = load i8, i8* %73, align 4 %75 = icmp eq i8 %74, 5 br i1 %75, label %76, label %94 %77 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 32 %78 = bitcast i8* %77 to i32* %79 = load i32, i32* %78, align 4 %80 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 3, i64 36 %81 = bitcast i8* %80 to i32* %82 = load i32, i32* %81, align 4 %83 = sub i32 %82, %79 %84 = zext i32 %83 to i64 %85 = zext i16 %37 to i64 %86 = add nuw nsw i64 %85, 1 %87 = add nuw nsw i64 %86, %84 %88 = icmp ult i64 %87, 4294967296 %89 = add i32 %82, 1 %90 = icmp eq i32 %89, %46 %91 = and i1 %90, %88 br i1 %91, label %92, label %94 %95 = bitcast %union.anon.226* %21 to %struct.sk_buff.756266** store volatile %struct.sk_buff.756266* %68, %struct.sk_buff.756266** %95, align 8 %96 = getelementptr %struct.ubuf_info.756629, %struct.ubuf_info.756629* %1, i64 -1, i32 1, i32 0, i32 1 %97 = bitcast i8** %96 to %struct.sk_buff.756266** store volatile %struct.sk_buff.756266* %67, %struct.sk_buff.756266** %97, align 8 store volatile %struct.sk_buff.756266* %22, %struct.sk_buff.756266** %66, align 8 %98 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %67, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %22, %struct.sk_buff.756266** %98, align 8 %99 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %25, i64 0, i32 4, i32 2 %100 = load i32, i32* %99, align 8 %101 = add i32 %100, 1 store volatile i32 %101, i32* %99, align 8 br label %102 %103 = phi %struct.sk_buff.756266* [ null, %94 ], [ %22, %92 ] tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %64, i64 %65) #78 tail call void bitcast (void (%struct.sock.273622*)* @sk_error_report to void (%struct.sock.756300*)*)(%struct.sock.756300* %25) #78 br label %104 %105 = phi %struct.sk_buff.756266* [ %22, %39 ], [ %103, %102 ], [ %22, %35 ] tail call void @consume_skb(%struct.sk_buff.756266* %105) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 tcp_recvmsg 9 inet6_recvmsg 10 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %83 = sub i32 %77, %80 %84 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 0, i32 0, i32 0 %85 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %84, align 8 %86 = icmp eq i32 %83, 0 br i1 %86, label %147, label %76 %148 = phi i64 [ %145, %142 ], [ %49, %82 ] %149 = phi i32 [ %144, %142 ], [ %48, %82 ] %150 = phi i8* [ %143, %142 ], [ %47, %82 ] %151 = phi %struct.sk_buff.756266* [ %118, %142 ], [ null, %82 ] %152 = phi %struct.sk_buff.756266* [ %119, %142 ], [ %85, %82 ] %153 = getelementptr i8, i8* %150, i64 8 %154 = getelementptr inbounds i8, i8* %153, i64 %148 %155 = bitcast i8* %154 to %struct.sk_buff.756266** %156 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %155, align 8 %157 = icmp eq %struct.sk_buff.756266* %156, %152 br i1 %157, label %172, label %158 %159 = phi %struct.sk_buff.756266* [ %170, %158 ], [ %156, %147 ] %160 = phi i8* [ %168, %158 ], [ %154, %147 ] %161 = bitcast %struct.sk_buff.756266* %159 to i64* %162 = load i64, i64* %161, align 8 %163 = bitcast i8* %160 to i64* store i64 %162, i64* %163, align 8 tail call void @consume_skb(%struct.sk_buff.756266* %159) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 skb_vlan_untag 2 __netif_receive_skb_core 3 __netif_receive_skb_list_core 4 __netif_receive_skb_list 5 netif_receive_skb_list_internal 6 busy_poll_stop 7 napi_busy_loop 8 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %140 = trunc i64 %103 to i32 %141 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %140, i32 -1) #4, !srcloc !18 %142 = add i32 %141, 1 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %98 %145 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 11 %146 = load i32, i32* %145, align 8 %147 = icmp eq i32 %146, 0 br i1 %147, label %152, label %148 %149 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 10 tail call fastcc void @netif_receive_skb_list_internal(%struct.list_head* %149) #78 Function:netif_receive_skb_list_internal %2 = alloca %struct.list_head, align 8 %3 = alloca i64, align 8 %4 = alloca %struct.desc_struct*, align 8 %5 = bitcast %struct.list_head* %2 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store volatile %struct.list_head* %2, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %9 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %10 = bitcast %struct.sk_buff.763154* %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %10, %0 br i1 %11, label %40, label %12, !prof !4 %13 = bitcast %struct.list_head** %7 to %struct.sk_buff.763154** br label %14 %15 = phi %struct.list_head* [ %10, %12 ], [ %38, %28 ] %16 = phi %struct.sk_buff.763154* [ %9, %12 ], [ %18, %28 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %19)) #6 to label %28 [label %19], !srcloc !5 %29 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %16, i64 0, i32 0, i32 0, i32 1 %30 = bitcast %struct.sk_buff.763154** %29 to %struct.list_head** %31 = load %struct.list_head*, %struct.list_head** %30, align 8 %32 = bitcast %struct.sk_buff.763154* %16 to %struct.list_head** %33 = load %struct.list_head*, %struct.list_head** %32, align 8 %34 = getelementptr inbounds %struct.list_head, %struct.list_head* %33, i64 0, i32 1 store %struct.list_head* %31, %struct.list_head** %34, align 8 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %31, i64 0, i32 0 store volatile %struct.list_head* %33, %struct.list_head** %35, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %17, align 8 %36 = load %struct.list_head*, %struct.list_head** %7, align 8 store %struct.sk_buff.763154* %16, %struct.sk_buff.763154** %13, align 8 store %struct.list_head* %2, %struct.list_head** %32, align 8 store %struct.list_head* %36, %struct.list_head** %30, align 8 %37 = getelementptr inbounds %struct.list_head, %struct.list_head* %36, i64 0, i32 0 store volatile %struct.list_head* %15, %struct.list_head** %37, align 8 %38 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %39 = icmp eq %struct.list_head* %38, %0 br i1 %39, label %40, label %14, !prof !4 %41 = load volatile %struct.list_head*, %struct.list_head** %6, align 8 %42 = icmp eq %struct.list_head* %41, %2 br i1 %42, label %50, label %43 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rps_needed, i64 0, i32 0), i32 2, i8* blockaddress(@netif_receive_skb_list_internal, %51)) #6 to label %81 [label %51], !srcloc !5 %52 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %8, align 8 %53 = bitcast %struct.sk_buff.763154* %52 to %struct.list_head* %54 = icmp eq %struct.list_head* %53, %0 br i1 %54, label %81, label %55 %56 = bitcast i64* %3 to i8* %57 = bitcast %struct.desc_struct** %4 to i8* %58 = bitcast %struct.desc_struct** %4 to i64** br label %59 %60 = phi %struct.sk_buff.763154* [ %52, %55 ], [ %62, %78 ] %61 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 0 %62 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %61, align 8 store i64 0, i64* %3, align 8 store i64* %3, i64** %58, align 8 %63 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 2, i32 0 %64 = load %struct.net_device.763141*, %struct.net_device.763141** %63, align 8 %65 = call fastcc i32 @get_rps_cpu(%struct.net_device.763141* %64, %struct.sk_buff.763154* %60, %struct.desc_struct** nonnull %4) #79 %66 = icmp sgt i32 %65, -1 br i1 %66, label %67, label %78 %68 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %60, i64 0, i32 0, i32 0, i32 1 %69 = bitcast %struct.sk_buff.763154** %68 to %struct.list_head** %70 = load %struct.list_head*, %struct.list_head** %69, align 8 %71 = bitcast %struct.sk_buff.763154* %60 to %struct.list_head** %72 = load %struct.list_head*, %struct.list_head** %71, align 8 %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 1 store %struct.list_head* %70, %struct.list_head** %73, align 8 %74 = getelementptr inbounds %struct.list_head, %struct.list_head* %70, i64 0, i32 0 store volatile %struct.list_head* %72, %struct.list_head** %74, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %61, align 8 %75 = load %struct.desc_struct*, %struct.desc_struct** %4, align 8 %76 = getelementptr inbounds %struct.desc_struct, %struct.desc_struct* %75, i64 0, i32 2 %77 = call fastcc i32 @enqueue_to_backlog(%struct.sk_buff.763154* %60, i32 %65, i32* %76) #79 br label %78 %79 = bitcast %struct.sk_buff.763154* %62 to %struct.list_head* %80 = icmp eq %struct.list_head* %79, %0 br i1 %80, label %81, label %59 call fastcc void @__netif_receive_skb_list(%struct.list_head* %0) #79 Function:__netif_receive_skb_list %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %4 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %3, align 8 %5 = bitcast %struct.sk_buff.763154* %4 to %struct.list_head* %6 = icmp eq %struct.list_head* %5, %0 br i1 %6, label %70, label %7 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 br label %12 %13 = phi %struct.list_head* [ %5, %7 ], [ %68, %65 ] %14 = phi %struct.sk_buff.763154* [ %4, %7 ], [ %18, %65 ] %15 = phi i64 [ 0, %7 ], [ %67, %65 ] %16 = phi i8 [ 0, %7 ], [ %66, %65 ] %17 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %14, i64 0, i32 0, i32 0, i32 0 %18 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %17, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @memalloc_socks_key to %struct.static_key_false*), i64 0, i32 0), i32 2, i8* blockaddress(@__netif_receive_skb_list, %19)) #6 to label %24 [label %19], !srcloc !4 %25 = phi i1 [ %23, %19 ], [ false, %12 ] %26 = and i8 %16, 1 %27 = icmp ne i8 %26, 0 %28 = icmp eq i8 %26, 0 %29 = xor i1 %28, %25 br i1 %29, label %65, label %30 %66 = phi i8 [ %46, %63 ], [ %16, %24 ] %67 = phi i64 [ %64, %63 ], [ %15, %24 ] %68 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head* %69 = icmp eq %struct.list_head* %68, %0 br i1 %69, label %70, label %12 %71 = phi i8 [ 0, %1 ], [ %66, %65 ] %72 = phi i64 [ 0, %1 ], [ %67, %65 ] %73 = getelementptr inbounds %struct.list_head, %struct.list_head* %0, i64 0, i32 0 %74 = load volatile %struct.list_head*, %struct.list_head** %73, align 8 %75 = icmp eq %struct.list_head* %74, %0 %76 = and i8 %71, 1 br i1 %75, label %79, label %77 %78 = icmp ne i8 %76, 0 call fastcc void @__netif_receive_skb_list_core(%struct.list_head* %0, i1 zeroext %78) #78 Function:__netif_receive_skb_list_core %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.sk_buff.763154*, align 8 %5 = alloca %struct.packet_type*, align 8 %6 = bitcast %struct.list_head* %3 to i8* %7 = bitcast %struct.sk_buff.763154** %4 to i8* %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store volatile %struct.list_head* %3, %struct.list_head** %8, align 8 %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store volatile %struct.list_head* %3, %struct.list_head** %9, align 8 %10 = bitcast %struct.list_head* %0 to %struct.sk_buff.763154** %11 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %10, align 8 store %struct.sk_buff.763154* %11, %struct.sk_buff.763154** %4, align 8 %12 = bitcast %struct.sk_buff.763154* %11 to %struct.list_head* %13 = icmp eq %struct.list_head* %12, %0 br i1 %13, label %125, label %14 %15 = bitcast %struct.packet_type** %5 to i8* %16 = bitcast %struct.sk_buff.763154** %4 to %struct.list_head** br label %17 %18 = phi %struct.sk_buff.763154* [ %11, %14 ], [ %22, %85 ] %19 = phi %struct.packet_type* [ null, %14 ], [ %87, %85 ] %20 = phi %struct.net_device.763141* [ null, %14 ], [ %86, %85 ] %21 = getelementptr %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 0 %22 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %21, align 8 %23 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 2, i32 0 %24 = load %struct.net_device.763141*, %struct.net_device.763141** %23, align 8 store %struct.packet_type* null, %struct.packet_type** %5, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %18, i64 0, i32 0, i32 0, i32 1 %26 = bitcast %struct.sk_buff.763154** %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast %struct.sk_buff.763154* %18 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store volatile %struct.list_head* %29, %struct.list_head** %31, align 8 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %21, align 8 %32 = call fastcc i32 @__netif_receive_skb_core(%struct.sk_buff.763154** nonnull %4, i1 zeroext %1, %struct.packet_type** nonnull %5) #78 Function:__netif_receive_skb_core %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = alloca %struct.tcf_result, align 8 %6 = alloca %struct.xdp_buff.763021, align 8 %7 = alloca %struct.sk_buff.763154*, align 8 %8 = bitcast %struct.sk_buff.763154** %7 to i8* %9 = bitcast %struct.sk_buff.763154** %0 to i64* %10 = load i64, i64* %9, align 8 %11 = bitcast %struct.sk_buff.763154** %7 to i64* store i64 %10, i64* %11, align 8 %12 = inttoptr i64 %10 to %struct.sk_buff.763154* callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @netstamp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %13)) #6 to label %22 [label %13], !srcloc !4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_netif_receive_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__netif_receive_skb_core, %23)) #6 to label %37 [label %23], !srcloc !4 %38 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 0, i32 0, i32 2, i32 0 %39 = load %struct.net_device.763141*, %struct.net_device.763141** %38, align 8 %40 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 41 %41 = bitcast i8** %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 40 %44 = bitcast i8** %43 to i64* %45 = load i64, i64* %44, align 8 %46 = sub i64 %42, %45 %47 = trunc i64 %46 to i16 %48 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 35 store i16 %47, i16* %48, align 4 %49 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 34 %50 = load i16, i16* %49, align 2 %51 = icmp eq i16 %50, -1 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 36 %55 = load i16, i16* %54, align 2 %56 = sub i16 %47, %55 %57 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %12, i64 0, i32 8 store i16 %56, i16* %57, align 8 %58 = bitcast %struct.xdp_buff.763021* %6 to i8* %59 = bitcast %struct.tcf_result* %5 to i8* %60 = getelementptr inbounds %struct.tcf_result, %struct.tcf_result* %5, i64 0, i32 0, i32 0, i32 1 %61 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %62 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 %64 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %65 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 %66 = bitcast %struct.net_device.763141** %64 to i8* %67 = bitcast %struct.net.762977** %65 to i64* %68 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 br label %69 %70 = phi %struct.net_device.763141* [ %39, %53 ], [ %574, %570 ] %71 = phi %struct.sk_buff.763154* [ %12, %53 ], [ %571, %570 ] %72 = phi i32 [ 1, %53 ], [ %572, %570 ] %73 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %70, i64 0, i32 17 %74 = load i32, i32* %73, align 16 %75 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %71, i64 0, i32 22 store i32 %74, i32* %75, align 8 call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2), i32* getelementptr inbounds (%struct.softnet_data.763159, %struct.softnet_data.763159* @softnet_data, i64 0, i32 2)) #6, !srcloc !9 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.device_dma_parameters* } } }* @generic_xdp_needed_key to %struct.static_key*), i32 2, i8* blockaddress(@__netif_receive_skb_core, %76)) #6 to label %96 [label %76], !srcloc !4 call void @migrate_disable() #78 %77 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %78 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %77, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.763141*, %struct.net_device.763141** %78, align 8 %80 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %79, i64 0, i32 75 %81 = load volatile %struct.bpf_prog.762827*, %struct.bpf_prog.762827** %80, align 64 %82 = icmp eq %struct.bpf_prog.762827* %81, null br i1 %82, label %94, label %83 call void @migrate_enable() #78 br label %96 %97 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %98 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %97, i64 0, i32 33 %99 = load i16, i16* %98, align 8 switch i16 %99, label %103 [ i16 129, label %100 i16 -22392, label %100 ] %104 = phi %struct.sk_buff.763154* [ %97, %96 ], [ %101, %100 ] %105 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %104, i64 0, i32 18 %106 = load i16, i16* %105, align 2 %107 = and i16 %106, 2048 %108 = icmp eq i16 %107, 0 br i1 %108, label %111, label %109 %110 = and i16 %106, -2049 store i16 %110, i16* %105, align 2 br label %459 %460 = phi i16 [ %458, %452 ], [ %110, %109 ] %461 = phi %struct.sk_buff.763154* [ %453, %452 ], [ %104, %109 ] %462 = phi i64 [ %454, %452 ], [ 0, %109 ] %463 = phi i32 [ %455, %452 ], [ %72, %109 ] br i1 %1, label %464, label %470 %471 = and i16 %460, 1 %472 = icmp eq i16 %471, 0 br i1 %472, label %517, label %473 %518 = phi %struct.sk_buff.763154* [ %461, %470 ], [ %515, %513 ] %519 = phi i64 [ %462, %470 ], [ 0, %513 ] %520 = phi i32 [ %463, %470 ], [ %514, %513 ] %521 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 0, i32 0, i32 2, i32 0 %522 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %523 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %522, i64 0, i32 78 %524 = load volatile i32 (%struct.sk_buff.763154**)*, i32 (%struct.sk_buff.763154**)** %523, align 8 %525 = icmp eq i32 (%struct.sk_buff.763154**)* %524, null br i1 %525, label %576, label %526 %527 = inttoptr i64 %519 to %struct.packet_type* %528 = icmp eq i64 %519, 0 br i1 %528, label %565, label %529 %530 = icmp eq %struct.sk_buff.763154* %518, null br i1 %530, label %549, label %531 %532 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 40 %533 = load i8*, i8** %532, align 8 %534 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 39 %535 = load i32, i32* %534, align 4 %536 = zext i32 %535 to i64 %537 = getelementptr i8, i8* %533, i64 %536 %538 = load i8, i8* %537, align 8 %539 = and i8 %538, 1 %540 = icmp eq i8 %539, 0 br i1 %540, label %549, label %541 %542 = getelementptr inbounds i8, i8* %537, i64 40 %543 = bitcast i8* %542 to %struct.ubuf_info.763182** %544 = load %struct.ubuf_info.763182*, %struct.ubuf_info.763182** %543, align 8 %545 = icmp eq %struct.ubuf_info.763182* %544, null br i1 %545, label %549, label %546, !prof !12, !misexpect !13 %547 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32)* @skb_copy_ubufs to i32 (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* nonnull %518, i32 2592) #78 %548 = icmp eq i32 %547, 0 br i1 %548, label %549, label %565, !prof !12, !misexpect !11 %550 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %518, i64 0, i32 43 %551 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %550, i64 0, i32 0, i32 0 %552 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %551, i32 1, i32* %551) #6, !srcloc !14 %553 = icmp eq i32 %552, 0 br i1 %553, label %558, label %554, !prof !10, !misexpect !11 %555 = add i32 %552, 1 %556 = or i32 %555, %552 %557 = icmp sgt i32 %556, -1 br i1 %557, label %560, label %558, !prof !12, !misexpect !11 %559 = phi i32 [ 2, %549 ], [ 1, %554 ] call void @refcount_warn_saturate(%struct.seqcount_spinlock* %550, i32 %559) #78 br label %560 %561 = getelementptr inbounds %struct.packet_type, %struct.packet_type* %527, i64 0, i32 3 %562 = load i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)*, i32 (%struct.sk_buff.763154*, %struct.net_device.763141*, %struct.packet_type*, %struct.net_device.763141*)** %561, align 8 %563 = load %struct.net_device.763141*, %struct.net_device.763141** %521, align 8 %564 = call i32 %562(%struct.sk_buff.763154* %518, %struct.net_device.763141* %563, %struct.packet_type* nonnull %527, %struct.net_device.763141* %39) #78 br label %565 %566 = phi i32 [ %520, %526 ], [ -12, %546 ], [ %564, %560 ] %567 = call i32 %524(%struct.sk_buff.763154** nonnull %7) #78 switch i32 %567, label %575 [ i32 0, label %867 i32 1, label %568 i32 2, label %579 i32 3, label %576 ] %580 = phi i64 [ %577, %576 ], [ 0, %565 ] %581 = phi i32 [ %578, %576 ], [ %566, %565 ] %582 = phi i1 [ false, %576 ], [ true, %565 ] %583 = phi i1 [ true, %576 ], [ false, %565 ] %584 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %7, align 8 %585 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %584, i64 0, i32 18 %586 = load i16, i16* %585, align 2 %587 = and i16 %586, 1 %588 = icmp eq i16 %587, 0 br i1 %588, label %613, label %589, !prof !12, !misexpect !11 %590 = phi %struct.sk_buff.763154* [ %607, %603 ], [ %584, %579 ] %591 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 25 %592 = load i16, i16* %591, align 2 %593 = and i16 %592, 4095 %594 = icmp eq i16 %593, 0 br i1 %594, label %600, label %595 %601 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 33 %602 = load i16, i16* %601, align 8 switch i16 %602, label %609 [ i16 129, label %603 i16 -22392, label %603 ] %604 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %590, i64 0, i32 18 %605 = load i16, i16* %604, align 2 %606 = and i16 %605, -2 store i16 %606, i16* %604, align 2 %607 = call %struct.sk_buff.763154* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*)* @skb_vlan_untag to %struct.sk_buff.763154* (%struct.sk_buff.763154*)*)(%struct.sk_buff.763154* %590) #78 Function:skb_vlan_untag %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 18 %3 = load i16, i16* %2, align 2 %4 = and i16 %3, 1 %5 = icmp eq i16 %4, 0 br i1 %5, label %6, label %179, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43, i32 0, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 1 br i1 %9, label %15, label %10 %11 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #78 %12 = icmp eq %struct.sk_buff.756266* %11, null br i1 %12, label %14, label %13, !prof !6, !misexpect !7 tail call void @consume_skb(%struct.sk_buff.756266* %0) #78 br label %17 %18 = phi %struct.sk_buff.756266* [ %11, %13 ], [ %0, %15 ] %19 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 6 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %18, i64 0, i32 7 %22 = load i32, i32* %21, align 4 %23 = sub i32 %20, %22 %24 = icmp ult i32 %23, 6 br i1 %24, label %25, label %33, !prof !6, !misexpect !7 %26 = icmp ult i32 %20, 6 br i1 %26, label %177, label %27, !prof !6, !misexpect !5 %28 = sub nuw nsw i32 6, %23 %29 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* nonnull %18, i32 %28) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %83 = sub i32 %77, %80 %84 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 0, i32 0, i32 0 %85 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %84, align 8 %86 = icmp eq i32 %83, 0 br i1 %86, label %147, label %76 %148 = phi i64 [ %145, %142 ], [ %49, %82 ] %149 = phi i32 [ %144, %142 ], [ %48, %82 ] %150 = phi i8* [ %143, %142 ], [ %47, %82 ] %151 = phi %struct.sk_buff.756266* [ %118, %142 ], [ null, %82 ] %152 = phi %struct.sk_buff.756266* [ %119, %142 ], [ %85, %82 ] %153 = getelementptr i8, i8* %150, i64 8 %154 = getelementptr inbounds i8, i8* %153, i64 %148 %155 = bitcast i8* %154 to %struct.sk_buff.756266** %156 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %155, align 8 %157 = icmp eq %struct.sk_buff.756266* %156, %152 br i1 %157, label %172, label %158 %159 = phi %struct.sk_buff.756266* [ %170, %158 ], [ %156, %147 ] %160 = phi i8* [ %168, %158 ], [ %154, %147 ] %161 = bitcast %struct.sk_buff.756266* %159 to i64* %162 = load i64, i64* %161, align 8 %163 = bitcast i8* %160 to i64* store i64 %162, i64* %163, align 8 tail call void @consume_skb(%struct.sk_buff.756266* %159) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 packet_parse_headers 2 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %83 = sub i32 %77, %80 %84 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 0, i32 0, i32 0 %85 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %84, align 8 %86 = icmp eq i32 %83, 0 br i1 %86, label %147, label %76 %148 = phi i64 [ %145, %142 ], [ %49, %82 ] %149 = phi i32 [ %144, %142 ], [ %48, %82 ] %150 = phi i8* [ %143, %142 ], [ %47, %82 ] %151 = phi %struct.sk_buff.756266* [ %118, %142 ], [ null, %82 ] %152 = phi %struct.sk_buff.756266* [ %119, %142 ], [ %85, %82 ] %153 = getelementptr i8, i8* %150, i64 8 %154 = getelementptr inbounds i8, i8* %153, i64 %148 %155 = bitcast i8* %154 to %struct.sk_buff.756266** %156 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %155, align 8 %157 = icmp eq %struct.sk_buff.756266* %156, %152 br i1 %157, label %172, label %158 %159 = phi %struct.sk_buff.756266* [ %170, %158 ], [ %156, %147 ] %160 = phi i8* [ %168, %158 ], [ %154, %147 ] %161 = bitcast %struct.sk_buff.756266* %159 to i64* %162 = load i64, i64* %161, align 8 %163 = bitcast i8* %160 to i64* store i64 %162, i64* %163, align 8 tail call void @consume_skb(%struct.sk_buff.756266* %159) #78 ------------- Use: =BAD PATH= Call Stack: 0 __pskb_pull_tail 1 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %83 = sub i32 %77, %80 %84 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 0, i32 0, i32 0 %85 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %84, align 8 %86 = icmp eq i32 %83, 0 br i1 %86, label %147, label %76 %148 = phi i64 [ %145, %142 ], [ %49, %82 ] %149 = phi i32 [ %144, %142 ], [ %48, %82 ] %150 = phi i8* [ %143, %142 ], [ %47, %82 ] %151 = phi %struct.sk_buff.756266* [ %118, %142 ], [ null, %82 ] %152 = phi %struct.sk_buff.756266* [ %119, %142 ], [ %85, %82 ] %153 = getelementptr i8, i8* %150, i64 8 %154 = getelementptr inbounds i8, i8* %153, i64 %148 %155 = bitcast i8* %154 to %struct.sk_buff.756266** %156 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %155, align 8 %157 = icmp eq %struct.sk_buff.756266* %156, %152 br i1 %157, label %172, label %158 %159 = phi %struct.sk_buff.756266* [ %170, %158 ], [ %156, %147 ] %160 = phi i8* [ %168, %158 ], [ %154, %147 ] %161 = bitcast %struct.sk_buff.756266* %159 to i64* %162 = load i64, i64* %161, align 8 %163 = bitcast i8* %160 to i64* store i64 %162, i64* %163, align 8 tail call void @consume_skb(%struct.sk_buff.756266* %159) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_notify 1 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #78 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #78 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #78 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #78 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #78 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #78 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.756266*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_notify 1 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #78 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #78 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #78 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #78 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #78 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #78 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.756266*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_notify 1 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #78 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #78 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 105 %7 = load %struct.audit_context*, %struct.audit_context** %6, align 64 %8 = icmp eq %struct.audit_context* %7, null br i1 %8, label %14, label %9 %15 = icmp eq %struct.sigevent* %1, null br i1 %15, label %63, label %16 %17 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %18 = load i32, i32* %17, align 4 %19 = icmp ult i32 %18, 3 br i1 %19, label %20, label %201 switch i32 %18, label %63 [ i32 0, label %21 i32 2, label %25 ] %26 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %27 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #78 %28 = icmp eq %struct.sk_buff* %27, null br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %31 = load i8*, i8** %30, align 8 %32 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %33 = load i8*, i8** %32, align 8 %34 = tail call i64 @_copy_from_user(i8* %31, i8* %33, i64 32) #78 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %60 %37 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @skb_put to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %27, i32 32) #78 %38 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %39 %40 = load i32, i32* %38, align 8 %41 = call i64 @__fdget(i32 %40) #78 %42 = and i64 %41, -4 %43 = inttoptr i64 %42 to %struct.file* %44 = icmp eq i64 %42, 0 br i1 %44, label %62, label %45 br label %198 %199 = phi %struct.sk_buff* [ %193, %192 ], [ %27, %60 ], [ %27, %62 ] %200 = phi i32 [ %195, %192 ], [ %61, %60 ], [ -9, %62 ] call void bitcast (void (%struct.sk_buff.756266*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %199) #78 ------------- Use: =BAD PATH= Call Stack: 0 __neigh_event_send 1 __ip_do_redirect 2 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.836545*, %struct.sk_buff.836958*)*)(%struct.neighbour.836545* %181, %struct.sk_buff.836958* null) #78 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #78 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %14 = and i32 %6, 5 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %77 %78 = and i32 %6, 4 %79 = icmp eq i32 %78, 0 br i1 %79, label %126, label %80 %81 = and i8 %5, 27 %82 = icmp eq i8 %81, 0 br i1 %82, label %98, label %83 store i8 8, i8* %4, align 1 %99 = load volatile i64, i64* @jiffies, align 64 %100 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 4 store i64 %99, i64* %100, align 8 %101 = load volatile i64, i64* @jiffies, align 64 %102 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %103 = load %struct.neigh_parms*, %struct.neigh_parms** %102, align 8 %104 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %103, i64 0, i32 10, i64 6 %105 = load i32, i32* %104, align 4 %106 = sext i32 %105 to i64 %107 = add i64 %101, %106 %108 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 6 %109 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %108, i64 0, i32 0, i32 0 %110 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32 1, i32* %109) #6, !srcloc !8 %111 = icmp eq i32 %110, 0 br i1 %111, label %116, label %112, !prof !9, !misexpect !6 %113 = add i32 %110, 1 %114 = or i32 %113, %110 %115 = icmp sgt i32 %114, -1 br i1 %115, label %118, label %116, !prof !5, !misexpect !6 %117 = phi i32 [ 2, %98 ], [ 1, %112 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %108, i32 %117) #78 br label %118 %119 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 9 %120 = tail call i32 @mod_timer(%struct.timer_list* %119, i64 %107) #78 %121 = icmp eq i32 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load i8, i8* %4, align 1 %124 = zext i8 %123 to i32 %125 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.15.63750, i64 0, i64 0), i32 %124) #79 tail call void @dump_stack() #79 br label %126 %127 = phi i1 [ true, %122 ], [ true, %118 ], [ false, %70 ], [ false, %66 ], [ true, %77 ] %128 = load i8, i8* %4, align 1 %129 = icmp eq i8 %128, 1 br i1 %129, label %130, label %226 %131 = icmp eq %struct.sk_buff* %1, null br i1 %131, label %226, label %132 %133 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 7 %134 = load i32, i32* %133, align 4 %135 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 42 %136 = load i32, i32* %135, align 8 %137 = add i32 %136, %134 %138 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %139 = load %struct.neigh_parms*, %struct.neigh_parms** %138, align 8 %140 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %139, i64 0, i32 10, i64 8 %141 = load i32, i32* %140, align 4 %142 = icmp ugt i32 %137, %141 br i1 %142, label %143, label %179 %144 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %145 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %144, i64 0, i32 0 %146 = bitcast %struct.sk_buff_head* %144 to %struct.sk_buff* %147 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %148 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 br label %149 %150 = load %struct.sk_buff*, %struct.sk_buff** %145, align 8 %151 = icmp eq %struct.sk_buff* %150, %146 %152 = icmp eq %struct.sk_buff* %150, null %153 = or i1 %151, %152 br i1 %153, label %179, label %154 %155 = load i32, i32* %147, align 8 %156 = add i32 %155, -1 store volatile i32 %156, i32* %147, align 8 %157 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 0 %158 = load %struct.sk_buff*, %struct.sk_buff** %157, align 8 %159 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 0, i32 0, i32 1 %160 = load %struct.sk_buff*, %struct.sk_buff** %159, align 8 %161 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %158, i64 0, i32 0, i32 0, i32 1 %162 = bitcast %struct.sk_buff* %150 to i8* store volatile %struct.sk_buff* %160, %struct.sk_buff** %161, align 8 %163 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %160, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %158, %struct.sk_buff** %163, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %150, i64 0, i32 42 %165 = load i32, i32* %164, align 8 %166 = load i32, i32* %133, align 4 %167 = sub i32 %166, %165 store i32 %167, i32* %133, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %150, i32 0) #78 %168 = load %struct.neigh_table*, %struct.neigh_table** %148, align 8 %169 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %168, i64 0, i32 28 %170 = load %struct.neigh_statistics*, %struct.neigh_statistics** %169, align 8 %171 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %170, i64 0, i32 10 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %171, i64* %171) #6, !srcloc !10 %172 = load i32, i32* %133, align 4 %173 = load i32, i32* %135, align 8 %174 = add i32 %173, %172 %175 = load %struct.neigh_parms*, %struct.neigh_parms** %138, align 8 %176 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %175, i64 0, i32 10, i64 8 %177 = load i32, i32* %176, align 4 %178 = icmp ugt i32 %174, %177 br i1 %178, label %149, label %179 %180 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 4, i32 0, i32 0 %181 = load i64, i64* %180, align 8 %182 = and i64 %181, 1 %183 = icmp ne i64 %182, 0 %184 = icmp ugt i64 %181, 1 %185 = and i1 %184, %183 br i1 %185, label %186, label %212 %213 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %214 = bitcast %struct.sk_buff_head* %213 to %struct.sk_buff* %215 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 1 %216 = load %struct.sk_buff*, %struct.sk_buff** %215, align 8 %217 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %214, %struct.sk_buff** %217, align 8 %218 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 0, i32 0, i32 1 store volatile %struct.sk_buff* %216, %struct.sk_buff** %218, align 8 store volatile %struct.sk_buff* %1, %struct.sk_buff** %215, align 8 %219 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %216, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %1, %struct.sk_buff** %219, align 8 %220 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 %221 = load i32, i32* %220, align 8 %222 = add i32 %221, 1 store volatile i32 %222, i32* %220, align 8 %223 = load i32, i32* %135, align 8 %224 = load i32, i32* %133, align 4 %225 = add i32 %224, %223 store i32 %225, i32* %133, align 4 br label %226 %227 = phi i32 [ 0, %126 ], [ 1, %130 ], [ 1, %212 ] br i1 %127, label %249, label %228 %229 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %230 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 1 %231 = load volatile %struct.sk_buff*, %struct.sk_buff** %230, align 8 %232 = bitcast %struct.sk_buff_head* %229 to %struct.sk_buff* %233 = icmp eq %struct.sk_buff* %231, %232 %234 = icmp eq %struct.sk_buff* %231, null %235 = or i1 %233, %234 br i1 %235, label %238, label %236 %237 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %231, i32 2592) #78 br label %238 %239 = phi %struct.sk_buff* [ %237, %236 ], [ null, %228 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %240 = bitcast %struct.rwlock_t* %3 to i8* store volatile i8 0, i8* %240, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %241 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 22 %242 = load %struct.neigh_ops*, %struct.neigh_ops** %241, align 8 %243 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %242, i64 0, i32 1 %244 = load void (%struct.neighbour*, %struct.sk_buff*)*, void (%struct.neighbour*, %struct.sk_buff*)** %243, align 8 %245 = icmp eq void (%struct.neighbour*, %struct.sk_buff*)* %244, null br i1 %245, label %247, label %246 %248 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 11, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %248, i32* %248) #6, !srcloc !14 tail call void bitcast (void (%struct.sk_buff.756266*)* @consume_skb to void (%struct.sk_buff*)*)(%struct.sk_buff* %239) #78 ------------- Good: 729 Bad: 12 Ignored: 2569 Check Use of Function:drm_atomic_helper_page_flip Check Use of Function:audit_log Check Use of Function:drm_atomic_set_property Check Use of Function:drm_mode_object_find Use: =BAD PATH= Call Stack: 0 intel_sprite_set_colorkey_ioctl ------------- Path:  Function:intel_sprite_set_colorkey_ioctl %4 = alloca %struct.drm_modeset_acquire_ctx, align 8 %5 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.418528* %6 = bitcast %struct.drm_modeset_acquire_ctx* %4 to i8* %7 = getelementptr inbounds i8, i8* %1, i64 16 %8 = bitcast i8* %7 to i32* %9 = load i32, i32* %8, align 4 %10 = and i32 %9, -2 store i32 %10, i32* %8, align 4 %11 = icmp ugt i32 %9, 7 %12 = and i32 %9, 6 %13 = icmp eq i32 %12, 6 %14 = or i1 %11, %13 br i1 %14, label %182, label %15 %16 = getelementptr inbounds %struct.drm_i915_private.418528, %struct.drm_i915_private.418528* %5, i64 0, i32 4, i32 0, i64 0 %17 = load i32, i32* %16, align 4 %18 = and i32 %17, 9437184 %19 = icmp eq i32 %18, 0 %20 = and i32 %9, 2 %21 = icmp eq i32 %20, 0 %22 = or i1 %21, %19 br i1 %22, label %23, label %182 %24 = bitcast i8* %1 to i32* %25 = load i32, i32* %24, align 4 %26 = tail call %struct.drm_mode_object.382314* @drm_mode_object_find(%struct.drm_device.382396* %0, %struct.drm_file* %2, i32 %25, i32 -286331154) #78 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = alloca %struct.i915_gem_ww_ctx.557252, align 8 %6 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.557472* %7 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.intel_overlay** %9 = load %struct.intel_overlay*, %struct.intel_overlay** %8, align 8 %10 = icmp eq %struct.intel_overlay* %9, null br i1 %10, label %11, label %18 %19 = bitcast i8* %1 to i32* %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 16777216 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %25 %26 = getelementptr inbounds i8, i8* %1, i64 32 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = tail call %struct.drm_mode_object.382314* @drm_mode_object_find(%struct.drm_device.382396* %0, %struct.drm_file* %2, i32 %28, i32 -858993460) #78 ------------- Use: =BAD PATH= Call Stack: 0 intel_get_pipe_from_crtc_id_ioctl ------------- Path:  Function:intel_get_pipe_from_crtc_id_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 4 %6 = tail call %struct.drm_mode_object.382314* @drm_mode_object_find(%struct.drm_device.382396* %0, %struct.drm_file* %2, i32 %5, i32 -858993460) #78 ------------- Good: 6 Bad: 3 Ignored: 15 Check Use of Function:nfs_umount_begin Check Use of Function:ext4_set_iomap Check Use of Function:drm_gem_fb_create_handle Check Use of Function:pci_bus_write_config_byte Check Use of Function:i915_request_add Check Use of Function:i915_request_create Check Use of Function:__ext4_fc_track_unlink Check Use of Function:__i915_gem_object_flush_frontbuffer Check Use of Function:drm_modeset_lock_all Use: =BAD PATH= Call Stack: 0 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.557472* %5 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %6 = bitcast %struct.list_head** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %16 tail call void bitcast (void (%struct.drm_device.397555*)* @drm_modeset_lock_all to void (%struct.drm_device.382396*)*)(%struct.drm_device.382396* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = alloca %struct.i915_gem_ww_ctx.557252, align 8 %6 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.557472* %7 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 14, i32 30, i32 1, i32 0, i32 0, i32 3, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.intel_overlay** %9 = load %struct.intel_overlay*, %struct.intel_overlay** %8, align 8 %10 = icmp eq %struct.intel_overlay* %9, null br i1 %10, label %11, label %18 %19 = bitcast i8* %1 to i32* %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 16777216 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %25 tail call void bitcast (void (%struct.drm_device.397555*)* @drm_modeset_lock_all to void (%struct.drm_device.382396*)*)(%struct.drm_device.382396* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 wm_latency_write 1 pri_wm_latency_write ------------- Path:  Function:pri_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.438758** %10 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %10, i64 0, i32 96, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %10, i64 0, i32 96, i32 0, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #78 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.438758** %14 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #78 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.39873, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #79 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.397555*)* @drm_modeset_lock_all to void (%struct.drm_device.382396*)*)(%struct.drm_device.382396* %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 wm_latency_write 1 spr_wm_latency_write ------------- Path:  Function:spr_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.438758** %10 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %10, i64 0, i32 96, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %10, i64 0, i32 96, i32 1, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #78 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.438758** %14 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #78 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.39873, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #79 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.397555*)* @drm_modeset_lock_all to void (%struct.drm_device.382396*)*)(%struct.drm_device.382396* %15) #78 ------------- Use: =BAD PATH= Call Stack: 0 wm_latency_write 1 cur_wm_latency_write ------------- Path:  Function:cur_wm_latency_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.seq_file** %7 = load %struct.seq_file*, %struct.seq_file** %6, align 8 %8 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %7, i64 0, i32 11 %9 = bitcast i8** %8 to %struct.drm_i915_private.438758** %10 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %9, align 8 %11 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %10, i64 0, i32 3, i32 17, i32 0 %12 = load i8, i8* %11, align 1 %13 = icmp ugt i8 %12, 8 %14 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %10, i64 0, i32 96, i32 3, i64 0 %15 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %10, i64 0, i32 96, i32 2, i64 0 %16 = select i1 %13, i16* %14, i16* %15 %17 = tail call fastcc i64 @wm_latency_write(%struct.file* %0, i8* %1, i64 %2, i16* %16) #78 Function:wm_latency_write %5 = bitcast i16* %3 to i8* %6 = alloca [8 x i16], align 16 %7 = bitcast [8 x i16]* %6 to i8* %8 = alloca [32 x i8], align 16 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.seq_file** %11 = load %struct.seq_file*, %struct.seq_file** %10, align 8 %12 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %11, i64 0, i32 11 %13 = bitcast i8** %12 to %struct.drm_i915_private.438758** %14 = load %struct.drm_i915_private.438758*, %struct.drm_i915_private.438758** %13, align 8 %15 = getelementptr inbounds %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %14, i64 0, i32 0 %16 = getelementptr inbounds [32 x i8], [32 x i8]* %8, i64 0, i64 0 %17 = getelementptr %struct.drm_i915_private.438758, %struct.drm_i915_private.438758* %14, i64 0, i32 4, i32 0, i64 0 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = and i64 %19, 8388608 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %34 %23 = and i64 %19, 1048576 %24 = icmp eq i64 %23, 0 br i1 %24, label %25, label %34 %35 = phi i32 [ %33, %31 ], [ 3, %4 ], [ 1, %22 ], [ 3, %25 ] %36 = icmp ugt i64 %2, 31 br i1 %36, label %58, label %37 %38 = call i64 @_copy_from_user(i8* nonnull %16, i8* %1, i64 %2) #78 %39 = icmp eq i64 %38, 0 br i1 %39, label %40, label %58 %41 = getelementptr [32 x i8], [32 x i8]* %8, i64 0, i64 %2 store i8 0, i8* %41, align 1 %42 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 0 %43 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 1 %44 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 2 %45 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 3 %46 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 4 %47 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 5 %48 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 6 %49 = getelementptr inbounds [8 x i16], [8 x i16]* %6, i64 0, i64 7 %50 = call i32 (i8*, i8*, ...) @sscanf(i8* nonnull %16, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.21.39873, i64 0, i64 0), i16* nonnull %42, i16* %43, i16* %44, i16* %45, i16* %46, i16* %47, i16* %48, i16* %49) #79 %51 = icmp eq i32 %50, %35 br i1 %51, label %52, label %58 call void bitcast (void (%struct.drm_device.397555*)* @drm_modeset_lock_all to void (%struct.drm_device.382396*)*)(%struct.drm_device.382396* %15) #78 ------------- Good: 13 Bad: 5 Ignored: 20 Check Use of Function:__ip_tunnel_create Check Use of Function:drm_modeset_unlock_all Check Use of Function:drm_gem_object_free Use: =BAD PATH= Call Stack: 0 i915_gem_pwrite_ioctl ------------- Path:  Function:i915_gem_pwrite_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_mm_node, align 8 %6 = bitcast i8* %1 to %struct.rseq_cs* %7 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %382, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %382, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %382, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #78 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.449204* %38 = icmp eq i8* %36, null br i1 %38, label %63, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !8 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !9 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !10, !misexpect !9 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #78 br label %60 %61 = icmp eq i32 %55, 0 %62 = select i1 %61, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %37 br label %63 %64 = phi %struct.drm_i915_gem_object.449204* [ null, %31 ], [ %62, %60 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 tail call void @rcu_read_unlock_strict() #78 %65 = icmp eq %struct.drm_i915_gem_object.449204* %64, null br i1 %65, label %382, label %66 %67 = getelementptr inbounds i8, i8* %1, i64 8 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 5 %71 = load i64, i64* %70, align 8 %72 = icmp ugt i64 %71, %69 br i1 %72, label %73, label %369 %74 = load i64, i64* %19, align 8 %75 = sub i64 %71, %69 %76 = icmp ugt i64 %74, %75 br i1 %76, label %369, label %77 %78 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 11 %79 = load i64, i64* %78, align 8 %80 = and i64 %79, 16 %81 = icmp eq i64 %80, 0 br i1 %81, label %82, label %369 %370 = phi i32 [ %104, %103 ], [ %107, %106 ], [ %368, %367 ], [ %240, %239 ], [ %238, %237 ], [ -22, %73 ], [ -22, %77 ], [ -22, %66 ] %371 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %372 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %373 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %372, i32 -1, i32* %372) #6, !srcloc !26 %374 = icmp eq i32 %373, 1 br i1 %374, label %380, label %375 %381 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !27 call void @drm_gem_object_free(%struct.qspinlock* %381) #78, !callees !28 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_pread_ioctl ------------- Path:  Function:i915_gem_pread_ioctl %4 = alloca %struct.drm_mm_node, align 8 %5 = alloca i32, align 4 %6 = bitcast i8* %1 to %struct.rseq_cs* %7 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 15 %8 = bitcast %struct.mutex* %7 to i8* %9 = load i8, i8* %8, align 8 %10 = icmp ugt i8 %9, 11 br i1 %10, label %11, label %17 %12 = getelementptr %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 21, i32 1 %13 = bitcast %struct.list_head** %12 to i32* %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %321, label %17 %18 = getelementptr inbounds i8, i8* %1, i64 16 %19 = bitcast i8* %18 to i64* %20 = load i64, i64* %19, align 8 %21 = icmp eq i64 %20, 0 br i1 %21, label %321, label %22 %23 = getelementptr inbounds i8, i8* %1, i64 24 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 8 %26 = tail call i64 asm sideeffect "# ALT: oldnstr\0A661:\0A\09movq $2,$0\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word (16*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09movq $3,$0\0A6651:\0A.popsection\0A", "=r,i,i,i,~{dirflag},~{fpsr},~{flags}"(i32 0, i64 140737488351232, i64 72057594037923840) #6, !srcloc !4 %27 = add i64 %25, %20 %28 = icmp ult i64 %27, %20 %29 = icmp ugt i64 %27, %26 %30 = or i1 %28, %29 br i1 %30, label %321, label %31, !prof !5, !misexpect !6 %32 = bitcast i8* %1 to i32* %33 = load i32, i32* %32, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %35 = zext i32 %33 to i64 %36 = tail call i8* @idr_find(%struct.idr* %34, i64 %35) #78 %37 = bitcast i8* %36 to %struct.drm_i915_gem_object.449204* %38 = icmp eq i8* %36, null br i1 %38, label %63, label %39 %40 = bitcast i8* %36 to %struct.seqcount_spinlock* %41 = bitcast i8* %36 to i32* %42 = load volatile i32, i32* %41, align 4 %43 = icmp eq i32 %42, 0 br i1 %43, label %54, label %44 %45 = phi i32 [ %52, %51 ], [ %42, %39 ] %46 = add i32 %45, 1 %47 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %41, i32 %46, i32* nonnull %41, i32 %45) #6, !srcloc !8 %48 = extractvalue { i8, i32 } %47, 0 %49 = and i8 %48, 1 %50 = icmp eq i8 %49, 0 br i1 %50, label %51, label %54, !prof !5, !misexpect !9 %52 = extractvalue { i8, i32 } %47, 1 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %44 %55 = phi i32 [ 0, %39 ], [ %45, %44 ], [ 0, %51 ] %56 = add i32 %55, 1 %57 = or i32 %56, %55 %58 = icmp sgt i32 %57, -1 br i1 %58, label %60, label %59, !prof !10, !misexpect !9 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %40, i32 0) #78 br label %60 %61 = icmp eq i32 %55, 0 %62 = select i1 %61, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %37 br label %63 %64 = phi %struct.drm_i915_gem_object.449204* [ null, %31 ], [ %62, %60 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 tail call void @rcu_read_unlock_strict() #78 %65 = icmp eq %struct.drm_i915_gem_object.449204* %64, null br i1 %65, label %321, label %66 %67 = getelementptr inbounds i8, i8* %1, i64 8 %68 = bitcast i8* %67 to i64* %69 = load i64, i64* %68, align 8 %70 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 5 %71 = load i64, i64* %70, align 8 %72 = icmp ugt i64 %71, %69 br i1 %72, label %73, label %308 %74 = load i64, i64* %19, align 8 %75 = sub i64 %71, %69 %76 = icmp ugt i64 %74, %75 br i1 %76, label %308, label %77 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_gem_object_pread to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_pread_ioctl, %78)) #6 to label %92 [label %78], !srcloc !12 %93 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 1 %94 = load %struct.drm_i915_gem_object_ops.449188*, %struct.drm_i915_gem_object_ops.449188** %93, align 8 %95 = getelementptr inbounds %struct.drm_i915_gem_object_ops.449188, %struct.drm_i915_gem_object_ops.449188* %94, i64 0, i32 5 %96 = load i32 (%struct.drm_i915_gem_object.449204*, %struct.rseq_cs*)*, i32 (%struct.drm_i915_gem_object.449204*, %struct.rseq_cs*)** %95, align 8 %97 = icmp eq i32 (%struct.drm_i915_gem_object.449204*, %struct.rseq_cs*)* %96, null br i1 %97, label %101, label %98 %102 = tail call i32 bitcast (i32 (%struct.drm_i915_gem_object.502359*, i32, i64)* @i915_gem_object_wait to i32 (%struct.drm_i915_gem_object.449204*, i32, i64)*)(%struct.drm_i915_gem_object.449204* nonnull %64, i32 1, i64 9223372036854775807) #78 %103 = icmp eq i32 %102, 0 br i1 %103, label %104, label %308 %105 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %106 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 9 %107 = load %struct.dma_resv*, %struct.dma_resv** %106, align 8 %108 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %107, i64 0, i32 0 %109 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %108, %struct.ww_acquire_ctx* null) #78 %110 = icmp eq i32 %109, -114 %111 = select i1 %110, i32 0, i32 %109 switch i32 %111, label %208 [ i32 -35, label %112 i32 0, label %124 ] %113 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %114 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %115 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %114, i32 1, i32* %114) #6, !srcloc !17 %116 = icmp eq i32 %115, 0 br i1 %116, label %121, label %117, !prof !5, !misexpect !9 %118 = add i32 %115, 1 %119 = or i32 %118, %115 %120 = icmp sgt i32 %119, -1 br i1 %120, label %123, label %121, !prof !10, !misexpect !9 %122 = phi i32 [ 2, %112 ], [ 1, %117 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %113, i32 %122) #78 br label %123 store %struct.drm_i915_gem_object.449204* %64, %struct.drm_i915_gem_object.449204** inttoptr (i64 40 to %struct.drm_i915_gem_object.449204**), align 8 br label %308 %309 = phi i32 [ %99, %98 ], [ %102, %101 ], [ %307, %306 ], [ %209, %208 ], [ -22, %73 ], [ -22, %66 ], [ -35, %123 ] %310 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %311 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %312 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %311, i32 -1, i32* %311) #6, !srcloc !25 %313 = icmp eq i32 %312, 1 br i1 %313, label %319, label %314 %320 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %64, i64 0, i32 0, i32 0, i32 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !26 call void @drm_gem_object_free(%struct.qspinlock* %320) #78, !callees !27 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.436889* %5 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %4, i64 0, i32 60, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %151, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #78 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.436906* %15 = icmp eq i8* %13, null br i1 %15, label %40, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !5 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !6, !misexpect !7 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #78 br label %37 %38 = icmp eq i32 %32, 0 %39 = select i1 %38, %struct.drm_i915_gem_object.436906* null, %struct.drm_i915_gem_object.436906* %14 br label %40 %41 = phi %struct.drm_i915_gem_object.436906* [ null, %8 ], [ %39, %37 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %42 = icmp eq %struct.drm_i915_gem_object.436906* %41, null br i1 %42, label %151, label %43 %44 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %41, i64 0, i32 1 %45 = load %struct.drm_i915_gem_object_ops.436893*, %struct.drm_i915_gem_object_ops.436893** %44, align 8 %46 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436893, %struct.drm_i915_gem_object_ops.436893* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = and i32 %47, 4 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %138 %139 = phi i32 [ %132, %129 ], [ -6, %43 ], [ -22, %89 ], [ -22, %103 ], [ -22, %61 ], [ -22, %67 ], [ -22, %71 ], [ -22, %73 ], [ -22, %75 ], [ -22, %99 ], [ -22, %94 ] %140 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %41, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %141 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %41, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 -1, i32* %141) #6, !srcloc !11 %143 = icmp eq i32 %142, 1 br i1 %143, label %149, label %144 %150 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %41, i64 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @drm_gem_object_free(%struct.qspinlock* %150) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_mmap ------------- Path:  Function:i915_gem_mmap %3 = alloca i32, align 4 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.drm_file** %6 = load %struct.drm_file*, %struct.drm_file** %5, align 8 %7 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %6, i64 0, i32 13 %8 = load %struct.drm_minor*, %struct.drm_minor** %7, align 8 %9 = getelementptr inbounds %struct.drm_minor, %struct.drm_minor* %8, i64 0, i32 3 %10 = load %struct.drm_device.382396*, %struct.drm_device.382396** %9, align 8 %11 = bitcast i32* %3 to i8* store i32 0, i32* %3, align 4 %12 = call zeroext i1 @drm_dev_enter(%struct.drm_device.382396* %10, i32* nonnull %3) #78 br i1 %12, label %14, label %13 %15 = load i32, i32* %3, align 4 call void @drm_dev_exit(i32 %15) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %10, i64 0, i32 33 %17 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %18 = getelementptr inbounds %struct.drm_vma_offset_manager, %struct.drm_vma_offset_manager* %17, i64 0, i32 0 call void @_raw_read_lock(%struct.rwlock_t* %18) #78 %19 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %20 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = sub i64 %23, %25 %27 = lshr i64 %26, 12 %28 = call %struct.drm_vma_offset_node* @drm_vma_offset_lookup_locked(%struct.drm_vma_offset_manager* %19, i64 %21, i64 %27) #78 %29 = icmp eq %struct.drm_vma_offset_node* %28, null br i1 %29, label %98, label %30 %31 = getelementptr inbounds %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 0, i32 1, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, %21 br i1 %33, label %34, label %98 %35 = call zeroext i1 @drm_vma_node_is_allowed(%struct.drm_vma_offset_node* nonnull %28, %struct.drm_file* %6) #78 br i1 %35, label %36, label %98 %37 = getelementptr inbounds %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 0, i32 3 %38 = load i8*, i8** %37, align 8 %39 = icmp eq i8* %38, null br i1 %39, label %40, label %70 %71 = getelementptr %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 -1, i32 1, i32 12 %72 = bitcast i64* %71 to %struct.drm_i915_gem_object.449204* %73 = icmp eq i64* %71, null br i1 %73, label %98, label %74 %75 = bitcast i64* %71 to %struct.seqcount_spinlock* %76 = bitcast i64* %71 to i32* %77 = load volatile i32, i32* %76, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %89, label %79 %80 = phi i32 [ %87, %86 ], [ %77, %74 ] %81 = add i32 %80, 1 %82 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %76, i32 %81, i32* nonnull %76, i32 %80) #6, !srcloc !5 %83 = extractvalue { i8, i32 } %82, 0 %84 = and i8 %83, 1 %85 = icmp eq i8 %84, 0 br i1 %85, label %86, label %89, !prof !6, !misexpect !7 %87 = extractvalue { i8, i32 } %82, 1 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %79 %90 = phi i32 [ 0, %74 ], [ 0, %86 ], [ %80, %79 ] %91 = add i32 %90, 1 %92 = or i32 %91, %90 %93 = icmp sgt i32 %92, -1 br i1 %93, label %95, label %94, !prof !8, !misexpect !7 call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %75, i32 0) #78 br label %95 %96 = icmp eq i32 %90, 0 %97 = select i1 %96, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %72 br label %98 %99 = phi i32 [ -13, %34 ], [ -13, %40 ], [ -13, %70 ], [ -22, %14 ], [ -22, %30 ], [ -13, %67 ], [ -13, %95 ] %100 = phi %struct.drm_vma_offset_node* [ %28, %34 ], [ %28, %40 ], [ %28, %70 ], [ null, %14 ], [ null, %30 ], [ %28, %67 ], [ %28, %95 ] %101 = phi %struct.i915_mmap_offset.449284* [ null, %34 ], [ %41, %40 ], [ null, %70 ], [ null, %14 ], [ null, %30 ], [ %41, %67 ], [ null, %95 ] %102 = phi %struct.drm_i915_gem_object.449204* [ null, %34 ], [ null, %40 ], [ null, %70 ], [ null, %14 ], [ null, %30 ], [ %69, %67 ], [ %97, %95 ] %103 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %104 = getelementptr inbounds %struct.drm_vma_offset_manager, %struct.drm_vma_offset_manager* %103, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %105 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %104, i32 -512, i32* %104) #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void @rcu_read_unlock_strict() #78 %106 = icmp eq %struct.drm_i915_gem_object.449204* %102, null br i1 %106, label %242, label %107 %108 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %102, i64 0, i32 11 %109 = load i64, i64* %108, align 8 %110 = and i64 %109, 16 %111 = icmp eq i64 %110, 0 br i1 %111, label %131, label %112 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %132 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %10, i64 20, i32 30, i32 1, i32 1 %133 = bitcast %struct.list_head* %132 to %struct.file** %134 = load volatile %struct.file*, %struct.file** %133, align 8 %135 = icmp eq %struct.file* %134, null br i1 %135, label %150, label %136 %137 = getelementptr inbounds %struct.file, %struct.file* %134, i64 0, i32 6, i32 0 %138 = load volatile i64, i64* %137, align 8 %139 = icmp eq i64 %138, 0 br i1 %139, label %150, label %140, !prof !6, !misexpect !7 %141 = phi i64 [ %148, %147 ], [ %138, %136 ] %142 = add i64 %141, 1 %143 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %137, i64 %142, i64* %137, i64 %141) #6, !srcloc !14 %144 = extractvalue { i8, i64 } %143, 0 %145 = and i8 %144, 1 %146 = icmp eq i8 %145, 0 br i1 %146, label %147, label %150, !prof !6, !misexpect !7 %148 = extractvalue { i8, i64 } %143, 1 %149 = icmp eq i64 %148, 0 br i1 %149, label %150, label %140, !prof !6, !misexpect !7 %151 = phi %struct.file* [ null, %131 ], [ null, %136 ], [ %134, %140 ], [ null, %147 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void @rcu_read_unlock_strict() #78 %152 = icmp eq %struct.file* %151, null br i1 %152, label %153, label %166 %167 = phi %struct.file* [ %155, %157 ], [ %151, %150 ], [ %155, %153 ] %168 = icmp ugt %struct.file* %167, inttoptr (i64 -4096 to %struct.file*) br i1 %168, label %169, label %184 %170 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %102, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %171 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %102, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %172 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 -1, i32* %171) #6, !srcloc !12 %173 = icmp eq i32 %172, 1 br i1 %173, label %179, label %174 %180 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %102, i64 0, i32 0, i32 0, i32 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @drm_gem_object_free(%struct.qspinlock* %180) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_mmap ------------- Path:  Function:i915_gem_mmap %3 = alloca i32, align 4 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.drm_file** %6 = load %struct.drm_file*, %struct.drm_file** %5, align 8 %7 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %6, i64 0, i32 13 %8 = load %struct.drm_minor*, %struct.drm_minor** %7, align 8 %9 = getelementptr inbounds %struct.drm_minor, %struct.drm_minor* %8, i64 0, i32 3 %10 = load %struct.drm_device.382396*, %struct.drm_device.382396** %9, align 8 %11 = bitcast i32* %3 to i8* store i32 0, i32* %3, align 4 %12 = call zeroext i1 @drm_dev_enter(%struct.drm_device.382396* %10, i32* nonnull %3) #78 br i1 %12, label %14, label %13 %15 = load i32, i32* %3, align 4 call void @drm_dev_exit(i32 %15) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %10, i64 0, i32 33 %17 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %18 = getelementptr inbounds %struct.drm_vma_offset_manager, %struct.drm_vma_offset_manager* %17, i64 0, i32 0 call void @_raw_read_lock(%struct.rwlock_t* %18) #78 %19 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %20 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 13 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = sub i64 %23, %25 %27 = lshr i64 %26, 12 %28 = call %struct.drm_vma_offset_node* @drm_vma_offset_lookup_locked(%struct.drm_vma_offset_manager* %19, i64 %21, i64 %27) #78 %29 = icmp eq %struct.drm_vma_offset_node* %28, null br i1 %29, label %98, label %30 %31 = getelementptr inbounds %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 0, i32 1, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, %21 br i1 %33, label %34, label %98 %35 = call zeroext i1 @drm_vma_node_is_allowed(%struct.drm_vma_offset_node* nonnull %28, %struct.drm_file* %6) #78 br i1 %35, label %36, label %98 %37 = getelementptr inbounds %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 0, i32 3 %38 = load i8*, i8** %37, align 8 %39 = icmp eq i8* %38, null br i1 %39, label %40, label %70 %71 = getelementptr %struct.drm_vma_offset_node, %struct.drm_vma_offset_node* %28, i64 -1, i32 1, i32 12 %72 = bitcast i64* %71 to %struct.drm_i915_gem_object.449204* %73 = icmp eq i64* %71, null br i1 %73, label %98, label %74 %75 = bitcast i64* %71 to %struct.seqcount_spinlock* %76 = bitcast i64* %71 to i32* %77 = load volatile i32, i32* %76, align 4 %78 = icmp eq i32 %77, 0 br i1 %78, label %89, label %79 %80 = phi i32 [ %87, %86 ], [ %77, %74 ] %81 = add i32 %80, 1 %82 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %76, i32 %81, i32* nonnull %76, i32 %80) #6, !srcloc !5 %83 = extractvalue { i8, i32 } %82, 0 %84 = and i8 %83, 1 %85 = icmp eq i8 %84, 0 br i1 %85, label %86, label %89, !prof !6, !misexpect !7 %87 = extractvalue { i8, i32 } %82, 1 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %79 %90 = phi i32 [ 0, %74 ], [ 0, %86 ], [ %80, %79 ] %91 = add i32 %90, 1 %92 = or i32 %91, %90 %93 = icmp sgt i32 %92, -1 br i1 %93, label %95, label %94, !prof !8, !misexpect !7 call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %75, i32 0) #78 br label %95 %96 = icmp eq i32 %90, 0 %97 = select i1 %96, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %72 br label %98 %99 = phi i32 [ -13, %34 ], [ -13, %40 ], [ -13, %70 ], [ -22, %14 ], [ -22, %30 ], [ -13, %67 ], [ -13, %95 ] %100 = phi %struct.drm_vma_offset_node* [ %28, %34 ], [ %28, %40 ], [ %28, %70 ], [ null, %14 ], [ null, %30 ], [ %28, %67 ], [ %28, %95 ] %101 = phi %struct.i915_mmap_offset.449284* [ null, %34 ], [ %41, %40 ], [ null, %70 ], [ null, %14 ], [ null, %30 ], [ %41, %67 ], [ null, %95 ] %102 = phi %struct.drm_i915_gem_object.449204* [ null, %34 ], [ null, %40 ], [ null, %70 ], [ null, %14 ], [ null, %30 ], [ %69, %67 ], [ %97, %95 ] %103 = load %struct.drm_vma_offset_manager*, %struct.drm_vma_offset_manager** %16, align 8 %104 = getelementptr inbounds %struct.drm_vma_offset_manager, %struct.drm_vma_offset_manager* %103, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %105 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %104, i32 -512, i32* %104) #6, !srcloc !9 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void @rcu_read_unlock_strict() #78 %106 = icmp eq %struct.drm_i915_gem_object.449204* %102, null br i1 %106, label %242, label %107 %108 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %102, i64 0, i32 11 %109 = load i64, i64* %108, align 8 %110 = and i64 %109, 16 %111 = icmp eq i64 %110, 0 br i1 %111, label %131, label %112 %113 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %1, i64 0, i32 8 %114 = load i64, i64* %113, align 8 %115 = and i64 %114, 2 %116 = icmp eq i64 %115, 0 br i1 %116, label %129, label %117 %118 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %102, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %119 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %102, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %120 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %119, i32 -1, i32* %119) #6, !srcloc !12 %121 = icmp eq i32 %120, 1 br i1 %121, label %127, label %122 %128 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %102, i64 0, i32 0, i32 0, i32 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 call void @drm_gem_object_free(%struct.qspinlock* %128) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %166 %10 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.449467* %11 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 15 %12 = bitcast %struct.mutex* %11 to i8* %13 = load i8, i8* %12, align 8 %14 = zext i8 %13 to i32 %15 = shl nuw nsw i32 %14, 8 %16 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %10, i64 0, i32 3, i32 1 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i32 %19 = or i32 %15, %18 %20 = icmp ugt i32 %19, 3072 br i1 %20, label %166, label %21 %22 = getelementptr inbounds i8, i8* %1, i64 32 %23 = bitcast i8* %22 to i64* %24 = load i64, i64* %23, align 8 %25 = icmp ult i64 %24, 2 br i1 %25, label %26, label %166 %27 = icmp eq i64 %24, 0 br i1 %27, label %32, label %28 %29 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %30 = and i64 %29, 65536 %31 = icmp eq i64 %30, 0 br i1 %31, label %166, label %32 %33 = bitcast i8* %1 to i32* %34 = load i32, i32* %33, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %36 = zext i32 %34 to i64 %37 = tail call i8* @idr_find(%struct.idr* %35, i64 %36) #78 %38 = bitcast i8* %37 to %struct.drm_i915_gem_object.449204* %39 = icmp eq i8* %37, null br i1 %39, label %64, label %40 %41 = bitcast i8* %37 to %struct.seqcount_spinlock* %42 = bitcast i8* %37 to i32* %43 = load volatile i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %46 = phi i32 [ %53, %52 ], [ %43, %40 ] %47 = add i32 %46, 1 %48 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %42, i32 %47, i32* nonnull %42, i32 %46) #6, !srcloc !5 %49 = extractvalue { i8, i32 } %48, 0 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %55, !prof !6, !misexpect !7 %53 = extractvalue { i8, i32 } %48, 1 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %45 %56 = phi i32 [ 0, %40 ], [ %46, %45 ], [ 0, %52 ] %57 = add i32 %56, 1 %58 = or i32 %57, %56 %59 = icmp sgt i32 %58, -1 br i1 %59, label %61, label %60, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %41, i32 0) #78 br label %61 %62 = icmp eq i32 %56, 0 %63 = select i1 %62, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %38 br label %64 %65 = phi %struct.drm_i915_gem_object.449204* [ null, %32 ], [ %63, %61 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %66 = icmp eq %struct.drm_i915_gem_object.449204* %65, null br i1 %66, label %166, label %67 %68 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 3 %69 = load %struct.file*, %struct.file** %68, align 8 %70 = icmp eq %struct.file* %69, null br i1 %70, label %151, label %71 %72 = getelementptr inbounds i8, i8* %1, i64 8 %73 = bitcast i8* %72 to i64* %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds i8, i8* %1, i64 16 %76 = bitcast i8* %75 to i64* %77 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 5 %78 = load i64, i64* %77, align 8 %79 = icmp ugt i64 %78, %74 br i1 %79, label %80, label %151 %81 = load i64, i64* %76, align 8 %82 = sub i64 %78, %74 %83 = icmp ugt i64 %81, %82 br i1 %83, label %151, label %84 %85 = tail call i64 @vm_mmap(%struct.file* nonnull %69, i64 0, i64 %81, i64 3, i64 1, i64 %74) #78 %86 = icmp ugt i64 %85, -4096 br i1 %86, label %151, label %87, !prof !6, !misexpect !7 %88 = load i64, i64* %23, align 8 %89 = and i64 %88, 1 %90 = icmp eq i64 %89, 0 br i1 %90, label %135, label %91 %92 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !10 %93 = inttoptr i64 %92 to %struct.task_struct* %94 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %93, i64 0, i32 38 %95 = load %struct.mm_struct*, %struct.mm_struct** %94, align 64 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_start_locking to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %96)) #6 to label %97 [label %96], !srcloc !11 tail call void @__mmap_lock_do_trace_start_locking(%struct.mm_struct* %95, i1 zeroext true) #78 br label %97 %98 = getelementptr inbounds %struct.mm_struct, %struct.mm_struct* %95, i64 0, i32 0, i32 17 %99 = tail call i32 @down_write_killable(%struct.rw_semaphore* %98) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_acquire_returned to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %100)) #6 to label %102 [label %100], !srcloc !11 %103 = icmp eq i32 %99, 0 br i1 %103, label %104, label %151 %105 = tail call %struct.vm_area_struct* @find_vma(%struct.mm_struct* %95, i64 %85) #78 %106 = icmp eq %struct.vm_area_struct* %105, null br i1 %106, label %130, label %107 %108 = load %struct.file*, %struct.file** %68, align 8 %109 = load i64, i64* %76, align 8 %110 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %105, i64 0, i32 14 %111 = load %struct.file*, %struct.file** %110, align 8 %112 = icmp eq %struct.file* %111, %108 br i1 %112, label %113, label %130 %114 = getelementptr inbounds %struct.vm_area_struct, %struct.vm_area_struct* %105, i64 0, i32 0 %115 = load i64, i64* %114, align 8 %116 = icmp eq i64 %115, %85 br i1 %116, label %117, label %130 %131 = phi i64 [ %85, %124 ], [ -12, %104 ], [ -12, %117 ], [ -12, %107 ], [ -12, %113 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_mmap_lock_released to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@i915_gem_mmap_ioctl, %132)) #6 to label %133 [label %132], !srcloc !11 tail call void @up_write(%struct.rw_semaphore* %98) #78 %134 = icmp ugt i64 %131, -4096 br i1 %134, label %151, label %135 %152 = phi i64 [ %85, %84 ], [ -6, %67 ], [ -22, %80 ], [ -22, %71 ], [ -4, %102 ], [ %131, %133 ] %153 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %154 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %155 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %154, i32 -1, i32* %154) #6, !srcloc !12 %156 = icmp eq i32 %155, 1 br i1 %156, label %162, label %157 %163 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 tail call void @drm_gem_object_free(%struct.qspinlock* %163) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_set_caching_ioctl ------------- Path:  Function:i915_gem_set_caching_ioctl %4 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %134 %10 = getelementptr inbounds i8, i8* %1, i64 4 %11 = bitcast i8* %10 to i32* %12 = load i32, i32* %11, align 4 switch i32 %12, label %134 [ i32 0, label %21 i32 1, label %13 i32 2, label %16 ] %14 = and i24 %6, 525312 %15 = icmp eq i24 %14, 0 br i1 %15, label %134, label %21 %22 = phi i32 [ %20, %16 ], [ %12, %9 ], [ 1, %13 ] %23 = bitcast i8* %1 to i32* %24 = load i32, i32* %23, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %25 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %26 = zext i32 %24 to i64 %27 = tail call i8* @idr_find(%struct.idr* %25, i64 %26) #78 %28 = bitcast i8* %27 to %struct.drm_i915_gem_object.486916* %29 = icmp eq i8* %27, null br i1 %29, label %54, label %30 %31 = bitcast i8* %27 to %struct.seqcount_spinlock* %32 = bitcast i8* %27 to i32* %33 = load volatile i32, i32* %32, align 4 %34 = icmp eq i32 %33, 0 br i1 %34, label %45, label %35 %36 = phi i32 [ %43, %42 ], [ %33, %30 ] %37 = add i32 %36, 1 %38 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %32, i32 %37, i32* nonnull %32, i32 %36) #6, !srcloc !5 %39 = extractvalue { i8, i32 } %38, 0 %40 = and i8 %39, 1 %41 = icmp eq i8 %40, 0 br i1 %41, label %42, label %45, !prof !6, !misexpect !7 %43 = extractvalue { i8, i32 } %38, 1 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %35 %46 = phi i32 [ 0, %30 ], [ %36, %35 ], [ 0, %42 ] %47 = add i32 %46, 1 %48 = or i32 %47, %46 %49 = icmp sgt i32 %48, -1 br i1 %49, label %51, label %50, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %31, i32 0) #78 br label %51 %52 = icmp eq i32 %46, 0 %53 = select i1 %52, %struct.drm_i915_gem_object.486916* null, %struct.drm_i915_gem_object.486916* %28 br label %54 %55 = phi %struct.drm_i915_gem_object.486916* [ null, %21 ], [ %53, %51 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %56 = icmp eq %struct.drm_i915_gem_object.486916* %55, null br i1 %56, label %134, label %57 %58 = getelementptr inbounds %struct.drm_i915_gem_object.486916, %struct.drm_i915_gem_object.486916* %55, i64 0, i32 1 %59 = load %struct.drm_i915_gem_object_ops.486903*, %struct.drm_i915_gem_object_ops.486903** %58, align 8 %60 = getelementptr inbounds %struct.drm_i915_gem_object_ops.486903, %struct.drm_i915_gem_object_ops.486903* %59, i64 0, i32 0 %61 = load i32, i32* %60, align 8 %62 = and i32 %61, 4 %63 = icmp eq i32 %62, 0 br i1 %63, label %72, label %64 %73 = getelementptr inbounds %struct.drm_i915_gem_object.486916, %struct.drm_i915_gem_object.486916* %55, i64 0, i32 0, i32 0, i32 0, i32 9 %74 = load %struct.dma_resv*, %struct.dma_resv** %73, align 8 %75 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %74, i64 0, i32 0 %76 = tail call i32 @ww_mutex_lock_interruptible(%struct.ww_mutex* %75, %struct.ww_acquire_ctx* null) #78 %77 = icmp eq i32 %76, -114 %78 = select i1 %77, i32 0, i32 %76 switch i32 %78, label %121 [ i32 -35, label %79 i32 0, label %91 ] %122 = phi i32 [ -6, %71 ], [ 0, %68 ], [ %111, %118 ], [ -35, %90 ], [ %78, %72 ] %123 = getelementptr inbounds %struct.drm_i915_gem_object.486916, %struct.drm_i915_gem_object.486916* %55, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0 %124 = getelementptr inbounds %struct.drm_i915_gem_object.486916, %struct.drm_i915_gem_object.486916* %55, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %125 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %124, i32 -1, i32* %124) #6, !srcloc !11 %126 = icmp eq i32 %125, 1 br i1 %126, label %132, label %127 %133 = getelementptr inbounds %struct.drm_i915_gem_object.486916, %struct.drm_i915_gem_object.486916* %55, i64 0, i32 0, i32 0, i32 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @drm_gem_object_free(%struct.qspinlock* %133) #78 ------------- Good: 141 Bad: 7 Ignored: 119 Check Use of Function:bus_set_iommu Check Use of Function:memcpy_toio Check Use of Function:intel_overlay_release_old_vid Check Use of Function:ww_mutex_lock Use: =BAD PATH= Call Stack: 0 dma_buf_poll ------------- Path:  Function:dma_buf_poll %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.dma_buf** %5 = load %struct.dma_buf*, %struct.dma_buf** %4, align 8 %6 = icmp eq %struct.dma_buf* %5, null br i1 %6, label %164, label %7 %8 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 13 %9 = load %struct.dma_resv*, %struct.dma_resv** %8, align 8 %10 = icmp eq %struct.dma_resv* %9, null br i1 %10, label %164, label %11 %12 = getelementptr inbounds %struct.dma_buf, %struct.dma_buf* %5, i64 0, i32 14 %13 = icmp eq %struct.poll_table_struct* %1, null br i1 %13, label %26, label %14 %27 = phi i32 [ %24, %21 ], [ 5, %11 ] %28 = phi i32 [ %23, %21 ], [ -1, %11 ] %29 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %9, i64 0, i32 0 %30 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %29, %struct.ww_acquire_ctx* null) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_set_tiling 1 i915_gem_set_tiling_ioctl ------------- Path:  Function:i915_gem_set_tiling_ioctl %4 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.436889* %5 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %4, i64 0, i32 60, i32 12 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %151, label %8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #78 %14 = bitcast i8* %13 to %struct.drm_i915_gem_object.436906* %15 = icmp eq i8* %13, null br i1 %15, label %40, label %16 %17 = bitcast i8* %13 to %struct.seqcount_spinlock* %18 = bitcast i8* %13 to i32* %19 = load volatile i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %31, label %21 %22 = phi i32 [ %29, %28 ], [ %19, %16 ] %23 = add i32 %22, 1 %24 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %18, i32 %23, i32* nonnull %18, i32 %22) #6, !srcloc !5 %25 = extractvalue { i8, i32 } %24, 0 %26 = and i8 %25, 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %31, !prof !6, !misexpect !7 %29 = extractvalue { i8, i32 } %24, 1 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %21 %32 = phi i32 [ 0, %16 ], [ %22, %21 ], [ 0, %28 ] %33 = add i32 %32, 1 %34 = or i32 %33, %32 %35 = icmp sgt i32 %34, -1 br i1 %35, label %37, label %36, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %17, i32 0) #78 br label %37 %38 = icmp eq i32 %32, 0 %39 = select i1 %38, %struct.drm_i915_gem_object.436906* null, %struct.drm_i915_gem_object.436906* %14 br label %40 %41 = phi %struct.drm_i915_gem_object.436906* [ null, %8 ], [ %39, %37 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %42 = icmp eq %struct.drm_i915_gem_object.436906* %41, null br i1 %42, label %151, label %43 %44 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %41, i64 0, i32 1 %45 = load %struct.drm_i915_gem_object_ops.436893*, %struct.drm_i915_gem_object_ops.436893** %44, align 8 %46 = getelementptr inbounds %struct.drm_i915_gem_object_ops.436893, %struct.drm_i915_gem_object_ops.436893* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = and i32 %47, 4 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %138 %51 = getelementptr inbounds i8, i8* %1, i64 4 %52 = bitcast i8* %51 to i32* %53 = load i32, i32* %52, align 4 %54 = getelementptr inbounds i8, i8* %1, i64 8 %55 = bitcast i8* %54 to i32* %56 = load i32, i32* %55, align 4 %57 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %41, i64 0, i32 0, i32 0, i32 0, i32 2 %58 = bitcast %struct.drm_device.382396** %57 to %struct.drm_i915_private.436889** %59 = load %struct.drm_i915_private.436889*, %struct.drm_i915_private.436889** %58, align 8 %60 = icmp eq i32 %53, 0 br i1 %60, label %107, label %61 %62 = icmp ugt i32 %53, 2 br i1 %62, label %138, label %63 %64 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %59, i64 0, i32 3, i32 0 %65 = load i8, i8* %64, align 8 %66 = icmp ugt i8 %65, 6 br i1 %66, label %67, label %69 %70 = icmp ugt i8 %65, 3 br i1 %70, label %71, label %73 %74 = icmp ugt i32 %56, 8192 br i1 %74, label %138, label %75 %76 = zext i32 %56 to i64 %78 = icmp eq i64 %77, 1 br i1 %78, label %79, label %138 %80 = icmp eq i8 %65, 2 br i1 %80, label %89, label %81 %82 = icmp eq i32 %53, 2 br i1 %82, label %83, label %94 %84 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %59, i64 0, i32 4, i32 0, i64 0 %85 = load i32, i32* %84, align 4 %86 = and i32 %85, 384 %87 = icmp eq i32 %86, 0 %88 = icmp ne i32 %56, 0 br i1 %87, label %103, label %99 %100 = and i32 %56, 511 %101 = icmp eq i32 %100, 0 %102 = and i1 %88, %101 br i1 %102, label %118, label %138 %119 = getelementptr inbounds %struct.drm_i915_private.436889, %struct.drm_i915_private.436889* %4, i64 0, i32 60, i32 10 %120 = load i32, i32* %119, align 4 %121 = getelementptr inbounds i8, i8* %1, i64 12 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 br label %123 %124 = phi i32* [ %122, %118 ], [ %117, %112 ] %125 = phi i32 [ %120, %118 ], [ %115, %112 ] switch i32 %125, label %129 [ i32 6, label %126 i32 7, label %127 i32 5, label %128 ] %130 = phi i32 [ %56, %123 ], [ %56, %127 ], [ %56, %126 ], [ 0, %128 ], [ 0, %107 ] %131 = phi i32 [ %53, %123 ], [ %53, %127 ], [ %53, %126 ], [ 0, %128 ], [ 0, %107 ] %132 = tail call i32 @i915_gem_object_set_tiling(%struct.drm_i915_gem_object.436906* nonnull %41, i32 %131, i32 %130) #79 Function:i915_gem_object_set_tiling %4 = alloca %struct.list_head, align 8 %5 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %0, i64 0, i32 0, i32 0, i32 0, i32 2 %6 = bitcast %struct.drm_device.382396** %5 to %struct.drm_i915_private.436889** %7 = load %struct.drm_i915_private.436889*, %struct.drm_i915_private.436889** %6, align 8 %8 = or i32 %2, %1 %9 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %0, i64 0, i32 17 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %8, %10 br i1 %11, label %317, label %12 %13 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %0, i64 0, i32 16 %14 = load volatile %struct.intel_frontbuffer.436829*, %struct.intel_frontbuffer.436829** %13, align 8 %15 = icmp eq %struct.intel_frontbuffer.436829* %14, null br i1 %15, label %16, label %317 %17 = getelementptr inbounds %struct.drm_i915_gem_object.436906, %struct.drm_i915_gem_object.436906* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %18 = load %struct.dma_resv*, %struct.dma_resv** %17, align 8 %19 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %18, i64 0, i32 0 %20 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %19, %struct.ww_acquire_ctx* null) #78 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_object_flush_if_display 1 i915_gem_sw_finish_ioctl ------------- Path:  Function:i915_gem_sw_finish_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %7 = zext i32 %5 to i64 %8 = tail call i8* @idr_find(%struct.idr* %6, i64 %7) #78 %9 = bitcast i8* %8 to %struct.drm_i915_gem_object.449204* %10 = icmp eq i8* %8, null br i1 %10, label %35, label %11 %12 = bitcast i8* %8 to %struct.seqcount_spinlock* %13 = bitcast i8* %8 to i32* %14 = load volatile i32, i32* %13, align 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %26, label %16 %17 = phi i32 [ %24, %23 ], [ %14, %11 ] %18 = add i32 %17, 1 %19 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %13, i32 %18, i32* nonnull %13, i32 %17) #6, !srcloc !5 %20 = extractvalue { i8, i32 } %19, 0 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %23, label %26, !prof !6, !misexpect !7 %24 = extractvalue { i8, i32 } %19, 1 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %16 %27 = phi i32 [ 0, %11 ], [ %17, %16 ], [ 0, %23 ] %28 = add i32 %27, 1 %29 = or i32 %28, %27 %30 = icmp sgt i32 %29, -1 br i1 %30, label %32, label %31, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %12, i32 0) #78 br label %32 %33 = icmp eq i32 %27, 0 %34 = select i1 %33, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %9 br label %35 %36 = phi %struct.drm_i915_gem_object.449204* [ null, %3 ], [ %34, %32 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %37 = icmp eq %struct.drm_i915_gem_object.449204* %36, null br i1 %37, label %50, label %38 tail call void bitcast (void (%struct.drm_i915_gem_object.486916*)* @i915_gem_object_flush_if_display to void (%struct.drm_i915_gem_object.449204*)*)(%struct.drm_i915_gem_object.449204* nonnull %36) #78 Function:i915_gem_object_flush_if_display %2 = getelementptr inbounds %struct.drm_i915_gem_object.486916, %struct.drm_i915_gem_object.486916* %0, i64 0, i32 16 %3 = load volatile %struct.intel_frontbuffer.486906*, %struct.intel_frontbuffer.486906** %2, align 8 %4 = icmp eq %struct.intel_frontbuffer.486906* %3, null br i1 %4, label %42, label %5 %6 = getelementptr inbounds %struct.drm_i915_gem_object.486916, %struct.drm_i915_gem_object.486916* %0, i64 0, i32 0, i32 0, i32 0, i32 9 %7 = load %struct.dma_resv*, %struct.dma_resv** %6, align 8 %8 = getelementptr inbounds %struct.dma_resv, %struct.dma_resv* %7, i64 0, i32 0 %9 = tail call i32 @ww_mutex_lock(%struct.ww_mutex* %8, %struct.ww_acquire_ctx* null) #78 ------------- Good: 372 Bad: 3 Ignored: 359 Check Use of Function:i915_gem_object_pin_to_display_plane Check Use of Function:drm_send_event_timestamp_locked Check Use of Function:simple_unlink Check Use of Function:ns_to_timespec64 Use: =BAD PATH= Call Stack: 0 sock_gettstamp ------------- Path:  Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %0, i64 0, i32 4 %7 = load %struct.sock.273622*, %struct.sock.273622** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 64 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #78 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #78 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #78 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.ifreq, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 4 %10 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %11 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %10, align 32 %12 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %11, i64 0, i32 10 %13 = load i32 (%struct.socket.273619*, i32, i64)*, i32 (%struct.socket.273619*, i32, i64)** %12, align 8 %14 = icmp eq i32 (%struct.socket.273619*, i32, i64)* %13, null br i1 %14, label %17, label %15 %18 = phi i32 [ %16, %15 ], [ -515, %3 ] %19 = icmp eq i32 %18, -515 %20 = and i32 %1, -256 %21 = icmp eq i32 %20, 35584 %22 = and i1 %21, %19 %23 = xor i1 %19, true %24 = or i1 %21, %23 %25 = select i1 %22, i32 -22, i32 %18 br i1 %24, label %144, label %26 %27 = and i64 %2, 4294967295 %28 = inttoptr i64 %27 to i8* %29 = load %struct.sock.273622*, %struct.sock.273622** %9, align 8 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %29, i64 0, i32 0, i32 9, i32 0 %31 = load %struct.net.273693*, %struct.net.273693** %30, align 8 %32 = and i32 %1, -16 %33 = icmp eq i32 %32, 35312 br i1 %33, label %34, label %37 switch i32 %1, label %144 [ i32 35137, label %38 i32 35136, label %38 i32 35146, label %51 i32 35078, label %96 i32 35079, label %96 i32 35142, label %104 i32 35219, label %104 i32 35220, label %104 i32 35248, label %104 i32 35249, label %104 i32 35073, label %138 i32 35074, label %138 i32 35075, label %138 i32 35076, label %138 i32 35232, label %138 i32 35233, label %138 i32 35202, label %138 i32 35203, label %138 i32 35148, label %138 i32 -2146399994, label %138 i32 -2146399993, label %138 i32 35090, label %138 i32 35091, label %141 i32 35092, label %141 i32 35184, label %141 i32 35185, label %141 i32 35101, label %141 i32 35102, label %141 i32 35105, label %141 i32 35106, label %141 i32 35103, label %141 i32 35104, label %141 i32 35111, label %141 i32 35108, label %141 i32 35121, label %141 i32 35122, label %141 i32 35123, label %141 i32 35093, label %141 i32 35094, label %141 i32 35127, label %141 i32 35126, label %141 i32 35097, label %141 i32 35098, label %141 i32 35095, label %141 i32 35096, label %141 i32 35099, label %141 i32 35100, label %141 i32 35124, label %141 i32 35125, label %141 i32 35138, label %141 i32 35139, label %141 i32 35234, label %141 i32 35235, label %141 i32 35088, label %141 i32 35107, label %141 i32 35143, label %141 i32 35144, label %141 i32 35145, label %141 i32 35216, label %141 i32 35217, label %141 i32 35218, label %141 i32 35221, label %141 i32 35157, label %141 i32 35156, label %141 i32 35155, label %141 i32 21521, label %141 i32 35147, label %141 i32 35077, label %141 ] %97 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %10, align 32 %98 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %97, i64 0, i32 11 %99 = load i32 (%struct.socket.273619*, i8*, i1, i1)*, i32 (%struct.socket.273619*, i8*, i1, i1)** %98, align 8 %100 = icmp eq i32 (%struct.socket.273619*, i8*, i1, i1)* %99, null br i1 %100, label %144, label %101 %102 = icmp eq i32 %1, 35078 %103 = tail call i32 %99(%struct.socket.273619* %8, i8* %28, i1 zeroext %102, i1 zeroext true) #78 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %0, i64 0, i32 4 %7 = load %struct.sock.273622*, %struct.sock.273622** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 64 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #78 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #78 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #78 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 sock_ioctl ------------- Path:  Function:sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = inttoptr i64 %2 to i8* %7 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.socket.273619** %9 = load %struct.socket.273619*, %struct.socket.273619** %8, align 8 %10 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %9, i64 0, i32 4 %11 = load %struct.sock.273622*, %struct.sock.273622** %10, align 8 %12 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %11, i64 0, i32 0, i32 9, i32 0 %13 = load %struct.net.273693*, %struct.net.273693** %12, align 8 %14 = and i32 %1, -16 %15 = icmp eq i32 %14, 35312 br i1 %15, label %16, label %55, !prof !4, !misexpect !5 switch i32 %1, label %133 [ i32 35073, label %56 i32 35074, label %56 i32 35075, label %71 i32 35076, label %71 i32 35136, label %81 i32 35137, label %81 i32 35232, label %81 i32 35233, label %81 i32 35202, label %93 i32 35203, label %93 i32 35148, label %105 i32 35078, label %112 i32 35079, label %112 i32 -2146399994, label %121 i32 -2146399993, label %121 i32 35090, label %130 ] %122 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %9, i64 0, i32 5 %123 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %122, align 32 %124 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %123, i64 0, i32 11 %125 = load i32 (%struct.socket.273619*, i8*, i1, i1)*, i32 (%struct.socket.273619*, i8*, i1, i1)** %124, align 8 %126 = icmp eq i32 (%struct.socket.273619*, i8*, i1, i1)* %125, null br i1 %126, label %136, label %127 %128 = icmp eq i32 %1, -2146399994 %129 = tail call i32 %125(%struct.socket.273619* %9, i8* %6, i1 zeroext %128, i1 zeroext false) #78 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %0, i64 0, i32 4 %7 = load %struct.sock.273622*, %struct.sock.273622** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 64 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #78 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 %27 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 0 store i64 %25, i64* %27, align 8 %28 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %5, i64 0, i32 1 store i64 %26, i64* %28, align 8 switch i64 %25, label %34 [ i64 -1, label %44 i64 0, label %29 ] %30 = tail call i64 @ktime_get_with_offset(i32 0) #78 store volatile i64 %30, i64* %22, align 8 %31 = tail call { i64, i64 } @ns_to_timespec64(i64 %30) #78 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp ------------- Path:  Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %0, i64 0, i32 4 %7 = load %struct.sock.273622*, %struct.sock.273622** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 64 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #78 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.ifreq, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 4 %10 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %11 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %10, align 32 %12 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %11, i64 0, i32 10 %13 = load i32 (%struct.socket.273619*, i32, i64)*, i32 (%struct.socket.273619*, i32, i64)** %12, align 8 %14 = icmp eq i32 (%struct.socket.273619*, i32, i64)* %13, null br i1 %14, label %17, label %15 %18 = phi i32 [ %16, %15 ], [ -515, %3 ] %19 = icmp eq i32 %18, -515 %20 = and i32 %1, -256 %21 = icmp eq i32 %20, 35584 %22 = and i1 %21, %19 %23 = xor i1 %19, true %24 = or i1 %21, %23 %25 = select i1 %22, i32 -22, i32 %18 br i1 %24, label %144, label %26 %27 = and i64 %2, 4294967295 %28 = inttoptr i64 %27 to i8* %29 = load %struct.sock.273622*, %struct.sock.273622** %9, align 8 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %29, i64 0, i32 0, i32 9, i32 0 %31 = load %struct.net.273693*, %struct.net.273693** %30, align 8 %32 = and i32 %1, -16 %33 = icmp eq i32 %32, 35312 br i1 %33, label %34, label %37 switch i32 %1, label %144 [ i32 35137, label %38 i32 35136, label %38 i32 35146, label %51 i32 35078, label %96 i32 35079, label %96 i32 35142, label %104 i32 35219, label %104 i32 35220, label %104 i32 35248, label %104 i32 35249, label %104 i32 35073, label %138 i32 35074, label %138 i32 35075, label %138 i32 35076, label %138 i32 35232, label %138 i32 35233, label %138 i32 35202, label %138 i32 35203, label %138 i32 35148, label %138 i32 -2146399994, label %138 i32 -2146399993, label %138 i32 35090, label %138 i32 35091, label %141 i32 35092, label %141 i32 35184, label %141 i32 35185, label %141 i32 35101, label %141 i32 35102, label %141 i32 35105, label %141 i32 35106, label %141 i32 35103, label %141 i32 35104, label %141 i32 35111, label %141 i32 35108, label %141 i32 35121, label %141 i32 35122, label %141 i32 35123, label %141 i32 35093, label %141 i32 35094, label %141 i32 35127, label %141 i32 35126, label %141 i32 35097, label %141 i32 35098, label %141 i32 35095, label %141 i32 35096, label %141 i32 35099, label %141 i32 35100, label %141 i32 35124, label %141 i32 35125, label %141 i32 35138, label %141 i32 35139, label %141 i32 35234, label %141 i32 35235, label %141 i32 35088, label %141 i32 35107, label %141 i32 35143, label %141 i32 35144, label %141 i32 35145, label %141 i32 35216, label %141 i32 35217, label %141 i32 35218, label %141 i32 35221, label %141 i32 35157, label %141 i32 35156, label %141 i32 35155, label %141 i32 21521, label %141 i32 35147, label %141 i32 35077, label %141 ] %97 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %10, align 32 %98 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %97, i64 0, i32 11 %99 = load i32 (%struct.socket.273619*, i8*, i1, i1)*, i32 (%struct.socket.273619*, i8*, i1, i1)** %98, align 8 %100 = icmp eq i32 (%struct.socket.273619*, i8*, i1, i1)* %99, null br i1 %100, label %144, label %101 %102 = icmp eq i32 %1, 35078 %103 = tail call i32 %99(%struct.socket.273619* %8, i8* %28, i1 zeroext %102, i1 zeroext true) #78 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %0, i64 0, i32 4 %7 = load %struct.sock.273622*, %struct.sock.273622** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 64 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #78 ------------- Use: =BAD PATH= Call Stack: 0 sock_gettstamp 1 sock_ioctl ------------- Path:  Function:sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca i8, align 1 %6 = inttoptr i64 %2 to i8* %7 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.socket.273619** %9 = load %struct.socket.273619*, %struct.socket.273619** %8, align 8 %10 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %9, i64 0, i32 4 %11 = load %struct.sock.273622*, %struct.sock.273622** %10, align 8 %12 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %11, i64 0, i32 0, i32 9, i32 0 %13 = load %struct.net.273693*, %struct.net.273693** %12, align 8 %14 = and i32 %1, -16 %15 = icmp eq i32 %14, 35312 br i1 %15, label %16, label %55, !prof !4, !misexpect !5 switch i32 %1, label %133 [ i32 35073, label %56 i32 35074, label %56 i32 35075, label %71 i32 35076, label %71 i32 35136, label %81 i32 35137, label %81 i32 35232, label %81 i32 35233, label %81 i32 35202, label %93 i32 35203, label %93 i32 35148, label %105 i32 35078, label %112 i32 35079, label %112 i32 -2146399994, label %121 i32 -2146399993, label %121 i32 35090, label %130 ] %122 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %9, i64 0, i32 5 %123 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %122, align 32 %124 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %123, i64 0, i32 11 %125 = load i32 (%struct.socket.273619*, i8*, i1, i1)*, i32 (%struct.socket.273619*, i8*, i1, i1)** %124, align 8 %126 = icmp eq i32 (%struct.socket.273619*, i8*, i1, i1)* %125, null br i1 %126, label %136, label %127 %128 = icmp eq i32 %1, -2146399994 %129 = tail call i32 %125(%struct.socket.273619* %9, i8* %6, i1 zeroext %128, i1 zeroext false) #78 Function:sock_gettstamp %5 = alloca %struct.cpu_itimer, align 8 %6 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %0, i64 0, i32 4 %7 = load %struct.sock.273622*, %struct.sock.273622** %6, align 8 %8 = bitcast %struct.cpu_itimer* %5 to i8* %9 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 0, i32 13, i32 0 %10 = load volatile i64, i64* %9, align 8 %11 = trunc i64 %10 to i8 %12 = icmp sgt i8 %11, -1 br i1 %12, label %13, label %21 %22 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %7, i64 0, i32 64 %23 = load volatile i64, i64* %22, align 8 %24 = tail call { i64, i64 } @ns_to_timespec64(i64 %23) #78 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.739406*, %struct.snd_pcm_substream.739406** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.739406* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.739406* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #79 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #78 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #78 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.739396*, %struct.snd_pcm_ops.739396** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.739396, %struct.snd_pcm_ops.739396* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.739406*, i32, i8*)*, i32 (%struct.snd_pcm_substream.739406*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.739406*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.739406* %0, i32 2, i8* %37) #78 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %237 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %55 i32 16708, label %195 i32 16707, label %197 i32 -2146942687, label %235 ] %6 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 5 %7 = load i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %237 %10 = load i64, i64* %4, align 8 %11 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.739406* %0, i64 %10) #78 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %100, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #78 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.739406*)*)(%struct.snd_pcm_substream.739406* %0) #78 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #78 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #78 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 58 %31 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 59 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.312923* %30, %struct.anon.80.336280* %36) #78 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 48, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %76, label %17 %77 = and i32 %14, 134217728 %78 = icmp eq i32 %77, 0 br i1 %78, label %115, label %79 %80 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %3, i64 0, i32 0 %81 = load i8, i8* %80, align 4 %82 = and i8 %81, 15 %83 = icmp eq i8 %82, 5 br i1 %83, label %84, label %115 %85 = bitcast %struct.snd_pcm_substream* %0 to i8* %86 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %85, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #78 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %120 %89 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 51 %90 = load i32, i32* %89, align 4 switch i32 %90, label %93 [ i32 1, label %120 i32 2, label %91 ] %94 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %95 %96 = phi i64* [ %94, %93 ], [ %92, %91 ] %97 = load i64, i64* %96, align 8 %98 = call { i64, i64 } @ns_to_timespec64(i64 %97) #78 %99 = extractvalue { i64, i64 } %98, 0 %100 = extractvalue { i64, i64 } %98, 1 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %99, i64* %101, align 8 %102 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 %100, i64* %102, align 8 %103 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = call { i64, i64 } @ns_to_timespec64(i64 %104) #78 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.739406*, %struct.snd_pcm_substream.739406** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.739406* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.739406* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #79 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #78 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #78 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.739396*, %struct.snd_pcm_ops.739396** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.739396, %struct.snd_pcm_ops.739396* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.739406*, i32, i8*)*, i32 (%struct.snd_pcm_substream.739406*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.739406*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.739406* %0, i32 2, i8* %37) #78 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %237 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %55 i32 16708, label %195 i32 16707, label %197 i32 -2146942687, label %235 ] %6 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 5 %7 = load i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %237 %10 = load i64, i64* %4, align 8 %11 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.739406* %0, i64 %10) #78 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %100, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #78 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.739406*)*)(%struct.snd_pcm_substream.739406* %0) #78 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #78 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #78 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 58 %31 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 59 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.312923* %30, %struct.anon.80.336280* %36) #78 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 48, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %76, label %17 %77 = and i32 %14, 134217728 %78 = icmp eq i32 %77, 0 br i1 %78, label %115, label %79 %80 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %3, i64 0, i32 0 %81 = load i8, i8* %80, align 4 %82 = and i8 %81, 15 %83 = icmp eq i8 %82, 5 br i1 %83, label %84, label %115 %85 = bitcast %struct.snd_pcm_substream* %0 to i8* %86 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %85, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #78 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %120 %89 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 51 %90 = load i32, i32* %89, align 4 switch i32 %90, label %93 [ i32 1, label %120 i32 2, label %91 ] %94 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %95 %96 = phi i64* [ %94, %93 ], [ %92, %91 ] %97 = load i64, i64* %96, align 8 %98 = call { i64, i64 } @ns_to_timespec64(i64 %97) #78 %99 = extractvalue { i64, i64 } %98, 0 %100 = extractvalue { i64, i64 } %98, 1 %101 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 0 store i64 %99, i64* %101, align 8 %102 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %1, i64 0, i32 1 store i64 %100, i64* %102, align 8 %103 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 0 %104 = load i64, i64* %103, align 8 %105 = call { i64, i64 } @ns_to_timespec64(i64 %104) #78 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.739406*, %struct.snd_pcm_substream.739406** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.739406* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.739406* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #79 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #78 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #78 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.739396*, %struct.snd_pcm_ops.739396** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.739396, %struct.snd_pcm_ops.739396* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.739406*, i32, i8*)*, i32 (%struct.snd_pcm_substream.739406*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.739406*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.739406* %0, i32 2, i8* %37) #78 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %237 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %55 i32 16708, label %195 i32 16707, label %197 i32 -2146942687, label %235 ] %6 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 5 %7 = load i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %237 %10 = load i64, i64* %4, align 8 %11 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.739406* %0, i64 %10) #78 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %100, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #78 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.739406*)*)(%struct.snd_pcm_substream.739406* %0) #78 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #78 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #78 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 58 %31 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 59 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.312923* %30, %struct.anon.80.336280* %36) #78 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 48, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %76, label %17 %77 = and i32 %14, 134217728 %78 = icmp eq i32 %77, 0 br i1 %78, label %115, label %79 %80 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %3, i64 0, i32 0 %81 = load i8, i8* %80, align 4 %82 = and i8 %81, 15 %83 = icmp eq i8 %82, 5 br i1 %83, label %84, label %115 %85 = bitcast %struct.snd_pcm_substream* %0 to i8* %86 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %85, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #78 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %120 %89 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 51 %90 = load i32, i32* %89, align 4 switch i32 %90, label %93 [ i32 1, label %120 i32 2, label %91 ] %94 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %95 %96 = phi i64* [ %94, %93 ], [ %92, %91 ] %97 = load i64, i64* %96, align 8 %98 = call { i64, i64 } @ns_to_timespec64(i64 %97) #78 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.739406*, %struct.snd_pcm_substream.739406** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.739406* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.739406* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #79 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #78 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #78 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.739396*, %struct.snd_pcm_ops.739396** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.739396, %struct.snd_pcm_ops.739396* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.739406*, i32, i8*)*, i32 (%struct.snd_pcm_substream.739406*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.739406*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.739406* %0, i32 2, i8* %37) #78 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %237 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %55 i32 16708, label %195 i32 16707, label %197 i32 -2146942687, label %235 ] %6 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 5 %7 = load i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %237 %10 = load i64, i64* %4, align 8 %11 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.739406* %0, i64 %10) #78 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %100, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #78 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.739406*)*)(%struct.snd_pcm_substream.739406* %0) #78 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #78 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #78 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 58 %31 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 59 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.312923* %30, %struct.anon.80.336280* %36) #78 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 48, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %76, label %17 %77 = and i32 %14, 134217728 %78 = icmp eq i32 %77, 0 br i1 %78, label %115, label %79 %80 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %3, i64 0, i32 0 %81 = load i8, i8* %80, align 4 %82 = and i8 %81, 15 %83 = icmp eq i8 %82, 5 br i1 %83, label %84, label %115 %85 = bitcast %struct.snd_pcm_substream* %0 to i8* %86 = call i32 @get_device_system_crosststamp(i32 (i64*, %struct.system_counterval_t*, i8*)* nonnull @azx_get_sync_time, i8* %85, %struct.system_time_snapshot* null, %struct.perf_branch_entry* nonnull %6) #78 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %120 %89 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 51 %90 = load i32, i32* %89, align 4 switch i32 %90, label %93 [ i32 1, label %120 i32 2, label %91 ] %94 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %6, i64 0, i32 1 br label %95 %96 = phi i64* [ %94, %93 ], [ %92, %91 ] %97 = load i64, i64* %96, align 8 %98 = call { i64, i64 } @ns_to_timespec64(i64 %97) #78 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.739406*, %struct.snd_pcm_substream.739406** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.739406* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.739406* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #79 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #78 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #78 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.739396*, %struct.snd_pcm_ops.739396** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.739396, %struct.snd_pcm_ops.739396* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.739406*, i32, i8*)*, i32 (%struct.snd_pcm_substream.739406*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.739406*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.739406* %0, i32 2, i8* %37) #78 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %237 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %55 i32 16708, label %195 i32 16707, label %197 i32 -2146942687, label %235 ] %6 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 5 %7 = load i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %237 %10 = load i64, i64* %4, align 8 %11 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.739406* %0, i64 %10) #78 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %100, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #78 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.739406*)*)(%struct.snd_pcm_substream.739406* %0) #78 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #78 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #78 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 58 %31 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 59 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.312923* %30, %struct.anon.80.336280* %36) #78 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 48, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %76, label %17 %18 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %3, i64 0, i32 0 %19 = load i8, i8* %18, align 4 %20 = and i8 %19, 15 %21 = icmp eq i8 %20, 2 br i1 %21, label %22, label %76 %23 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 51 %24 = load i32, i32* %23, align 4 switch i32 %24, label %27 [ i32 1, label %25 i32 2, label %26 ] tail call void @ktime_get_ts64(%struct.cpu_itimer* %1) #78 br label %28 %29 = getelementptr inbounds %struct.azx_dev, %struct.azx_dev* %11, i64 0, i32 0, i32 20 %30 = tail call i64 @timecounter_read(%struct.timecounter* %29) #78 %31 = load i8, i8* %18, align 4 %32 = and i8 %31, 16 %33 = icmp eq i8 %32, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 2 %36 = bitcast i8** %35 to %struct.azx_pcm** %37 = load %struct.azx_pcm*, %struct.azx_pcm** %36, align 8 %38 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %37, i64 0, i32 3 %39 = load %struct.hda_pcm*, %struct.hda_pcm** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %41 = load i32, i32* %40, align 4 %42 = sext i32 %41 to i64 %43 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %39, i64 0, i32 1, i64 %42, i32 8, i32 4 %44 = load i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)*, i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)** %43, align 8 %45 = icmp eq i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)* %44, null br i1 %45, label %64, label %46 %47 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %39, i64 0, i32 1, i64 %42 %48 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %37, i64 0, i32 2 %49 = load %struct.hda_codec*, %struct.hda_codec** %48, align 8 %50 = tail call i32 %44(%struct.hda_pcm_stream* %47, %struct.hda_codec* %49, %struct.snd_pcm_substream* %0) #78 %51 = zext i32 %50 to i64 %52 = mul nuw nsw i64 %51, 1000000000 %53 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %54 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %53, i64 0, i32 14 %55 = load i32, i32* %54, align 4 %56 = zext i32 %55 to i64 %57 = udiv i64 %52, %56 %58 = load i32, i32* %40, align 4 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %62 br label %64 %65 = phi i64 [ %30, %28 ], [ %61, %60 ], [ %63, %62 ], [ %30, %34 ] %66 = tail call { i64, i64 } @ns_to_timespec64(i64 %65) #78 ------------- Use: =BAD PATH= Call Stack: 0 azx_get_time_info 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.739406*, %struct.snd_pcm_substream.739406** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.739406* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.739406* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #79 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #78 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #78 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.739396*, %struct.snd_pcm_ops.739396** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.739396, %struct.snd_pcm_ops.739396* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.739406*, i32, i8*)*, i32 (%struct.snd_pcm_substream.739406*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.739406*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.739406* %0, i32 2, i8* %37) #78 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %237 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %55 i32 16708, label %195 i32 16707, label %197 i32 -2146942687, label %235 ] %6 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 5 %7 = load i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %237 %10 = load i64, i64* %4, align 8 %11 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.739406* %0, i64 %10) #78 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %100, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #78 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.739406*)*)(%struct.snd_pcm_substream.739406* %0) #78 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #78 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #78 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 58 %31 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %36 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 59 %37 = call i32 %27(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5, %struct.anon.0.312923* %30, %struct.anon.80.336280* %36) #78 Function:azx_get_time_info %6 = alloca %struct.perf_branch_entry, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 46 %10 = bitcast i8** %9 to %struct.azx_dev** %11 = load %struct.azx_dev*, %struct.azx_dev** %10, align 8 %12 = bitcast %struct.perf_branch_entry* %6 to i8* %13 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 48, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 16777216 %16 = icmp eq i32 %15, 0 br i1 %16, label %76, label %17 %18 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %3, i64 0, i32 0 %19 = load i8, i8* %18, align 4 %20 = and i8 %19, 15 %21 = icmp eq i8 %20, 2 br i1 %21, label %22, label %76 %23 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 51 %24 = load i32, i32* %23, align 4 switch i32 %24, label %27 [ i32 1, label %25 i32 2, label %26 ] tail call void @ktime_get_ts64(%struct.cpu_itimer* %1) #78 br label %28 %29 = getelementptr inbounds %struct.azx_dev, %struct.azx_dev* %11, i64 0, i32 0, i32 20 %30 = tail call i64 @timecounter_read(%struct.timecounter* %29) #78 %31 = load i8, i8* %18, align 4 %32 = and i8 %31, 16 %33 = icmp eq i8 %32, 0 br i1 %33, label %64, label %34 %35 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 2 %36 = bitcast i8** %35 to %struct.azx_pcm** %37 = load %struct.azx_pcm*, %struct.azx_pcm** %36, align 8 %38 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %37, i64 0, i32 3 %39 = load %struct.hda_pcm*, %struct.hda_pcm** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %41 = load i32, i32* %40, align 4 %42 = sext i32 %41 to i64 %43 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %39, i64 0, i32 1, i64 %42, i32 8, i32 4 %44 = load i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)*, i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)** %43, align 8 %45 = icmp eq i32 (%struct.hda_pcm_stream*, %struct.hda_codec*, %struct.snd_pcm_substream*)* %44, null br i1 %45, label %64, label %46 %47 = getelementptr %struct.hda_pcm, %struct.hda_pcm* %39, i64 0, i32 1, i64 %42 %48 = getelementptr inbounds %struct.azx_pcm, %struct.azx_pcm* %37, i64 0, i32 2 %49 = load %struct.hda_codec*, %struct.hda_codec** %48, align 8 %50 = tail call i32 %44(%struct.hda_pcm_stream* %47, %struct.hda_codec* %49, %struct.snd_pcm_substream* %0) #78 %51 = zext i32 %50 to i64 %52 = mul nuw nsw i64 %51, 1000000000 %53 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %54 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %53, i64 0, i32 14 %55 = load i32, i32* %54, align 4 %56 = zext i32 %55 to i64 %57 = udiv i64 %52, %56 %58 = load i32, i32* %40, align 4 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %62 br label %64 %65 = phi i64 [ %30, %28 ], [ %61, %60 ], [ %63, %62 ], [ %30, %34 ] %66 = tail call { i64, i64 } @ns_to_timespec64(i64 %65) #78 ------------- Use: =BAD PATH= Call Stack: 0 update_audio_tstamp 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.739406*, %struct.snd_pcm_substream.739406** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.739406* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.739406* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #79 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #78 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #78 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.739396*, %struct.snd_pcm_ops.739396** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.739396, %struct.snd_pcm_ops.739396* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.739406*, i32, i8*)*, i32 (%struct.snd_pcm_substream.739406*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.739406*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.739406* %0, i32 2, i8* %37) #78 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %237 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %55 i32 16708, label %195 i32 16707, label %197 i32 -2146942687, label %235 ] %6 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 5 %7 = load i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %237 %10 = load i64, i64* %4, align 8 %11 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.739406* %0, i64 %10) #78 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %100, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #78 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.739406*)*)(%struct.snd_pcm_substream.739406* %0) #78 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #78 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #78 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 58 %31 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %49 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 51 %50 = load i32, i32* %49, align 4 switch i32 %50, label %53 [ i32 1, label %51 i32 2, label %52 ] call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %4) #78 br label %54 %55 = icmp eq i64 %19, -1 br i1 %55, label %56, label %80 %81 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 18 %82 = load i64, i64* %81, align 8 %83 = icmp ult i64 %19, %82 br i1 %83, label %98, label %84 %85 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #78 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %87 %88 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %89 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 0 %90 = load %struct.snd_pcm*, %struct.snd_pcm** %89, align 8 %91 = getelementptr inbounds %struct.snd_pcm, %struct.snd_pcm* %90, i64 0, i32 0 %92 = load %struct.snd_card*, %struct.snd_card** %91, align 8 %93 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %92, i64 0, i32 27 %94 = load %struct.device*, %struct.device** %93, align 8 %95 = load i64, i64* %81, align 8 %96 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %97 = load i64, i64* %96, align 8 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %94, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.3.61934, i64 0, i64 0), i8* nonnull %88, i64 %19, i64 %95, i64 %97) #79 br label %98 %99 = phi i64 [ %19, %80 ], [ 0, %84 ], [ 0, %87 ] %100 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 19 %101 = load i64, i64* %100, align 8 %102 = urem i64 %99, %101 %103 = sub i64 %99, %102 %104 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 5 %105 = load i64, i64* %104, align 8 %106 = add i64 %105, %103 %107 = icmp eq i32 %1, 0 br i1 %107, label %133, label %108 %134 = icmp ult i64 %106, %14 br i1 %134, label %135, label %144 %145 = phi i64 [ %132, %124 ], [ %143, %135 ], [ %106, %133 ] %146 = phi i64 [ %130, %124 ], [ %141, %135 ], [ %105, %133 ] %147 = phi i1 [ %131, %124 ], [ %142, %135 ], [ false, %133 ] %148 = zext i1 %147 to i32 %149 = sub i64 %145, %14 %150 = icmp slt i64 %149, 0 br i1 %150, label %151, label %155 %152 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %149 br label %155 %156 = phi i64 [ %154, %151 ], [ %149, %144 ] %157 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 26 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %194, label %161 %162 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 %163 = load i64, i64* %162, align 8 %164 = sub i64 %20, %163 %165 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 8 %166 = load i64, i64* %165, align 8 %167 = lshr i64 %166, 1 %168 = icmp ult i64 %164, %167 br i1 %168, label %202, label %169 %170 = mul i64 %156, 1000 %171 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 14 %172 = load i32, i32* %171, align 4 %173 = zext i32 %172 to i64 %174 = sdiv i64 %170, %173 %175 = sub i64 %164, %174 %176 = add nuw i64 %167, 1 %177 = icmp sgt i64 %175, %176 br i1 %177, label %178, label %202 %203 = phi i64 [ %145, %161 ], [ %145, %194 ], [ %201, %200 ], [ %145, %169 ] %204 = phi i64 [ %146, %161 ], [ %146, %194 ], [ %188, %200 ], [ %146, %169 ] %205 = phi i32 [ %148, %161 ], [ %148, %194 ], [ %191, %200 ], [ %148, %169 ] %206 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %207 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %206, i64 0, i32 3 %208 = load i64, i64* %207, align 8 %209 = icmp eq i64 %208, %203 br i1 %209, label %210, label %212 %213 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %214 = load i32, i32* %213, align 4 %215 = icmp eq i32 %214, 0 br i1 %215, label %216, label %221 %217 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 32 %218 = load i64, i64* %217, align 8 %219 = icmp eq i64 %218, 0 br i1 %219, label %221, label %220 br i1 %107, label %239, label %222 %223 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 6 %224 = load i64, i64* %223, align 8 %225 = sub i64 %203, %224 %226 = icmp slt i64 %225, 0 %227 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %228 = load i64, i64* %227, align 8 %229 = select i1 %226, i64 %228, i64 0 %230 = add i64 %225, %229 %231 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %232 = load i64, i64* %231, align 8 %233 = urem i64 %230, %232 %234 = sub i64 %230, %233 %235 = add i64 %234, %224 store i64 %235, i64* %223, align 8 %236 = icmp ult i64 %235, %228 br i1 %236, label %239, label %237 store i64 %204, i64* %104, align 8 %240 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %241 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %240, i64 0, i32 3 store i64 %203, i64* %241, align 8 %242 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 store i64 %20, i64* %242, align 8 %243 = icmp eq i32 %205, 0 br i1 %243, label %250, label %244 call fastcc void @update_audio_tstamp(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5) #80 Function:update_audio_tstamp %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %5, align 8 %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 27 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %11, label %95 %12 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %13 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %12, align 8 %14 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %13, i64 0, i32 9 %15 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %14, align 8 %16 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %15, null br i1 %16, label %25, label %17 %26 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 10 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 37 %29 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %28, align 8 %30 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %29, i64 0, i32 3 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, %27 %33 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 58, i32 0 %34 = load i8, i8* %33, align 4 %35 = and i8 %34, 16 %36 = icmp eq i8 %35, 0 br i1 %36, label %47, label %37 %48 = phi i64 [ %44, %43 ], [ %46, %45 ], [ %32, %25 ] %49 = mul i64 %48, 1000000000 %50 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 14 %51 = load i32, i32* %50, align 4 %52 = zext i32 %51 to i64 %53 = udiv i64 %49, %52 %54 = tail call { i64, i64 } @ns_to_timespec64(i64 %53) #78 ------------- Use: =BAD PATH= Call Stack: 0 update_audio_tstamp 1 snd_pcm_update_hw_ptr0 2 snd_pcm_update_hw_ptr 3 snd_pcm_forward 4 snd_pcm_kernel_ioctl 5 snd_pcm_channel_info 6 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.ext4_fc_alloc_region, align 8 %6 = alloca %struct.snd_pcm_status64, align 8 %7 = alloca %struct.snd_pcm_status32, align 4 %8 = alloca %struct.snd_pcm_sw_params, align 8 %9 = alloca %struct.snd_pcm_sync_ptr, align 8 %10 = and i64 %2, 4294967295 %11 = inttoptr i64 %10 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %13 = bitcast i8** %12 to %struct.snd_pcm_file** %14 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %13, align 8 %15 = icmp eq %struct.snd_pcm_file* %14, null br i1 %15, label %620, label %16 %17 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 0 %18 = load %struct.snd_pcm_substream.739406*, %struct.snd_pcm_substream.739406** %17, align 8 %19 = icmp eq %struct.snd_pcm_substream.739406* %18, null br i1 %19, label %620, label %20 %21 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %14, i64 0, i32 1 store i32 1, i32* %21, align 8 switch i32 %1, label %620 [ i32 -2147204864, label %22 i32 -2128592639, label %22 i32 1074020610, label %22 i32 1074020611, label %22 i32 1074020612, label %22 i32 16674, label %22 i32 16704, label %22 i32 16705, label %22 i32 16706, label %22 i32 16707, label %22 i32 16708, label %22 i32 1074020677, label %22 i32 16658, label %22 i32 16711, label %22 i32 16712, label %22 i32 1074020704, label %22 i32 16737, label %22 i32 -1065074397, label %22 i32 -1064812253, label %25 i32 -1034141424, label %178 i32 -1034141423, label %182 i32 -1066909421, label %186 i32 -2140389088, label %357 i32 -1066647260, label %428 i32 -2146418382, label %432 i32 1074544976, label %526 i32 -2146680495, label %530 i32 1074544978, label %534 i32 -2146680493, label %538 i32 -2147204831, label %542 i32 1074020678, label %560 i32 1074020681, label %586 i32 -2139078368, label %612 i32 -1065336540, label %616 ] %433 = inttoptr i64 %10 to %struct.ist_info* %434 = bitcast %struct.ext4_fc_alloc_region* %5 to i8* %436 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 0 %437 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %436, i64 4, i64 %435) #6, !srcloc !23 %438 = extractvalue { i32*, i32, i64 } %437, 0 %439 = extractvalue { i32*, i32, i64 } %437, 1 %440 = extractvalue { i32*, i32, i64 } %437, 2 %441 = ptrtoint i32* %438 to i64 %442 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 0 store i32 %439, i32* %442, align 8 %443 = and i64 %441, 4294967295 %444 = icmp eq i64 %443, 0 br i1 %444, label %445, label %523, !prof !5, !misexpect !6 %447 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 1 %448 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %447, i64 4, i64 %446) #6, !srcloc !24 %449 = extractvalue { i32*, i32, i64 } %448, 0 %450 = extractvalue { i32*, i32, i64 } %448, 1 %451 = extractvalue { i32*, i32, i64 } %448, 2 %452 = ptrtoint i32* %449 to i64 %453 = zext i32 %450 to i64 %454 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 1 store i64 %453, i64* %454, align 8 %455 = and i64 %452, 4294967295 %456 = icmp eq i64 %455, 0 br i1 %456, label %457, label %523, !prof !5, !misexpect !6 %459 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 2 %460 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %459, i64 4, i64 %458) #6, !srcloc !25 %461 = extractvalue { i32*, i32, i64 } %460, 0 %462 = extractvalue { i32*, i32, i64 } %460, 1 %463 = extractvalue { i32*, i32, i64 } %460, 2 %464 = ptrtoint i32* %461 to i64 %465 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 2 store i32 %462, i32* %465, align 8 %466 = and i64 %464, 4294967295 %467 = icmp eq i64 %466, 0 br i1 %467, label %468, label %523, !prof !5, !misexpect !6 %470 = getelementptr inbounds %struct.ist_info, %struct.ist_info* %433, i64 0, i32 3 %471 = tail call { i32*, i32, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %470, i64 4, i64 %469) #6, !srcloc !26 %472 = extractvalue { i32*, i32, i64 } %471, 0 %473 = extractvalue { i32*, i32, i64 } %471, 1 %474 = extractvalue { i32*, i32, i64 } %471, 2 %475 = ptrtoint i32* %472 to i64 %476 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %5, i64 0, i32 3 store i32 %473, i32* %476, align 4 %477 = and i64 %475, 4294967295 %478 = icmp eq i64 %477, 0 br i1 %478, label %479, label %523, !prof !5, !misexpect !6 %480 = call fastcc i32 @snd_pcm_channel_info(%struct.snd_pcm_substream.739406* nonnull %18, %struct.ext4_fc_alloc_region* nonnull %5) #79 Function:snd_pcm_channel_info %3 = getelementptr inbounds %struct.ext4_fc_alloc_region, %struct.ext4_fc_alloc_region* %1, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %8 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %9 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %8, i64 0, i32 14 %10 = load i8, i8* %9, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %14, label %12 %13 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %13) #78 br label %16 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %7, align 8 %23 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %22, i64 0, i32 14 %24 = load i8, i8* %23, align 1, !range !4 %25 = icmp eq i8 %24, 0 br i1 %25, label %28, label %26 %27 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_unlock(%struct.mutex* %27) #78 br label %31 br i1 %21, label %47, label %32 %33 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %6, i64 0, i32 15 %34 = load i32, i32* %33, align 8 %35 = icmp ult i32 %4, %34 br i1 %35, label %36, label %47 %37 = bitcast %struct.ext4_fc_alloc_region* %1 to i8* store i32 %4, i32* %3, align 8 %38 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 10 %39 = load %struct.snd_pcm_ops.739396*, %struct.snd_pcm_ops.739396** %38, align 8 %40 = getelementptr inbounds %struct.snd_pcm_ops.739396, %struct.snd_pcm_ops.739396* %39, i64 0, i32 2 %41 = load i32 (%struct.snd_pcm_substream.739406*, i32, i8*)*, i32 (%struct.snd_pcm_substream.739406*, i32, i8*)** %40, align 8 %42 = icmp eq i32 (%struct.snd_pcm_substream.739406*, i32, i8*)* %41, null br i1 %42, label %45, label %43 %44 = tail call i32 %41(%struct.snd_pcm_substream.739406* %0, i32 2, i8* %37) #78 Function:snd_pcm_kernel_ioctl %4 = bitcast i8* %2 to i64* switch i32 %1, label %237 [ i32 1074282825, label %5 i32 -1033879279, label %15 i32 -1064812269, label %18 i32 16704, label %21 i32 16706, label %55 i32 16708, label %195 i32 16707, label %197 i32 -2146942687, label %235 ] %6 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 5 %7 = load i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %237 %10 = load i64, i64* %4, align 8 %11 = tail call fastcc i64 @snd_pcm_forward(%struct.snd_pcm_substream.739406* %0, i64 %10) #78 Function:snd_pcm_forward %3 = icmp eq i64 %1, 0 br i1 %3, label %100, label %4 %5 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 0 %6 = load %struct.snd_pcm.739391*, %struct.snd_pcm.739391** %5, align 8 %7 = getelementptr inbounds %struct.snd_pcm.739391, %struct.snd_pcm.739391* %6, i64 0, i32 14 %8 = load i8, i8* %7, align 1, !range !4 %9 = icmp eq i8 %8, 0 br i1 %9, label %12, label %10 %11 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %11) #78 br label %14 %15 = getelementptr inbounds %struct.snd_pcm_substream.739406, %struct.snd_pcm_substream.739406* %0, i64 0, i32 11 %16 = load %struct.snd_pcm_runtime.739402*, %struct.snd_pcm_runtime.739402** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_runtime.739402, %struct.snd_pcm_runtime.739402* %16, i64 0, i32 37 %18 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %17, align 8 %19 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 switch i32 %20, label %26 [ i32 5, label %21 i32 3, label %27 i32 2, label %35 i32 6, label %35 i32 7, label %89 i32 4, label %25 ] %28 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.739406*)*)(%struct.snd_pcm_substream.739406* %0) #78 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream* %0, i32 0) #78 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.cpu_itimer, align 8 %4 = alloca %struct.cpu_itimer, align 8 %5 = alloca %struct.cpu_itimer, align 8 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %8 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %7, align 8 %9 = bitcast %struct.cpu_itimer* %4 to i8* %10 = bitcast %struct.cpu_itimer* %5 to i8* %11 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 37 %12 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %13 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %12, i64 0, i32 3 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %16 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %17 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %16, i64 0, i32 8 %18 = load i64 (%struct.snd_pcm_substream*)*, i64 (%struct.snd_pcm_substream*)** %17, align 8 %19 = tail call i64 %18(%struct.snd_pcm_substream* %0) #78 %20 = load volatile i64, i64* @jiffies, align 64 %21 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 27 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %22, 1 br i1 %23, label %24, label %54 %25 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %15, align 8 %26 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %25, i64 0, i32 9 %27 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %26, align 8 %28 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %27, null br i1 %28, label %48, label %29 %30 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 58 %31 = getelementptr %struct.anon.0.312923, %struct.anon.0.312923* %30, i64 0, i32 0 %32 = load i8, i8* %31, align 4 %33 = and i8 %32, 15 %34 = icmp eq i8 %33, 1 br i1 %34, label %48, label %35 %49 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 51 %50 = load i32, i32* %49, align 4 switch i32 %50, label %53 [ i32 1, label %51 i32 2, label %52 ] call void @ktime_get_real_ts64(%struct.cpu_itimer* nonnull %4) #78 br label %54 %55 = icmp eq i64 %19, -1 br i1 %55, label %56, label %80 %81 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 18 %82 = load i64, i64* %81, align 8 %83 = icmp ult i64 %19, %82 br i1 %83, label %98, label %84 %85 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #78 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %87 %88 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %89 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 0 %90 = load %struct.snd_pcm*, %struct.snd_pcm** %89, align 8 %91 = getelementptr inbounds %struct.snd_pcm, %struct.snd_pcm* %90, i64 0, i32 0 %92 = load %struct.snd_card*, %struct.snd_card** %91, align 8 %93 = getelementptr inbounds %struct.snd_card, %struct.snd_card* %92, i64 0, i32 27 %94 = load %struct.device*, %struct.device** %93, align 8 %95 = load i64, i64* %81, align 8 %96 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %97 = load i64, i64* %96, align 8 call void (%struct.device*, i8*, ...) @_dev_err(%struct.device* %94, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.3.61934, i64 0, i64 0), i8* nonnull %88, i64 %19, i64 %95, i64 %97) #79 br label %98 %99 = phi i64 [ %19, %80 ], [ 0, %84 ], [ 0, %87 ] %100 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 19 %101 = load i64, i64* %100, align 8 %102 = urem i64 %99, %101 %103 = sub i64 %99, %102 %104 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 5 %105 = load i64, i64* %104, align 8 %106 = add i64 %105, %103 %107 = icmp eq i32 %1, 0 br i1 %107, label %133, label %108 %134 = icmp ult i64 %106, %14 br i1 %134, label %135, label %144 %145 = phi i64 [ %132, %124 ], [ %143, %135 ], [ %106, %133 ] %146 = phi i64 [ %130, %124 ], [ %141, %135 ], [ %105, %133 ] %147 = phi i1 [ %131, %124 ], [ %142, %135 ], [ false, %133 ] %148 = zext i1 %147 to i32 %149 = sub i64 %145, %14 %150 = icmp slt i64 %149, 0 br i1 %150, label %151, label %155 %152 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %153 = load i64, i64* %152, align 8 %154 = add i64 %153, %149 br label %155 %156 = phi i64 [ %154, %151 ], [ %149, %144 ] %157 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 26 %158 = load i8, i8* %157, align 4 %159 = and i8 %158, 1 %160 = icmp eq i8 %159, 0 br i1 %160, label %194, label %161 %162 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 %163 = load i64, i64* %162, align 8 %164 = sub i64 %20, %163 %165 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 8 %166 = load i64, i64* %165, align 8 %167 = lshr i64 %166, 1 %168 = icmp ult i64 %164, %167 br i1 %168, label %202, label %169 %170 = mul i64 %156, 1000 %171 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 14 %172 = load i32, i32* %171, align 4 %173 = zext i32 %172 to i64 %174 = sdiv i64 %170, %173 %175 = sub i64 %164, %174 %176 = add nuw i64 %167, 1 %177 = icmp sgt i64 %175, %176 br i1 %177, label %178, label %202 %203 = phi i64 [ %145, %161 ], [ %145, %194 ], [ %201, %200 ], [ %145, %169 ] %204 = phi i64 [ %146, %161 ], [ %146, %194 ], [ %188, %200 ], [ %146, %169 ] %205 = phi i32 [ %148, %161 ], [ %148, %194 ], [ %191, %200 ], [ %148, %169 ] %206 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %207 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %206, i64 0, i32 3 %208 = load i64, i64* %207, align 8 %209 = icmp eq i64 %208, %203 br i1 %209, label %210, label %212 %213 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 5 %214 = load i32, i32* %213, align 4 %215 = icmp eq i32 %214, 0 br i1 %215, label %216, label %221 %217 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 32 %218 = load i64, i64* %217, align 8 %219 = icmp eq i64 %218, 0 br i1 %219, label %221, label %220 br i1 %107, label %239, label %222 %223 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 6 %224 = load i64, i64* %223, align 8 %225 = sub i64 %203, %224 %226 = icmp slt i64 %225, 0 %227 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 33 %228 = load i64, i64* %227, align 8 %229 = select i1 %226, i64 %228, i64 0 %230 = add i64 %225, %229 %231 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 16 %232 = load i64, i64* %231, align 8 %233 = urem i64 %230, %232 %234 = sub i64 %230, %233 %235 = add i64 %234, %224 store i64 %235, i64* %223, align 8 %236 = icmp ult i64 %235, %228 br i1 %236, label %239, label %237 store i64 %204, i64* %104, align 8 %240 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %11, align 8 %241 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %240, i64 0, i32 3 store i64 %203, i64* %241, align 8 %242 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %8, i64 0, i32 7 store i64 %20, i64* %242, align 8 %243 = icmp eq i32 %205, 0 br i1 %243, label %250, label %244 call fastcc void @update_audio_tstamp(%struct.snd_pcm_substream* %0, %struct.cpu_itimer* nonnull %4, %struct.cpu_itimer* nonnull %5) #80 Function:update_audio_tstamp %4 = alloca %struct.cpu_itimer, align 8 %5 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 11 %6 = load %struct.snd_pcm_runtime*, %struct.snd_pcm_runtime** %5, align 8 %7 = bitcast %struct.cpu_itimer* %4 to i8* %8 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 27 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %11, label %95 %12 = getelementptr inbounds %struct.snd_pcm_substream, %struct.snd_pcm_substream* %0, i64 0, i32 10 %13 = load %struct.snd_pcm_ops*, %struct.snd_pcm_ops** %12, align 8 %14 = getelementptr inbounds %struct.snd_pcm_ops, %struct.snd_pcm_ops* %13, i64 0, i32 9 %15 = load i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)*, i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)** %14, align 8 %16 = icmp eq i32 (%struct.snd_pcm_substream*, %struct.cpu_itimer*, %struct.cpu_itimer*, %struct.anon.0.312923*, %struct.anon.80.336280*)* %15, null br i1 %16, label %25, label %17 %26 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 10 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 37 %29 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %28, align 8 %30 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %29, i64 0, i32 3 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, %27 %33 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 58, i32 0 %34 = load i8, i8* %33, align 4 %35 = and i8 %34, 16 %36 = icmp eq i8 %35, 0 br i1 %36, label %47, label %37 %48 = phi i64 [ %44, %43 ], [ %46, %45 ], [ %32, %25 ] %49 = mul i64 %48, 1000000000 %50 = getelementptr inbounds %struct.snd_pcm_runtime, %struct.snd_pcm_runtime* %6, i64 0, i32 14 %51 = load i32, i32* %50, align 4 %52 = zext i32 %51 to i64 %53 = udiv i64 %49, %52 %54 = tail call { i64, i64 } @ns_to_timespec64(i64 %53) #78 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.cpu_itimer, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 1 %15 = bitcast i32 (%struct.posix_clock*, %struct.__kernel_timex*)** %14 to %struct.ptp_clock_info** %16 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %15, align 8 %17 = bitcast %struct.timens_offsets* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.cpu_itimer* %10 to i8* switch i32 %1, label %486 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %57 i32 1074806027, label %57 i32 1077427459, label %106 i32 1077427468, label %106 i32 1074019588, label %196 i32 1074019597, label %196 i32 -1069531896, label %210 i32 -1069531887, label %210 i32 -994034423, label %248 i32 -994034414, label %248 i32 1128283397, label %320 i32 1128283406, label %320 i32 -1067434746, label %378 i32 -1067434737, label %378 i32 1080048903, label %433 i32 1080048912, label %433 ] %211 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %16, i64 0, i32 15 %212 = load i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)*, i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)** %211, align 8 %213 = icmp eq i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)* %212, null br i1 %213, label %486, label %214 %215 = call i32 %212(%struct.ptp_clock_info* %16, %struct.perf_branch_entry* nonnull %5) #78 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %486 %218 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 0 %219 = load i64, i64* %218, align 8 %220 = call { i64, i64 } @ns_to_timespec64(i64 %219) #78 %221 = extractvalue { i64, i64 } %220, 0 %222 = extractvalue { i64, i64 } %220, 1 %223 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 0 store i64 %221, i64* %223, align 8 %224 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 1 store i64 %222, i64* %224, align 8 %225 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 0 store i64 %221, i64* %225, align 8 %226 = trunc i64 %222 to i32 %227 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 1 store i32 %226, i32* %227, align 8 %228 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = call { i64, i64 } @ns_to_timespec64(i64 %229) #78 %231 = extractvalue { i64, i64 } %230, 0 %232 = extractvalue { i64, i64 } %230, 1 store i64 %231, i64* %223, align 8 store i64 %232, i64* %224, align 8 %233 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 1, i32 0 store i64 %231, i64* %233, align 8 %234 = trunc i64 %232 to i32 %235 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 1, i32 1 store i32 %234, i32* %235, align 8 %236 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 2 %237 = load i64, i64* %236, align 8 %238 = call { i64, i64 } @ns_to_timespec64(i64 %237) #78 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.cpu_itimer, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 1 %15 = bitcast i32 (%struct.posix_clock*, %struct.__kernel_timex*)** %14 to %struct.ptp_clock_info** %16 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %15, align 8 %17 = bitcast %struct.timens_offsets* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.cpu_itimer* %10 to i8* switch i32 %1, label %486 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %57 i32 1074806027, label %57 i32 1077427459, label %106 i32 1077427468, label %106 i32 1074019588, label %196 i32 1074019597, label %196 i32 -1069531896, label %210 i32 -1069531887, label %210 i32 -994034423, label %248 i32 -994034414, label %248 i32 1128283397, label %320 i32 1128283406, label %320 i32 -1067434746, label %378 i32 -1067434737, label %378 i32 1080048903, label %433 i32 1080048912, label %433 ] %211 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %16, i64 0, i32 15 %212 = load i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)*, i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)** %211, align 8 %213 = icmp eq i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)* %212, null br i1 %213, label %486, label %214 %215 = call i32 %212(%struct.ptp_clock_info* %16, %struct.perf_branch_entry* nonnull %5) #78 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %486 %218 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 0 %219 = load i64, i64* %218, align 8 %220 = call { i64, i64 } @ns_to_timespec64(i64 %219) #78 %221 = extractvalue { i64, i64 } %220, 0 %222 = extractvalue { i64, i64 } %220, 1 %223 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 0 store i64 %221, i64* %223, align 8 %224 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %10, i64 0, i32 1 store i64 %222, i64* %224, align 8 %225 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 0 store i64 %221, i64* %225, align 8 %226 = trunc i64 %222 to i32 %227 = getelementptr inbounds %struct.ptp_sys_offset_precise, %struct.ptp_sys_offset_precise* %4, i64 0, i32 0, i32 1 store i32 %226, i32* %227, align 8 %228 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 1 %229 = load i64, i64* %228, align 8 %230 = call { i64, i64 } @ns_to_timespec64(i64 %229) #78 ------------- Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.cpu_itimer, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4, i32 0, i32 1 %15 = bitcast i32 (%struct.posix_clock*, %struct.__kernel_timex*)** %14 to %struct.ptp_clock_info** %16 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %15, align 8 %17 = bitcast %struct.timens_offsets* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.cpu_itimer* %10 to i8* switch i32 %1, label %486 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %57 i32 1074806027, label %57 i32 1077427459, label %106 i32 1077427468, label %106 i32 1074019588, label %196 i32 1074019597, label %196 i32 -1069531896, label %210 i32 -1069531887, label %210 i32 -994034423, label %248 i32 -994034414, label %248 i32 1128283397, label %320 i32 1128283406, label %320 i32 -1067434746, label %378 i32 -1067434737, label %378 i32 1080048903, label %433 i32 1080048912, label %433 ] %211 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %16, i64 0, i32 15 %212 = load i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)*, i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)** %211, align 8 %213 = icmp eq i32 (%struct.ptp_clock_info*, %struct.perf_branch_entry*)* %212, null br i1 %213, label %486, label %214 %215 = call i32 %212(%struct.ptp_clock_info* %16, %struct.perf_branch_entry* nonnull %5) #78 %216 = icmp eq i32 %215, 0 br i1 %216, label %217, label %486 %218 = getelementptr inbounds %struct.perf_branch_entry, %struct.perf_branch_entry* %5, i64 0, i32 0 %219 = load i64, i64* %218, align 8 %220 = call { i64, i64 } @ns_to_timespec64(i64 %219) #78 ------------- Use: =BAD PATH= Call Stack: 0 timerfd_show ------------- Path:  Function:timerfd_show %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 3, i32 0 %7 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %6, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %7) #78 %8 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, -2 %11 = icmp eq i32 %10, 8 br i1 %11, label %12, label %15 %13 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 0, i32 0 %14 = tail call i64 @alarm_expires_remaining(%struct.alarm* %13) #78 br label %25 %26 = phi i64 [ %14, %12 ], [ %24, %15 ] %27 = icmp sgt i64 %26, 0 %28 = select i1 %27, i64 %26, i64 0 %29 = tail call { i64, i64 } @ns_to_timespec64(i64 %28) #78 %30 = extractvalue { i64, i64 } %29, 0 %31 = extractvalue { i64, i64 } %29, 1 %32 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 1 %33 = load i64, i64* %32, align 8 %34 = tail call { i64, i64 } @ns_to_timespec64(i64 %33) #78 ------------- Use: =BAD PATH= Call Stack: 0 timerfd_show ------------- Path:  Function:timerfd_show %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 3, i32 0 %7 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %6, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %7) #78 %8 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, -2 %11 = icmp eq i32 %10, 8 br i1 %11, label %12, label %15 %13 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 0, i32 0 %14 = tail call i64 @alarm_expires_remaining(%struct.alarm* %13) #78 br label %25 %26 = phi i64 [ %14, %12 ], [ %24, %15 ] %27 = icmp sgt i64 %26, 0 %28 = select i1 %27, i64 %26, i64 0 %29 = tail call { i64, i64 } @ns_to_timespec64(i64 %28) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.old_itimerspec32, align 4 %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %7 to i32 %15 = bitcast %struct.timens_offsets* %4 to i8* %16 = bitcast %struct.timens_offsets* %5 to i8* %17 = icmp eq i64 %10, 0 br i1 %17, label %52, label %18 %53 = load i1, i1* @__do_compat_sys_setitimer.__already_done, align 1 br i1 %53, label %59, label %54, !prof !4, !misexpect !5 store i1 true, i1* @__do_compat_sys_setitimer.__already_done, align 1 %55 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %56 = inttoptr i64 %55 to %struct.task_struct.89597* %57 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %56, i64 0, i32 87, i64 0 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %57) #79 br label %59 %60 = icmp ne i64 %13, 0 %61 = select i1 %60, %struct.timens_offsets* %5, %struct.timens_offsets* null %62 = call fastcc i32 @do_setitimer(i32 %14, %struct.timens_offsets* nonnull %4, %struct.timens_offsets* %61) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __se_sys_setitimer 3 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89597* %47 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %47) #79 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __se_sys_setitimer 3 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89597* %47 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %47) #79 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.timens_offsets* %2 to i8* %8 = bitcast %struct.timens_offsets* %3 to i8* %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.timens_offsets* %2 to i8* %7 = bitcast %struct.timens_offsets* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 %77 = extractvalue { i64, i64 } %76, 0 %78 = extractvalue { i64, i64 } %76, 1 %79 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 0 store i64 %77, i64* %79, align 8 %80 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %3, i64 0, i32 1, i32 1 store i64 %78, i64* %80, align 8 %81 = call { i64, i64 } @ns_to_timespec64(i64 %42) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.old_itimerspec32, align 4 %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %7 to i32 %15 = bitcast %struct.timens_offsets* %4 to i8* %16 = bitcast %struct.timens_offsets* %5 to i8* %17 = icmp eq i64 %10, 0 br i1 %17, label %52, label %18 %53 = load i1, i1* @__do_compat_sys_setitimer.__already_done, align 1 br i1 %53, label %59, label %54, !prof !4, !misexpect !5 store i1 true, i1* @__do_compat_sys_setitimer.__already_done, align 1 %55 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %56 = inttoptr i64 %55 to %struct.task_struct.89597* %57 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %56, i64 0, i32 87, i64 0 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %57) #79 br label %59 %60 = icmp ne i64 %13, 0 %61 = select i1 %60, %struct.timens_offsets* %5, %struct.timens_offsets* null %62 = call fastcc i32 @do_setitimer(i32 %14, %struct.timens_offsets* nonnull %4, %struct.timens_offsets* %61) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __se_sys_setitimer 3 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89597* %47 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %47) #79 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __se_sys_setitimer 3 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89597* %47 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %47) #79 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.timens_offsets* %2 to i8* %8 = bitcast %struct.timens_offsets* %3 to i8* %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 ------------- Use: =BAD PATH= Call Stack: 0 set_cpu_itimer 1 do_setitimer 2 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.timens_offsets* %2 to i8* %7 = bitcast %struct.timens_offsets* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] tail call fastcc void @set_cpu_itimer(%struct.task_struct.89597* %5, i32 0, %struct.timens_offsets* %1, %struct.timens_offsets* %2) #79 Function:set_cpu_itimer %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = zext i32 %1 to i64 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %13 = load i64, i64* %12, align 8 %14 = icmp sgt i64 %13, 9223372035 br i1 %14, label %22, label %15 %23 = phi i64 [ %21, %17 ], [ 9223372036854775807, %4 ], [ -9223372036854775808, %15 ] store i64 %23, i64* %6, align 8 %24 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = icmp sgt i64 %25, 9223372035 br i1 %26, label %34, label %27 %35 = phi i64 [ %33, %29 ], [ 9223372036854775807, %22 ], [ -9223372036854775808, %27 ] %36 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %37 = load %struct.sighand_struct*, %struct.sighand_struct** %36, align 8 %38 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %37, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %38) #78 %39 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 0 %40 = load i64, i64* %39, align 8 store i64 %40, i64* %5, align 8 %41 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 18, i64 %11, i32 1 %42 = load i64, i64* %41, align 8 %43 = or i64 %23, %40 %44 = icmp eq i64 %43, 0 br i1 %44, label %51, label %45 %52 = phi i64 [ %23, %34 ], [ %50, %49 ] store i64 %52, i64* %39, align 8 store i64 %35, i64* %41, align 8 %53 = icmp eq i32 %1, 1 %54 = select i1 %53, i32 1, i32 2 %55 = load i64, i64* %6, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_itimer_state to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@set_cpu_itimer, %56)) #6 to label %70 [label %56], !srcloc !4 %71 = bitcast %struct.sighand_struct** %36 to i8** %72 = load i8*, i8** %71, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %72, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %73 = icmp eq %struct.timens_offsets* %3, null br i1 %73, label %86, label %74 %75 = load i64, i64* %5, align 8 %76 = call { i64, i64 } @ns_to_timespec64(i64 %75) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.old_itimerspec32, align 4 %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %7 to i32 %15 = bitcast %struct.timens_offsets* %4 to i8* %16 = bitcast %struct.timens_offsets* %5 to i8* %17 = icmp eq i64 %10, 0 br i1 %17, label %52, label %18 %53 = load i1, i1* @__do_compat_sys_setitimer.__already_done, align 1 br i1 %53, label %59, label %54, !prof !4, !misexpect !5 store i1 true, i1* @__do_compat_sys_setitimer.__already_done, align 1 %55 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %56 = inttoptr i64 %55 to %struct.task_struct.89597* %57 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %56, i64 0, i32 87, i64 0 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %57) #79 br label %59 %60 = icmp ne i64 %13, 0 %61 = select i1 %60, %struct.timens_offsets* %5, %struct.timens_offsets* null %62 = call fastcc i32 @do_setitimer(i32 %14, %struct.timens_offsets* nonnull %4, %struct.timens_offsets* %61) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __se_sys_setitimer 2 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89597* %47 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %47) #79 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __se_sys_setitimer 2 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89597* %47 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %47) #79 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.timens_offsets* %2 to i8* %8 = bitcast %struct.timens_offsets* %3 to i8* %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.timens_offsets* %2 to i8* %7 = bitcast %struct.timens_offsets* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 %27 = extractvalue { i64, i64 } %26, 0 %28 = extractvalue { i64, i64 } %26, 1 store i64 %27, i64* %10, align 8 store i64 %28, i64* %11, align 8 %29 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %30 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %29, i64 0, i32 17 %31 = load i64, i64* %30, align 8 %32 = tail call { i64, i64 } @ns_to_timespec64(i64 %31) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.old_itimerspec32, align 4 %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %7 to i32 %15 = bitcast %struct.timens_offsets* %4 to i8* %16 = bitcast %struct.timens_offsets* %5 to i8* %17 = icmp eq i64 %10, 0 br i1 %17, label %52, label %18 %53 = load i1, i1* @__do_compat_sys_setitimer.__already_done, align 1 br i1 %53, label %59, label %54, !prof !4, !misexpect !5 store i1 true, i1* @__do_compat_sys_setitimer.__already_done, align 1 %55 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %56 = inttoptr i64 %55 to %struct.task_struct.89597* %57 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %56, i64 0, i32 87, i64 0 %58 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %57) #79 br label %59 %60 = icmp ne i64 %13, 0 %61 = select i1 %60, %struct.timens_offsets* %5, %struct.timens_offsets* null %62 = call fastcc i32 @do_setitimer(i32 %14, %struct.timens_offsets* nonnull %4, %struct.timens_offsets* %61) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __se_sys_setitimer 2 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89597* %47 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %47) #79 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __se_sys_setitimer 2 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_setitimer %4 = alloca %struct.timens_offsets, align 8 %5 = alloca %struct.timens_offsets, align 8 %6 = alloca %struct.timens_offsets, align 8 %7 = alloca %struct.timens_offsets, align 8 %8 = trunc i64 %0 to i32 %9 = bitcast %struct.timens_offsets* %6 to i8* %10 = bitcast %struct.timens_offsets* %7 to i8* %11 = icmp eq i64 %1, 0 br i1 %11, label %42, label %12 %43 = load i1, i1* @__do_sys_setitimer.__already_done, align 1 br i1 %43, label %49, label %44, !prof !4, !misexpect !5 store i1 true, i1* @__do_sys_setitimer.__already_done, align 1 %45 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !6 %46 = inttoptr i64 %45 to %struct.task_struct.89597* %47 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %46, i64 0, i32 87, i64 0 %48 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.9657, i64 0, i64 0), i8* %47) #79 br label %49 %50 = icmp ne i64 %2, 0 %51 = select i1 %50, %struct.timens_offsets* %7, %struct.timens_offsets* null %52 = call fastcc i32 @do_setitimer(i32 %8, %struct.timens_offsets* nonnull %6, %struct.timens_offsets* %51) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.timens_offsets* %2 to i8* %8 = bitcast %struct.timens_offsets* %3 to i8* %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_setitimer 1 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.timens_offsets* %2 to i8* %7 = bitcast %struct.timens_offsets* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call fastcc i32 @do_setitimer(i32 0, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %3) #78 Function:do_setitimer %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.89597* switch i32 %0, label %83 [ i32 0, label %6 i32 1, label %81 i32 2, label %82 ] %7 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 96 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %5, i64 0, i32 95 %9 = icmp eq %struct.timens_offsets* %2, null %10 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %12 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %13 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %14 = bitcast %struct.sighand_struct** %7 to i8** br label %15 %16 = load %struct.sighand_struct*, %struct.sighand_struct** %7, align 8 %17 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %16, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %17) #78 %18 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %8, align 32 %19 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %18, i64 0, i32 16 br i1 %9, label %35, label %20 %21 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %19, i1 zeroext true) #78 %22 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %19) #78 %23 = icmp slt i64 %21, 1 %24 = select i1 %23, i64 1000, i64 %21 %25 = select i1 %22, i64 %24, i64 0 %26 = tail call { i64, i64 } @ns_to_timespec64(i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 get_cpu_itimer 1 do_getitimer 2 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] tail call fastcc void @get_cpu_itimer(%struct.task_struct.89597* %4, i32 0, %struct.timens_offsets* %1) #79 Function:get_cpu_itimer %4 = alloca [3 x i64], align 16 %5 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %6 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %5, align 32 %7 = zext i32 %1 to i64 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 8 %10 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %10) #78 %11 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 1 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %12, 0 br i1 %15, label %24, label %16 %25 = phi i64 [ %23, %16 ], [ 0, %3 ] %26 = bitcast %struct.sighand_struct** %8 to i8** %27 = load i8*, i8** %26, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* %27, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %28 = call { i64, i64 } @ns_to_timespec64(i64 %25) #78 %29 = extractvalue { i64, i64 } %28, 0 %30 = extractvalue { i64, i64 } %28, 1 %31 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 %30, i64* %32, align 8 %33 = call { i64, i64 } @ns_to_timespec64(i64 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 get_cpu_itimer 1 do_getitimer 2 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] tail call fastcc void @get_cpu_itimer(%struct.task_struct.89597* %4, i32 0, %struct.timens_offsets* %1) #79 Function:get_cpu_itimer %4 = alloca [3 x i64], align 16 %5 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %6 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %5, align 32 %7 = zext i32 %1 to i64 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 8 %10 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %10) #78 %11 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 1 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %12, 0 br i1 %15, label %24, label %16 %25 = phi i64 [ %23, %16 ], [ 0, %3 ] %26 = bitcast %struct.sighand_struct** %8 to i8** %27 = load i8*, i8** %26, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* %27, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %28 = call { i64, i64 } @ns_to_timespec64(i64 %25) #78 %29 = extractvalue { i64, i64 } %28, 0 %30 = extractvalue { i64, i64 } %28, 1 %31 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 %30, i64* %32, align 8 %33 = call { i64, i64 } @ns_to_timespec64(i64 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 get_cpu_itimer 1 do_getitimer 2 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] tail call fastcc void @get_cpu_itimer(%struct.task_struct.89597* %4, i32 0, %struct.timens_offsets* %1) #79 Function:get_cpu_itimer %4 = alloca [3 x i64], align 16 %5 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %6 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %5, align 32 %7 = zext i32 %1 to i64 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 8 %10 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %10) #78 %11 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 1 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %12, 0 br i1 %15, label %24, label %16 %25 = phi i64 [ %23, %16 ], [ 0, %3 ] %26 = bitcast %struct.sighand_struct** %8 to i8** %27 = load i8*, i8** %26, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* %27, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %28 = call { i64, i64 } @ns_to_timespec64(i64 %25) #78 %29 = extractvalue { i64, i64 } %28, 0 %30 = extractvalue { i64, i64 } %28, 1 %31 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 store i64 %29, i64* %31, align 8 %32 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 store i64 %30, i64* %32, align 8 %33 = call { i64, i64 } @ns_to_timespec64(i64 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 get_cpu_itimer 1 do_getitimer 2 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] tail call fastcc void @get_cpu_itimer(%struct.task_struct.89597* %4, i32 0, %struct.timens_offsets* %1) #79 Function:get_cpu_itimer %4 = alloca [3 x i64], align 16 %5 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %6 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %5, align 32 %7 = zext i32 %1 to i64 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 8 %10 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %10) #78 %11 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 1 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %12, 0 br i1 %15, label %24, label %16 %25 = phi i64 [ %23, %16 ], [ 0, %3 ] %26 = bitcast %struct.sighand_struct** %8 to i8** %27 = load i8*, i8** %26, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* %27, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %28 = call { i64, i64 } @ns_to_timespec64(i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 get_cpu_itimer 1 do_getitimer 2 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] tail call fastcc void @get_cpu_itimer(%struct.task_struct.89597* %4, i32 0, %struct.timens_offsets* %1) #79 Function:get_cpu_itimer %4 = alloca [3 x i64], align 16 %5 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %6 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %5, align 32 %7 = zext i32 %1 to i64 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 8 %10 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %10) #78 %11 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 1 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %12, 0 br i1 %15, label %24, label %16 %25 = phi i64 [ %23, %16 ], [ 0, %3 ] %26 = bitcast %struct.sighand_struct** %8 to i8** %27 = load i8*, i8** %26, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* %27, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %28 = call { i64, i64 } @ns_to_timespec64(i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 get_cpu_itimer 1 do_getitimer 2 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] tail call fastcc void @get_cpu_itimer(%struct.task_struct.89597* %4, i32 0, %struct.timens_offsets* %1) #79 Function:get_cpu_itimer %4 = alloca [3 x i64], align 16 %5 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 95 %6 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %5, align 32 %7 = zext i32 %1 to i64 %8 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %0, i64 0, i32 96 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 8 %10 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %10) #78 %11 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 0 %12 = load i64, i64* %11, align 8 %13 = getelementptr %struct.signal_struct.89551, %struct.signal_struct.89551* %6, i64 0, i32 18, i64 %7, i32 1 %14 = load i64, i64* %13, align 8 %15 = icmp eq i64 %12, 0 br i1 %15, label %24, label %16 %25 = phi i64 [ %23, %16 ], [ 0, %3 ] %26 = bitcast %struct.sighand_struct** %8 to i8** %27 = load i8*, i8** %26, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* %27, align 4 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %28 = call { i64, i64 } @ns_to_timespec64(i64 %25) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] %6 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %8) #78 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 16 %12 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %11, i1 zeroext true) #78 %13 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %11) #78 %14 = icmp slt i64 %12, 1 %15 = select i1 %14, i64 1000, i64 %12 %16 = select i1 %13, i64 %15, i64 0 %17 = tail call { i64, i64 } @ns_to_timespec64(i64 %16) #78 %18 = extractvalue { i64, i64 } %17, 0 %19 = extractvalue { i64, i64 } %17, 1 %20 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %19, i64* %21, align 8 %22 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %23 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %22, i64 0, i32 17 %24 = load i64, i64* %23, align 8 %25 = tail call { i64, i64 } @ns_to_timespec64(i64 %24) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] %6 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %8) #78 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 16 %12 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %11, i1 zeroext true) #78 %13 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %11) #78 %14 = icmp slt i64 %12, 1 %15 = select i1 %14, i64 1000, i64 %12 %16 = select i1 %13, i64 %15, i64 0 %17 = tail call { i64, i64 } @ns_to_timespec64(i64 %16) #78 %18 = extractvalue { i64, i64 } %17, 0 %19 = extractvalue { i64, i64 } %17, 1 %20 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %19, i64* %21, align 8 %22 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %23 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %22, i64 0, i32 17 %24 = load i64, i64* %23, align 8 %25 = tail call { i64, i64 } @ns_to_timespec64(i64 %24) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] %6 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %8) #78 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 16 %12 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %11, i1 zeroext true) #78 %13 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %11) #78 %14 = icmp slt i64 %12, 1 %15 = select i1 %14, i64 1000, i64 %12 %16 = select i1 %13, i64 %15, i64 0 %17 = tail call { i64, i64 } @ns_to_timespec64(i64 %16) #78 %18 = extractvalue { i64, i64 } %17, 0 %19 = extractvalue { i64, i64 } %17, 1 %20 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 0 store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %1, i64 0, i32 1, i32 1 store i64 %19, i64* %21, align 8 %22 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %23 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %22, i64 0, i32 17 %24 = load i64, i64* %23, align 8 %25 = tail call { i64, i64 } @ns_to_timespec64(i64 %24) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_compat_sys_getitimer ------------- Path:  Function:__ia32_compat_sys_getitimer %2 = alloca %struct.old_itimerspec32, align 4 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] %6 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %8) #78 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 16 %12 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %11, i1 zeroext true) #78 %13 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %11) #78 %14 = icmp slt i64 %12, 1 %15 = select i1 %14, i64 1000, i64 %12 %16 = select i1 %13, i64 %15, i64 0 %17 = tail call { i64, i64 } @ns_to_timespec64(i64 %16) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __ia32_sys_getitimer ------------- Path:  Function:__ia32_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast %struct.timens_offsets* %3 to i8* %10 = call fastcc i32 @do_getitimer(i32 %8, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] %6 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %8) #78 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 16 %12 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %11, i1 zeroext true) #78 %13 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %11) #78 %14 = icmp slt i64 %12, 1 %15 = select i1 %14, i64 1000, i64 %12 %16 = select i1 %13, i64 %15, i64 0 %17 = tail call { i64, i64 } @ns_to_timespec64(i64 %16) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_getitimer 1 __x64_sys_getitimer ------------- Path:  Function:__x64_sys_getitimer %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = call fastcc i32 @do_getitimer(i32 %9, %struct.timens_offsets* nonnull %3) #78 Function:do_getitimer %3 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.89597** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.89597**)) #11, !srcloc !4 %4 = inttoptr i64 %3 to %struct.task_struct.89597* switch i32 %0, label %34 [ i32 0, label %5 i32 1, label %32 i32 2, label %33 ] %6 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 96 %7 = load %struct.sighand_struct*, %struct.sighand_struct** %6, align 8 %8 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %7, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %8) #78 %9 = getelementptr inbounds %struct.task_struct.89597, %struct.task_struct.89597* %4, i64 0, i32 95 %10 = load %struct.signal_struct.89551*, %struct.signal_struct.89551** %9, align 32 %11 = getelementptr inbounds %struct.signal_struct.89551, %struct.signal_struct.89551* %10, i64 0, i32 16 %12 = tail call i64 bitcast (i64 (%struct.hrtimer*, i1)* @__hrtimer_get_remaining to i64 (%struct.hrtimer.89219*, i1)*)(%struct.hrtimer.89219* %11, i1 zeroext true) #78 %13 = tail call zeroext i1 bitcast (i1 (%struct.hrtimer*)* @hrtimer_active to i1 (%struct.hrtimer.89219*)*)(%struct.hrtimer.89219* %11) #78 %14 = icmp slt i64 %12, 1 %15 = select i1 %14, i64 1000, i64 %12 %16 = select i1 %13, i64 %15, i64 0 %17 = tail call { i64, i64 } @ns_to_timespec64(i64 %16) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88513* %0, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #78 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88513*, i64)*, i64 (%struct.k_itimer.88513*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88513* %0, i64 %27) #78 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88513* %0, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #78 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88513*, i64)*, i64 (%struct.k_itimer.88513*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88513* %0, i64 %27) #78 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88513* %0, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #78 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88513*, i64)*, i64 (%struct.k_itimer.88513*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88513* %0, i64 %27) #78 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88513* %0, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #78 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88513*, i64)*, i64 (%struct.k_itimer.88513*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88513* %0, i64 %27) #78 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __x64_sys_timer_gettime32 ------------- Path:  Function:__x64_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.old_itimerspec32** %8 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %12 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %13 = icmp eq %struct.k_itimer.88513* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %12, i64 0, i32 3 %17 = load %struct.k_clock.88514*, %struct.k_clock.88514** %16, align 8 %18 = icmp eq %struct.k_clock.88514* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88513* nonnull %12, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #78 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88513*, i64)*, i64 (%struct.k_itimer.88513*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88513* %0, i64 %27) #78 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __ia32_sys_timer_gettime32 ------------- Path:  Function:__ia32_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.old_itimerspec32* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %13 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %14 = icmp eq %struct.k_itimer.88513* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %13, i64 0, i32 3 %18 = load %struct.k_clock.88514*, %struct.k_clock.88514** %17, align 8 %19 = icmp eq %struct.k_clock.88514* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88513* nonnull %13, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #78 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88513*, i64)*, i64 (%struct.k_itimer.88513*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88513* %0, i64 %27) #78 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __x64_sys_timer_gettime ------------- Path:  Function:__x64_sys_timer_gettime %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.timens_offsets** %8 = load %struct.timens_offsets*, %struct.timens_offsets** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %12 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %13 = icmp eq %struct.k_itimer.88513* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %12, i64 0, i32 3 %17 = load %struct.k_clock.88514*, %struct.k_clock.88514** %16, align 8 %18 = icmp eq %struct.k_clock.88514* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88513* nonnull %12, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #78 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88513*, i64)*, i64 (%struct.k_itimer.88513*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88513* %0, i64 %27) #78 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __ia32_sys_timer_gettime ------------- Path:  Function:__ia32_sys_timer_gettime %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.timens_offsets* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %13 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %14 = icmp eq %struct.k_itimer.88513* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %13, i64 0, i32 3 %18 = load %struct.k_clock.88514*, %struct.k_clock.88514** %17, align 8 %19 = icmp eq %struct.k_clock.88514* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88513* nonnull %13, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %18 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 6 %19 = load i32, i32* %18, align 8 %20 = icmp ne i32 %19, 0 %21 = or i1 %7, %20 br i1 %21, label %22, label %55 %23 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 3 %24 = load i64 (i32)*, i64 (i32)** %23, align 8 %25 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 4 %26 = load i32, i32* %25, align 8 %27 = tail call i64 %24(i32 %26) #78 br i1 %10, label %41, label %28 %29 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 9 %30 = load i32, i32* %29, align 8 %31 = and i32 %30, 1 %32 = icmp ne i32 %31, 0 %33 = or i1 %7, %32 br i1 %33, label %34, label %41 %42 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %4, i64 0, i32 12 %43 = load i64 (%struct.k_itimer.88513*, i64)*, i64 (%struct.k_itimer.88513*, i64)** %42, align 8 %44 = tail call i64 %43(%struct.k_itimer.88513* %0, i64 %27) #78 %45 = icmp slt i64 %44, 1 br i1 %45, label %46, label %49 %50 = tail call { i64, i64 } @ns_to_timespec64(i64 %44) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88513* %0, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.timens_offsets* nonnull %2, %struct.old_itimerspec32* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88513* %0, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __ia32_sys_timer_settime ------------- Path:  Function:__ia32_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.timens_offsets* %17 = bitcast %struct.timens_offsets* %2 to i8* %18 = bitcast %struct.timens_offsets* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.timens_offsets* %3, %struct.timens_offsets* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.timens_offsets* %24 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %20) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88513* %0, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 common_timer_set 2 do_timer_settime 3 __x64_sys_timer_settime ------------- Path:  Function:__x64_sys_timer_settime %2 = alloca %struct.timens_offsets, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.timens_offsets* %15 = bitcast %struct.timens_offsets* %2 to i8* %16 = bitcast %struct.timens_offsets* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.timens_offsets* %3, %struct.timens_offsets* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.timens_offsets* %22 = call i32 @get_itimerspec64(%struct.timens_offsets* nonnull %2, %struct.timens_offsets* nonnull %21) #78 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.timens_offsets* nonnull %2, %struct.timens_offsets* %18) #78 Function:do_timer_settime %5 = alloca i64, align 8 %6 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %7 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %61, label %10 %11 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %61 %15 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %61, label %18 %19 = getelementptr inbounds %struct.timens_offsets, %struct.timens_offsets* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %61 %23 = icmp eq %struct.timens_offsets* %3, null br i1 %23, label %26, label %24 %27 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %0, i64* nonnull %5) #78 %28 = icmp eq %struct.k_itimer.88513* %27, null br i1 %28, label %61, label %29 %30 = phi %struct.timens_offsets* [ null, %54 ], [ %3, %26 ] %31 = phi %struct.k_itimer.88513* [ %55, %54 ], [ %27, %26 ] %32 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %31, i64 0, i32 3 %33 = load %struct.k_clock.88514*, %struct.k_clock.88514** %32, align 8 %34 = icmp eq %struct.k_clock.88514* %33, null br i1 %34, label %39, label %35, !prof !4 %36 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %33, i64 0, i32 7 %37 = load i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)*, i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)** %36, align 8 %38 = icmp eq i32 (%struct.k_itimer.88513*, i32, %struct.timens_offsets*, %struct.timens_offsets*)* %37, null br i1 %38, label %39, label %40, !prof !4, !misexpect !5 %41 = tail call i32 %37(%struct.k_itimer.88513* nonnull %31, i32 %1, %struct.timens_offsets* %2, %struct.timens_offsets* %30) #79 Function:common_timer_set %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %6 = load %struct.k_clock.88514*, %struct.k_clock.88514** %5, align 8 %7 = icmp eq %struct.timens_offsets* %3, null br i1 %7, label %9, label %8 tail call void @common_timer_get(%struct.k_itimer.88513* %0, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __x64_sys_timer_gettime32 ------------- Path:  Function:__x64_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.old_itimerspec32** %8 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %12 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %13 = icmp eq %struct.k_itimer.88513* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %12, i64 0, i32 3 %17 = load %struct.k_clock.88514*, %struct.k_clock.88514** %16, align 8 %18 = icmp eq %struct.k_clock.88514* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88513* nonnull %12, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __ia32_sys_timer_gettime32 ------------- Path:  Function:__ia32_sys_timer_gettime32 %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.old_itimerspec32* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %13 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %14 = icmp eq %struct.k_itimer.88513* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %13, i64 0, i32 3 %18 = load %struct.k_clock.88514*, %struct.k_clock.88514** %17, align 8 %19 = icmp eq %struct.k_clock.88514* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88513* nonnull %13, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __x64_sys_timer_gettime ------------- Path:  Function:__x64_sys_timer_gettime %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to %struct.timens_offsets** %8 = load %struct.timens_offsets*, %struct.timens_offsets** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.timens_offsets* %3 to i8* %11 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %12 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %13 = icmp eq %struct.k_itimer.88513* %12, null br i1 %13, label %14, label %15 %16 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %12, i64 0, i32 3 %17 = load %struct.k_clock.88514*, %struct.k_clock.88514** %16, align 8 %18 = icmp eq %struct.k_clock.88514* %17, null br i1 %18, label %23, label %19, !prof !4 %20 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %17, i64 0, i32 9 %21 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %20, align 8 %22 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %21, null br i1 %22, label %23, label %24, !prof !4, !misexpect !5 call void %21(%struct.k_itimer.88513* nonnull %12, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 common_timer_get 1 __ia32_sys_timer_gettime ------------- Path:  Function:__ia32_sys_timer_gettime %2 = alloca i64, align 8 %3 = alloca %struct.timens_offsets, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = inttoptr i64 %8 to %struct.timens_offsets* %11 = bitcast %struct.timens_offsets* %3 to i8* %12 = bitcast i64* %2 to i8* store i64 0, i64* %2, align 8 %13 = call fastcc %struct.k_itimer.88513* @__lock_timer(i32 %9, i64* nonnull %2) #78 %14 = icmp eq %struct.k_itimer.88513* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %13, i64 0, i32 3 %18 = load %struct.k_clock.88514*, %struct.k_clock.88514** %17, align 8 %19 = icmp eq %struct.k_clock.88514* %18, null br i1 %19, label %24, label %20, !prof !4 %21 = getelementptr inbounds %struct.k_clock.88514, %struct.k_clock.88514* %18, i64 0, i32 9 %22 = load void (%struct.k_itimer.88513*, %struct.timens_offsets*)*, void (%struct.k_itimer.88513*, %struct.timens_offsets*)** %21, align 8 %23 = icmp eq void (%struct.k_itimer.88513*, %struct.timens_offsets*)* %22, null br i1 %23, label %24, label %25, !prof !4, !misexpect !5 call void %22(%struct.k_itimer.88513* nonnull %13, %struct.timens_offsets* nonnull %3) #78 Function:common_timer_get %3 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 3 %4 = load %struct.k_clock.88514*, %struct.k_clock.88514** %3, align 8 %5 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 10 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 %8 = getelementptr inbounds %struct.k_itimer.88513, %struct.k_itimer.88513* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %17, label %11 %12 = tail call { i64, i64 } @ns_to_timespec64(i64 %9) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_compat_sys_sysinfo ------------- Path:  Function:__ia32_compat_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = alloca %struct.compat_sysinfo, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* %7 = bitcast %struct.compat_sysinfo* %3 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #78 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #78 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __ia32_sys_sysinfo ------------- Path:  Function:__ia32_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #78 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #78 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 do_sysinfo 1 __x64_sys_sysinfo ------------- Path:  Function:__x64_sys_sysinfo %2 = alloca %struct.sysinfo, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.sysinfo* %2 to i8* call fastcc void @do_sysinfo(%struct.sysinfo* nonnull %2) #78 Function:do_sysinfo %2 = alloca %struct.cpu_itimer, align 8 %3 = bitcast %struct.sysinfo* %0 to i8* %4 = tail call i64 @ktime_get_with_offset(i32 1) #78 %5 = tail call { i64, i64 } @ns_to_timespec64(i64 %4) #78 ------------- Good: 661 Bad: 70 Ignored: 518 Check Use of Function:__SCT__tp_func_drm_vblank_event_delivered Check Use of Function:drm_property_blob_put Check Use of Function:drm_lease_filter_crtcs Check Use of Function:attach_pid Check Use of Function:errseq_check_and_advance Use: =BAD PATH= Call Stack: 0 file_check_and_advance_wb_err 1 ext4_sync_file ------------- Path:  Function:ext4_sync_file %5 = getelementptr inbounds %struct.file.193029, %struct.file.193029* %0, i64 0, i32 18 %6 = load %struct.address_space.193219*, %struct.address_space.193219** %5, align 8 %7 = getelementptr inbounds %struct.address_space.193219, %struct.address_space.193219* %6, i64 0, i32 0 %8 = load %struct.inode.193215*, %struct.inode.193215** %7, align 8 %9 = getelementptr inbounds %struct.inode.193215, %struct.inode.193215* %8, i64 0, i32 8 %10 = load %struct.super_block.193197*, %struct.super_block.193197** %9, align 8 %11 = getelementptr inbounds %struct.super_block.193197, %struct.super_block.193197* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ext4_sb_info.193370** %13 = load %struct.ext4_sb_info.193370*, %struct.ext4_sb_info.193370** %12, align 16 %14 = getelementptr inbounds %struct.ext4_sb_info.193370, %struct.ext4_sb_info.193370* %13, i64 0, i32 48 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 2 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %187, !prof !4, !misexpect !5 %19 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.193329** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.193329**)) #11, !srcloc !6 %20 = inttoptr i64 %19 to %struct.task_struct.193329* %21 = getelementptr inbounds %struct.task_struct.193329, %struct.task_struct.193329* %20, i64 0, i32 118 %22 = bitcast i8** %21 to %struct.jbd2_journal_handle.193372** %23 = load %struct.jbd2_journal_handle.193372*, %struct.jbd2_journal_handle.193372** %22, align 64 %24 = icmp eq %struct.jbd2_journal_handle.193372* %23, null br i1 %24, label %27, label %25, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_ext4_sync_file_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@ext4_sync_file, %28)) #6 to label %42 [label %28], !srcloc !8 %43 = load %struct.super_block.193197*, %struct.super_block.193197** %9, align 8 %44 = getelementptr inbounds %struct.super_block.193197, %struct.super_block.193197* %43, i64 0, i32 10 %45 = load i64, i64* %44, align 16 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 br i1 %47, label %58, label %48 %59 = tail call i32 bitcast (i32 (%struct.file*, i64, i64)* @file_write_and_wait_range to i32 (%struct.file.193029*, i64, i64)*)(%struct.file.193029* %0, i64 %1, i64 %2) #79 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %168 %62 = getelementptr inbounds %struct.ext4_sb_info.193370, %struct.ext4_sb_info.193370* %13, i64 0, i32 47 %63 = load %struct.journal_s.193352*, %struct.journal_s.193352** %62, align 8 %64 = icmp eq %struct.journal_s.193352* %63, null br i1 %64, label %65, label %126 %66 = getelementptr inbounds %struct.inode.193215, %struct.inode.193215* %8, i64 0, i32 9 %67 = load %struct.address_space.193219*, %struct.address_space.193219** %66, align 8 %68 = tail call i32 bitcast (i32 (%struct.address_space.160536*)* @sync_mapping_buffers to i32 (%struct.address_space.193219*)*)(%struct.address_space.193219* %67) #79 %69 = getelementptr inbounds %struct.inode.193215, %struct.inode.193215* %8, i64 0, i32 23 %70 = load i64, i64* %69, align 8 %71 = and i64 %70, 2055 %72 = icmp eq i64 %71, 0 br i1 %72, label %168, label %73 %74 = icmp ne i32 %3, 0 %75 = and i64 %70, 2 %76 = icmp eq i64 %75, 0 %77 = and i1 %74, %76 br i1 %77, label %168, label %78 %79 = tail call i32 bitcast (i32 (%struct.inode*, i32)* @sync_inode_metadata to i32 (%struct.inode.193215*, i32)*)(%struct.inode.193215* %8, i32 1) #79 %80 = icmp eq i32 %68, 0 %81 = select i1 %80, i32 %79, i32 %68 %82 = icmp eq i32 %81, 0 br i1 %82, label %83, label %116 %84 = getelementptr %struct.inode.193215, %struct.inode.193215* %8, i64 -1, i32 34 %85 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %84, i64 10, i32 0 %86 = load volatile i64, i64* %85, align 8 %87 = and i64 %86, 274877906944 %88 = icmp eq i64 %87, 0 br i1 %88, label %116, label %89 %90 = tail call %struct.dentry.193202* bitcast (%struct.dentry.150061* (%struct.inode.150073*)* @d_find_any_alias to %struct.dentry.193202* (%struct.inode.193215*)*)(%struct.inode.193215* %8) #79 %91 = icmp eq %struct.dentry.193202* %90, null br i1 %91, label %116, label %92 %93 = phi %struct.inode.193215* [ %105, %110 ], [ %8, %89 ] %94 = phi %struct.dentry.193202* [ %103, %110 ], [ %90, %89 ] %95 = getelementptr %struct.inode.193215, %struct.inode.193215* %93, i64 -1, i32 34 %96 = getelementptr inbounds %struct.anon.1, %struct.anon.1* %95, i64 10, i32 0 %97 = load volatile i64, i64* %96, align 8 %98 = and i64 %97, 274877906944 %99 = icmp eq i64 %98, 0 br i1 %99, label %113, label %100 %101 = bitcast i64* %96 to i8* %102 = getelementptr i8, i8* %101, i64 4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %102, i32 -65, i8* %102) #6, !srcloc !14 %103 = tail call %struct.dentry.193202* bitcast (%struct.dentry.150061* (%struct.dentry.150061*)* @dget_parent to %struct.dentry.193202* (%struct.dentry.193202*)*)(%struct.dentry.193202* %94) #79 tail call void bitcast (void (%struct.dentry.150061*)* @dput to void (%struct.dentry.193202*)*)(%struct.dentry.193202* %94) #79 %104 = getelementptr inbounds %struct.dentry.193202, %struct.dentry.193202* %103, i64 0, i32 5 %105 = load %struct.inode.193215*, %struct.inode.193215** %104, align 8 %106 = getelementptr inbounds %struct.inode.193215, %struct.inode.193215* %105, i64 0, i32 9 %107 = load %struct.address_space.193219*, %struct.address_space.193219** %106, align 8 %108 = tail call i32 bitcast (i32 (%struct.address_space.160536*)* @sync_mapping_buffers to i32 (%struct.address_space.193219*)*)(%struct.address_space.193219* %107) #79 %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %113 %111 = tail call i32 bitcast (i32 (%struct.inode*, i32)* @sync_inode_metadata to i32 (%struct.inode.193215*, i32)*)(%struct.inode.193215* %105, i32 1) #79 %112 = icmp eq i32 %111, 0 br i1 %112, label %92, label %113 %114 = phi %struct.dentry.193202* [ %103, %100 ], [ %103, %110 ], [ %94, %92 ] %115 = phi i32 [ %108, %100 ], [ %111, %110 ], [ 0, %92 ] tail call void bitcast (void (%struct.dentry.150061*)* @dput to void (%struct.dentry.193202*)*)(%struct.dentry.193202* %114) #79 br label %116 %117 = phi i32 [ %81, %78 ], [ %115, %113 ], [ 0, %83 ], [ 0, %89 ] %118 = load %struct.super_block.193197*, %struct.super_block.193197** %9, align 8 %119 = getelementptr inbounds %struct.super_block.193197, %struct.super_block.193197* %118, i64 0, i32 28 %120 = bitcast i8** %119 to %struct.ext4_sb_info.193370** %121 = load %struct.ext4_sb_info.193370*, %struct.ext4_sb_info.193370** %120, align 16 %122 = getelementptr inbounds %struct.ext4_sb_info.193370, %struct.ext4_sb_info.193370* %121, i64 0, i32 17 %123 = load i32, i32* %122, align 8 %124 = and i32 %123, 131072 %125 = icmp eq i32 %124, 0 br i1 %125, label %168, label %160 %169 = phi i32 [ %59, %58 ], [ %57, %48 ], [ %167, %160 ], [ %156, %155 ], [ %117, %116 ], [ %68, %73 ], [ %68, %65 ], [ %132, %130 ] %170 = tail call i32 bitcast (i32 (%struct.file*)* @file_check_and_advance_wb_err to i32 (%struct.file.193029*)*)(%struct.file.193029* %0) #79 Function:file_check_and_advance_wb_err %2 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 19 %3 = load volatile i32, i32* %2, align 8 %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %5 = load %struct.address_space*, %struct.address_space** %4, align 8 %6 = getelementptr inbounds %struct.address_space, %struct.address_space* %5, i64 0, i32 11 %7 = tail call i32 @errseq_check(i32* %6, i32 %3) #78 %8 = icmp eq i32 %7, 0 br i1 %8, label %30, label %9 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 4 %11 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %10, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #78 %12 = load i32, i32* %2, align 8 %13 = tail call i32 @errseq_check_and_advance(i32* %6, i32* %2) #78 ------------- Good: 10 Bad: 1 Ignored: 12 Check Use of Function:proc_dointvec Use: =BAD PATH= Call Stack: 0 proc_ipc_sem_dointvec ------------- Path:  Function:proc_ipc_sem_dointvec %6 = alloca %struct.ctl_table, align 8 %7 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %8 = inttoptr i64 %7 to %struct.task_struct* %9 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %8, i64 0, i32 94 %10 = load %struct.nsproxy*, %struct.nsproxy** %9, align 8 %11 = getelementptr inbounds %struct.nsproxy, %struct.nsproxy* %10, i64 0, i32 2 %12 = load %struct.ipc_namespace*, %struct.ipc_namespace** %11, align 8 %13 = getelementptr %struct.ipc_namespace, %struct.ipc_namespace* %12, i64 0, i32 1, i64 3 %14 = load i32, i32* %13, align 4 %15 = bitcast %struct.ctl_table* %6 to i8* %16 = bitcast %struct.ctl_table* %0 to i8* %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = bitcast %struct.ipc_namespace** %11 to i8** %21 = load i8*, i8** %20, align 8 %22 = sub i64 %19, ptrtoint (%struct.ipc_namespace.265250* @init_ipc_ns to i64) %23 = getelementptr i8, i8* %21, i64 %22 %24 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %23, i8** %24, align 8 %25 = call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_rointvec ------------- Path:  Function:proc_do_rointvec %6 = icmp eq i32 %1, 0 br i1 %6, label %7, label %9 %8 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_rointvec ------------- Path:  Function:proc_do_rointvec %6 = icmp eq i32 %1, 0 br i1 %6, label %7, label %9 %8 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cdrom_sysctl_handler ------------- Path:  Function:cdrom_sysctl_handler %6 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_mq_dointvec ------------- Path:  Function:proc_mq_dointvec %6 = alloca %struct.ctl_table, align 8 %7 = bitcast %struct.ctl_table* %6 to i8* %8 = bitcast %struct.ctl_table* %0 to i8* %9 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %10 = bitcast i8** %9 to i64* %11 = load i64, i64* %10, align 8 %12 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.268247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.268247**)) #11, !srcloc !4 %13 = inttoptr i64 %12 to %struct.task_struct.268247* %14 = getelementptr inbounds %struct.task_struct.268247, %struct.task_struct.268247* %13, i64 0, i32 94 %15 = load %struct.nsproxy.268187*, %struct.nsproxy.268187** %14, align 8 %16 = getelementptr inbounds %struct.nsproxy.268187, %struct.nsproxy.268187* %15, i64 0, i32 2 %17 = bitcast %struct.ipc_namespace.265250** %16 to i8** %18 = load i8*, i8** %17, align 8 %19 = sub i64 %11, ptrtoint (%struct.ipc_namespace.265250* @init_ipc_ns to i64) %20 = getelementptr i8, i8* %18, i64 %19 %21 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %20, i8** %21, align 8 %22 = call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %6, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv6_sysctl_rtcache_flush ------------- Path:  Function:ipv6_sysctl_rtcache_flush %6 = icmp eq i32 %1, 0 br i1 %6, label %20, label %7 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 7 %9 = bitcast i8** %8 to %struct.net.902772** %10 = load %struct.net.902772*, %struct.net.902772** %9, align 8 %11 = getelementptr inbounds %struct.net.902772, %struct.net.902772* %10, i64 0, i32 35, i32 1, i32 5 %12 = load i32, i32* %11, align 8 %13 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_ignore_routes_with_linkdown ------------- Path:  Function:addrconf_sysctl_ignore_routes_with_linkdown %6 = alloca i32, align 4 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = bitcast i8** %8 to i32** %10 = load i32*, i32** %9, align 8 %11 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %12 = load i32, i32* %10, align 4 store i32 %12, i32* %6, align 4 %13 = load i64, i64* %4, align 8 %14 = bitcast %struct.ctl_table* %7 to i8* %15 = bitcast %struct.ctl_table* %0 to i8* %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %17 = bitcast i8** %16 to i32** store i32* %6, i32** %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_forward ------------- Path:  Function:addrconf_sysctl_forward %6 = alloca i32, align 4 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = bitcast i8** %8 to i32** %10 = load i32*, i32** %9, align 8 %11 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %12 = load i32, i32* %10, align 4 store i32 %12, i32* %6, align 4 %13 = load i64, i64* %4, align 8 %14 = bitcast %struct.ctl_table* %7 to i8* %15 = bitcast %struct.ctl_table* %0 to i8* %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %17 = bitcast i8** %16 to i32** store i32* %6, i32** %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 nf_conntrack_hash_sysctl ------------- Path:  Function:nf_conntrack_hash_sysctl %6 = load i32, i32* @nf_conntrack_htable_size, align 4 store i32 %6, i32* @nf_conntrack_htable_size_user, align 4 %7 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_proxy_ndp ------------- Path:  Function:addrconf_sysctl_proxy_ndp %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_disable ------------- Path:  Function:addrconf_sysctl_disable %6 = alloca %struct.netdev_notifier_info.901519, align 8 %7 = alloca %struct.netdev_notifier_info.901519, align 8 %8 = alloca i32, align 4 %9 = alloca %struct.ctl_table, align 8 %10 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %11 = bitcast i8** %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %14 = load i32, i32* %12, align 4 store i32 %14, i32* %8, align 4 %15 = load i64, i64* %4, align 8 %16 = bitcast %struct.ctl_table* %9 to i8* %17 = bitcast %struct.ctl_table* %0 to i8* %18 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %9, i64 0, i32 1 %19 = bitcast i8** %18 to i32** store i32* %8, i32** %19, align 8 %20 = call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %9, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_sysctl_forward ------------- Path:  Function:devinet_sysctl_forward %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = load i64, i64* %4, align 8 %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.net.836644** %13 = load %struct.net.836644*, %struct.net.836644** %12, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %17 %16 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_sysctl_forward ------------- Path:  Function:devinet_sysctl_forward %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = load i64, i64* %4, align 8 %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 8 %12 = bitcast i8** %11 to %struct.net.836644** %13 = load %struct.net.836644*, %struct.net.836644** %12, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %17 %16 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 addrconf_sysctl_disable_policy ------------- Path:  Function:addrconf_sysctl_disable_policy %6 = alloca i32, align 4 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = bitcast i8** %8 to i32** %10 = load i32*, i32** %9, align 8 %11 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %12 = load i32, i32* %10, align 4 store i32 %12, i32* %6, align 4 %13 = load i64, i64* %4, align 8 %14 = bitcast %struct.ctl_table* %7 to i8* %15 = bitcast %struct.ctl_table* %0 to i8* %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 %17 = bitcast i8** %16 to i32** store i32* %6, i32** %17, align 8 %18 = call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 devinet_conf_proc ------------- Path:  Function:devinet_conf_proc %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_doint_and_flush ------------- Path:  Function:ipv4_doint_and_flush %6 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %7 = bitcast i8** %6 to i32** %8 = load i32*, i32** %7, align 8 %9 = load i32, i32* %8, align 4 %10 = tail call i32 bitcast (i32 (%struct.ctl_table.50051*, i32, i8*, i64*, i64*)* @proc_dointvec to i32 (%struct.ctl_table*, i32, i8*, i64*, i64*)*)(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #78 ------------- Good: 8 Bad: 49 Ignored: 5 Check Use of Function:__drm_mode_set_config_internal Check Use of Function:ieee80211_csa_finalize Check Use of Function:move_vma Check Use of Function:drm_atomic_helper_set_config Check Use of Function:jbd2_journal_abort Check Use of Function:drm_mode_debug_printmodeline Check Use of Function:vm_mmap_pgoff Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_compat_sys_ia32_mmap ------------- Path:  Function:__ia32_compat_sys_ia32_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #78 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mmap_pgoff 1 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #78 Function:ksys_mmap_pgoff %7 = alloca %struct.ucounts*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %53 %54 = and i64 %3, 262144 %55 = icmp eq i64 %54, 0 br i1 %55, label %56, label %58 %57 = tail call i64 @vm_mmap_pgoff(%struct.file* null, i64 %0, i64 %1, i64 %2, i64 %3, i64 %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 vm_mmap 1 i915_gem_mmap_ioctl ------------- Path:  Function:i915_gem_mmap_ioctl %4 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 17 %5 = bitcast %struct.mutex* %4 to i24* %6 = load i24, i24* %5, align 8 %7 = and i24 %6, 8 %8 = icmp eq i24 %7, 0 br i1 %8, label %9, label %166 %10 = bitcast %struct.drm_device.382396* %0 to %struct.drm_i915_private.449467* %11 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 1, i32 15 %12 = bitcast %struct.mutex* %11 to i8* %13 = load i8, i8* %12, align 8 %14 = zext i8 %13 to i32 %15 = shl nuw nsw i32 %14, 8 %16 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %10, i64 0, i32 3, i32 1 %17 = load i8, i8* %16, align 1 %18 = zext i8 %17 to i32 %19 = or i32 %15, %18 %20 = icmp ugt i32 %19, 3072 br i1 %20, label %166, label %21 %22 = getelementptr inbounds i8, i8* %1, i64 32 %23 = bitcast i8* %22 to i64* %24 = load i64, i64* %23, align 8 %25 = icmp ult i64 %24, 2 br i1 %25, label %26, label %166 %27 = icmp eq i64 %24, 0 br i1 %27, label %32, label %28 %29 = load volatile i64, i64* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 12, i32 0), align 8 %30 = and i64 %29, 65536 %31 = icmp eq i64 %30, 0 br i1 %31, label %166, label %32 %33 = bitcast i8* %1 to i32* %34 = load i32, i32* %33, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %35 = getelementptr inbounds %struct.drm_file, %struct.drm_file* %2, i64 0, i32 14 %36 = zext i32 %34 to i64 %37 = tail call i8* @idr_find(%struct.idr* %35, i64 %36) #78 %38 = bitcast i8* %37 to %struct.drm_i915_gem_object.449204* %39 = icmp eq i8* %37, null br i1 %39, label %64, label %40 %41 = bitcast i8* %37 to %struct.seqcount_spinlock* %42 = bitcast i8* %37 to i32* %43 = load volatile i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %55, label %45 %46 = phi i32 [ %53, %52 ], [ %43, %40 ] %47 = add i32 %46, 1 %48 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %42, i32 %47, i32* nonnull %42, i32 %46) #6, !srcloc !5 %49 = extractvalue { i8, i32 } %48, 0 %50 = and i8 %49, 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %52, label %55, !prof !6, !misexpect !7 %53 = extractvalue { i8, i32 } %48, 1 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %45 %56 = phi i32 [ 0, %40 ], [ %46, %45 ], [ 0, %52 ] %57 = add i32 %56, 1 %58 = or i32 %57, %56 %59 = icmp sgt i32 %58, -1 br i1 %59, label %61, label %60, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* nonnull %41, i32 0) #78 br label %61 %62 = icmp eq i32 %56, 0 %63 = select i1 %62, %struct.drm_i915_gem_object.449204* null, %struct.drm_i915_gem_object.449204* %38 br label %64 %65 = phi %struct.drm_i915_gem_object.449204* [ null, %32 ], [ %63, %61 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 %66 = icmp eq %struct.drm_i915_gem_object.449204* %65, null br i1 %66, label %166, label %67 %68 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 3 %69 = load %struct.file*, %struct.file** %68, align 8 %70 = icmp eq %struct.file* %69, null br i1 %70, label %151, label %71 %72 = getelementptr inbounds i8, i8* %1, i64 8 %73 = bitcast i8* %72 to i64* %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds i8, i8* %1, i64 16 %76 = bitcast i8* %75 to i64* %77 = getelementptr inbounds %struct.drm_i915_gem_object.449204, %struct.drm_i915_gem_object.449204* %65, i64 0, i32 0, i32 0, i32 0, i32 5 %78 = load i64, i64* %77, align 8 %79 = icmp ugt i64 %78, %74 br i1 %79, label %80, label %151 %81 = load i64, i64* %76, align 8 %82 = sub i64 %78, %74 %83 = icmp ugt i64 %81, %82 br i1 %83, label %151, label %84 %85 = tail call i64 @vm_mmap(%struct.file* nonnull %69, i64 0, i64 %81, i64 3, i64 1, i64 %74) #78 Function:vm_mmap %7 = add i64 %2, 4095 %8 = and i64 %7, -4096 %9 = xor i64 %5, -1 %10 = icmp ule i64 %8, %9 %11 = and i64 %5, 4095 %12 = icmp eq i64 %11, 0 %13 = and i1 %10, %12 br i1 %13, label %14, label %17, !prof !4, !misexpect !5 %15 = lshr i64 %5, 12 %16 = tail call i64 @vm_mmap_pgoff(%struct.file* %0, i64 %1, i64 %2, i64 %3, i64 %4, i64 %15) #78 ------------- Good: 10 Bad: 6 Ignored: 13 Check Use of Function:drm_mode_create Check Use of Function:drm_mode_convert_umode Check Use of Function:mqueue_unlink Check Use of Function:idr_replace Check Use of Function:drm_modeset_unregister_all Check Use of Function:percpu_ref_init Check Use of Function:unmap_mapping_range Check Use of Function:pci_disable_msi Check Use of Function:__setplane_internal Check Use of Function:i915_perf_fini Check Use of Function:dma_async_device_register Check Use of Function:msleep_interruptible Use: =BAD PATH= Call Stack: 0 uart_wait_until_sent ------------- Path:  Function:uart_wait_until_sent %3 = getelementptr inbounds %struct.tty_struct, %struct.tty_struct* %0, i64 0, i32 30 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 3, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 0 br i1 %8, label %96, label %9, !prof !4, !misexpect !5 %10 = phi i32 [ %17, %16 ], [ %7, %2 ] %11 = add i32 %10, 1 %12 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %11, i32* %6, i32 %10) #6, !srcloc !6 %13 = extractvalue { i8, i32 } %12, 0 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %16, label %19, !prof !4, !misexpect !5 %20 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 5 %21 = load %struct.uart_port*, %struct.uart_port** %20, align 8 %22 = icmp eq %struct.uart_port* %21, null br i1 %22, label %96, label %23 %24 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 38 %25 = load i32, i32* %24, align 8 %26 = icmp eq i32 %25, 0 br i1 %26, label %31, label %27 %28 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 23 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %41 %42 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 37 %43 = load i32, i32* %42, align 4 %44 = add i32 %43, -20 %45 = udiv i32 %44, %29 %46 = udiv i32 %45, 5 %47 = icmp ult i32 %45, 5 %48 = select i1 %47, i32 1, i32 %46 %49 = zext i32 %48 to i64 %50 = icmp eq i32 %1, 0 %51 = sext i32 %1 to i64 %52 = icmp ult i64 %51, %49 %53 = select i1 %52, i64 %51, i64 %49 %54 = select i1 %50, i64 %49, i64 %53 %55 = shl i32 %43, 1 %56 = add i32 %1, -1 %57 = icmp ult i32 %56, %55 %58 = select i1 %57, i32 %1, i32 %55 %59 = load volatile i64, i64* @jiffies, align 64 %60 = sext i32 %58 to i64 %61 = add i64 %59, %60 %62 = getelementptr inbounds %struct.uart_port, %struct.uart_port* %21, i64 0, i32 39 br label %63 %64 = load %struct.uart_ops*, %struct.uart_ops** %62, align 8 %65 = getelementptr inbounds %struct.uart_ops, %struct.uart_ops* %64, i64 0, i32 0 %66 = load i32 (%struct.uart_port*)*, i32 (%struct.uart_port*)** %65, align 8 %67 = tail call i32 %66(%struct.uart_port* nonnull %21) #78 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %86 %70 = tail call i32 @jiffies_to_msecs(i64 %54) #78 %71 = tail call i64 @msleep_interruptible(i32 %70) #78 ------------- Good: 17 Bad: 1 Ignored: 2 Check Use of Function:intel_modeset_driver_remove_noirq Check Use of Function:atomic_dec_and_mutex_lock Check Use of Function:security_task_getscheduler Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %12 = inttoptr i64 %11 to %struct.task_struct* br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %28, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %31, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %12 = inttoptr i64 %11 to %struct.task_struct* br label %13 %14 = phi %struct.task_struct* [ %9, %8 ], [ %12, %10 ] %15 = icmp eq %struct.task_struct* %14, null br i1 %15, label %28, label %16 %17 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %4, i64 %7) #78 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* br label %17 %18 = phi %struct.task_struct* [ %13, %12 ], [ %16, %14 ] %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %36, label %20 %21 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %18) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getparam 1 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_sched_getparam(i64 %3, i64 %5) #78 Function:__se_sys_sched_getparam %3 = alloca %struct.kuid_t, align 4 %4 = trunc i64 %0 to i32 %5 = bitcast %struct.kuid_t* %3 to i8* %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %3, i64 0, i32 0 store i32 0, i32* %6, align 4 %7 = icmp eq i64 %1, 0 %8 = icmp slt i32 %4, 0 %9 = or i1 %8, %7 br i1 %9, label %39, label %10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %15 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %16 = inttoptr i64 %15 to %struct.task_struct* br label %17 %18 = phi %struct.task_struct* [ %13, %12 ], [ %16, %14 ] %19 = icmp eq %struct.task_struct* %18, null br i1 %19, label %36, label %20 %21 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %18) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #78 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %24 = inttoptr i64 %23 to %struct.task_struct* br label %25 %26 = phi %struct.task_struct* [ %21, %20 ], [ %24, %22 ] %27 = icmp eq %struct.task_struct* %26, null br i1 %27, label %78, label %28 %29 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %26) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #78 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %81, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %81, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %24 = inttoptr i64 %23 to %struct.task_struct* br label %25 %26 = phi %struct.task_struct* [ %21, %20 ], [ %24, %22 ] %27 = icmp eq %struct.task_struct* %26, null br i1 %27, label %78, label %28 %29 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %26) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __se_compat_sys_sched_getaffinity 2 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #78 Function:__se_compat_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %1 to i32 %6 = inttoptr i64 %2 to i32* %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %8, align 8 %9 = shl i32 %5, 3 %10 = load i32, i32* @nr_cpu_ids, align 4 %11 = icmp uge i32 %9, %10 %12 = and i32 %5, 3 %13 = icmp eq i32 %12, 0 %14 = and i1 %13, %11 br i1 %14, label %15, label %65 %16 = trunc i64 %0 to i32 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %18 = call i64 @sched_getaffinity(i32 %16, %struct.cpumask* nonnull %17) #78 Function:sched_getaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 br label %9 %10 = phi %struct.task_struct* [ %5, %4 ], [ %8, %6 ] %11 = icmp eq %struct.task_struct* %10, null br i1 %11, label %23, label %12 %13 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %10) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #78 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %8, align 8 %9 = shl i32 %6, 3 %10 = load i32, i32* @nr_cpu_ids, align 4 %11 = icmp uge i32 %9, %10 %12 = and i32 %6, 7 %13 = icmp eq i32 %12, 0 %14 = and i1 %13, %11 br i1 %14, label %15, label %49 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = icmp eq i32 %5, 0 br i1 %16, label %19, label %17 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %21 = inttoptr i64 %20 to %struct.task_struct* br label %22 %23 = phi %struct.task_struct* [ %18, %17 ], [ %21, %19 ] %24 = icmp eq %struct.task_struct* %23, null br i1 %24, label %35, label %25 %26 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %23) #78 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %3, i64 %5, i64 %7) #78 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %8, align 8 %9 = shl i32 %6, 3 %10 = load i32, i32* @nr_cpu_ids, align 4 %11 = icmp uge i32 %9, %10 %12 = and i32 %6, 7 %13 = icmp eq i32 %12, 0 %14 = and i1 %13, %11 br i1 %14, label %15, label %49 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %16 = icmp eq i32 %5, 0 br i1 %16, label %19, label %17 %20 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !5 %21 = inttoptr i64 %20 to %struct.task_struct* br label %22 %23 = phi %struct.task_struct* [ %18, %17 ], [ %21, %19 ] %24 = icmp eq %struct.task_struct* %23, null br i1 %24, label %35, label %25 %26 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %23) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__ia32_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #78 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 br label %11 %12 = phi %struct.task_struct* [ %7, %6 ], [ %10, %8 ] %13 = icmp eq %struct.task_struct* %12, null br i1 %13, label %61, label %14 %15 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %12) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__x64_sys_sched_rr_get_interval_time32 %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #78 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 br label %11 %12 = phi %struct.task_struct* [ %7, %6 ], [ %10, %8 ] %13 = icmp eq %struct.task_struct* %12, null br i1 %13, label %61, label %14 %15 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %12) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.cpu_itimer* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.cpu_itimer* nonnull %2) #78 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 br label %11 %12 = phi %struct.task_struct* [ %7, %6 ], [ %10, %8 ] %13 = icmp eq %struct.task_struct* %12, null br i1 %13, label %61, label %14 %15 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %12) #78 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.cpu_itimer, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.cpu_itimer** %7 = load %struct.cpu_itimer*, %struct.cpu_itimer** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.cpu_itimer* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.cpu_itimer* nonnull %2) #78 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %63, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct* @find_task_by_vpid(i32 %0) #78 br label %11 %12 = phi %struct.task_struct* [ %7, %6 ], [ %10, %8 ] %13 = icmp eq %struct.task_struct* %12, null br i1 %13, label %61, label %14 %15 = tail call i32 @security_task_getscheduler(%struct.task_struct* nonnull %12) #78 ------------- Good: 1 Bad: 13 Ignored: 1 Check Use of Function:acpi_evaluate_lck Check Use of Function:security_task_fix_setgid Check Use of Function:acpi_evaluate_integer Use: =BAD PATH= Call Stack: 0 eeepc_get_adapter_status 1 attention_read_file ------------- Path:  Function:attention_read_file %3 = alloca i8, align 1 store i8 0, i8* %3, align 1 %4 = getelementptr inbounds %struct.pci_slot.318927, %struct.pci_slot.318927* %0, i64 0, i32 2 %5 = load %struct.hotplug_slot*, %struct.hotplug_slot** %4, align 8 %6 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 0 %7 = load %struct.hotplug_slot_ops*, %struct.hotplug_slot_ops** %6, align 8 %8 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 3 %9 = load %struct.module*, %struct.module** %8, align 8 %10 = tail call zeroext i1 @try_module_get(%struct.module* %9) #78 br i1 %10, label %11, label %27 %12 = getelementptr inbounds %struct.hotplug_slot_ops, %struct.hotplug_slot_ops* %7, i64 0, i32 5 %13 = load i32 (%struct.hotplug_slot*, i8*)*, i32 (%struct.hotplug_slot*, i8*)** %12, align 8 %14 = icmp eq i32 (%struct.hotplug_slot*, i8*)* %13, null br i1 %14, label %15, label %17 %18 = call i32 %13(%struct.hotplug_slot* %5, i8* nonnull %3) #78 Function:eeepc_get_adapter_status %3 = alloca i64, align 8 %4 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7, i32 1 %5 = bitcast %struct.list_head* %4 to i32* %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %24, label %9 %10 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7 %11 = bitcast %struct.hotplug_slot* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = call i32 @acpi_evaluate_integer(i8* %12, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.24.61322, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 eeepc_get_adapter_status 1 presence_read_file ------------- Path:  Function:presence_read_file %3 = alloca i8, align 1 store i8 0, i8* %3, align 1 %4 = getelementptr inbounds %struct.pci_slot.318927, %struct.pci_slot.318927* %0, i64 0, i32 2 %5 = load %struct.hotplug_slot*, %struct.hotplug_slot** %4, align 8 %6 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 0 %7 = load %struct.hotplug_slot_ops*, %struct.hotplug_slot_ops** %6, align 8 %8 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 3 %9 = load %struct.module*, %struct.module** %8, align 8 %10 = tail call zeroext i1 @try_module_get(%struct.module* %9) #78 br i1 %10, label %11, label %27 %12 = getelementptr inbounds %struct.hotplug_slot_ops, %struct.hotplug_slot_ops* %7, i64 0, i32 7 %13 = load i32 (%struct.hotplug_slot*, i8*)*, i32 (%struct.hotplug_slot*, i8*)** %12, align 8 %14 = icmp eq i32 (%struct.hotplug_slot*, i8*)* %13, null br i1 %14, label %15, label %17 %18 = call i32 %13(%struct.hotplug_slot* %5, i8* nonnull %3) #78 Function:eeepc_get_adapter_status %3 = alloca i64, align 8 %4 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7, i32 1 %5 = bitcast %struct.list_head* %4 to i32* %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %24, label %9 %10 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7 %11 = bitcast %struct.hotplug_slot* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = call i32 @acpi_evaluate_integer(i8* %12, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.24.61322, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 eeepc_get_adapter_status 1 latch_read_file ------------- Path:  Function:latch_read_file %3 = alloca i8, align 1 store i8 0, i8* %3, align 1 %4 = getelementptr inbounds %struct.pci_slot.318927, %struct.pci_slot.318927* %0, i64 0, i32 2 %5 = load %struct.hotplug_slot*, %struct.hotplug_slot** %4, align 8 %6 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 0 %7 = load %struct.hotplug_slot_ops*, %struct.hotplug_slot_ops** %6, align 8 %8 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 3 %9 = load %struct.module*, %struct.module** %8, align 8 %10 = tail call zeroext i1 @try_module_get(%struct.module* %9) #78 br i1 %10, label %11, label %27 %12 = getelementptr inbounds %struct.hotplug_slot_ops, %struct.hotplug_slot_ops* %7, i64 0, i32 6 %13 = load i32 (%struct.hotplug_slot*, i8*)*, i32 (%struct.hotplug_slot*, i8*)** %12, align 8 %14 = icmp eq i32 (%struct.hotplug_slot*, i8*)* %13, null br i1 %14, label %15, label %17 %18 = call i32 %13(%struct.hotplug_slot* %5, i8* nonnull %3) #78 Function:eeepc_get_adapter_status %3 = alloca i64, align 8 %4 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7, i32 1 %5 = bitcast %struct.list_head* %4 to i32* %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %24, label %9 %10 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7 %11 = bitcast %struct.hotplug_slot* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = call i32 @acpi_evaluate_integer(i8* %12, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.24.61322, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 eeepc_get_adapter_status 1 power_read_file ------------- Path:  Function:power_read_file %3 = alloca i8, align 1 store i8 0, i8* %3, align 1 %4 = getelementptr inbounds %struct.pci_slot.318927, %struct.pci_slot.318927* %0, i64 0, i32 2 %5 = load %struct.hotplug_slot*, %struct.hotplug_slot** %4, align 8 %6 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 0 %7 = load %struct.hotplug_slot_ops*, %struct.hotplug_slot_ops** %6, align 8 %8 = getelementptr inbounds %struct.hotplug_slot, %struct.hotplug_slot* %5, i64 0, i32 3 %9 = load %struct.module*, %struct.module** %8, align 8 %10 = tail call zeroext i1 @try_module_get(%struct.module* %9) #78 br i1 %10, label %11, label %27 %12 = getelementptr inbounds %struct.hotplug_slot_ops, %struct.hotplug_slot_ops* %7, i64 0, i32 4 %13 = load i32 (%struct.hotplug_slot*, i8*)*, i32 (%struct.hotplug_slot*, i8*)** %12, align 8 %14 = icmp eq i32 (%struct.hotplug_slot*, i8*)* %13, null br i1 %14, label %15, label %17 %18 = call i32 %13(%struct.hotplug_slot* %5, i8* nonnull %3) #78 Function:eeepc_get_adapter_status %3 = alloca i64, align 8 %4 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7, i32 1 %5 = bitcast %struct.list_head* %4 to i32* %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %24, label %9 %10 = getelementptr %struct.hotplug_slot, %struct.hotplug_slot* %0, i64 -7 %11 = bitcast %struct.hotplug_slot* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %14 = call i32 @acpi_evaluate_integer(i8* %12, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.24.61322, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 camera_show ------------- Path:  Function:camera_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 16 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.26.61352, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cardr_show ------------- Path:  Function:cardr_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 1048576 %11 = icmp eq i32 %10, 0 br i1 %11, label %27, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.31.61349, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cpufv_show ------------- Path:  Function:cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %35, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.61340, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 cpufv_store ------------- Path:  Function:cpufv_store %5 = alloca i64, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %8 = load i8*, i8** %7, align 8 %9 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %10 = getelementptr inbounds i8, i8* %8, i64 12 %11 = load i8, i8* %10, align 4, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %53 %14 = getelementptr inbounds i8, i8* %8, i64 8 %15 = bitcast i8* %14 to i32* %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 4096 %18 = icmp eq i32 %17, 0 br i1 %18, label %53, label %19 %20 = bitcast i8* %8 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i64* %5 to i8* store i64 0, i64* %5, align 8 %23 = call i32 @acpi_evaluate_integer(i8* %21, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.61340, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %5) #78 ------------- Use: =BAD PATH= Call Stack: 0 available_cpufv_show ------------- Path:  Function:available_cpufv_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.eeepc_laptop** %7 = load %struct.eeepc_laptop*, %struct.eeepc_laptop** %6, align 8 %8 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 1 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %42, label %12 %13 = getelementptr inbounds %struct.eeepc_laptop, %struct.eeepc_laptop* %7, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %16 = call i32 @acpi_evaluate_integer(i8* %14, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.28.61340, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 uid_show.31098 ------------- Path:  Function:uid_show.31098 %4 = alloca i64, align 8 %5 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 7 %7 = bitcast i8** %6 to %struct.dock_station** %8 = load %struct.dock_station*, %struct.dock_station** %7, align 8 %9 = getelementptr inbounds %struct.dock_station, %struct.dock_station* %8, i64 0, i32 0 %10 = load i8*, i8** %9, align 8 %11 = call i32 @acpi_evaluate_integer(i8* %10, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.22.31099, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 acpi_device_get_power 1 real_power_state_show ------------- Path:  Function:real_power_state_show %4 = alloca i32, align 4 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 3 %6 = bitcast i8** %5 to %struct.acpi_device* %7 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %8 = call i32 @acpi_device_get_power(%struct.acpi_device* %6, i32* nonnull %4) #78 Function:acpi_device_get_power %3 = alloca i64, align 8 %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* store i32 255, i32* %4, align 4 %6 = icmp ne %struct.acpi_device* %0, null %7 = icmp ne i32* %1, null %8 = and i1 %6, %7 br i1 %8, label %9, label %75 %10 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 9, i32 0 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 8 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %21 %22 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 11, i32 1, i32 0 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 2 %25 = icmp eq i32 %24, 0 br i1 %25, label %31, label %26 %27 = call i32 @acpi_power_get_inferred_state(%struct.acpi_device* nonnull %0, i32* nonnull %4) #78 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %75 %30 = load i32, i32* %22, align 4 br label %31 %32 = phi i32 [ %30, %29 ], [ %23, %21 ] %33 = and i32 %32, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %54, label %35 %36 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %37 = getelementptr inbounds %struct.acpi_device, %struct.acpi_device* %0, i64 0, i32 1 %38 = load i8*, i8** %37, align 8 %39 = call i32 @acpi_evaluate_integer(i8* %38, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.11.30687, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %3) #78 ------------- Use: =BAD PATH= Call Stack: 0 sun_show ------------- Path:  Function:sun_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 3 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = getelementptr inbounds i8*, i8** %5, i64 1 %8 = load i8*, i8** %7, align 8 %9 = call i32 @acpi_evaluate_integer(i8* %8, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.2.30652, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 hrv_show ------------- Path:  Function:hrv_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 3 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = getelementptr inbounds i8*, i8** %5, i64 1 %8 = load i8*, i8** %7, align 8 %9 = call i32 @acpi_evaluate_integer(i8* %8, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.3.30653, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #78 ------------- Use: =BAD PATH= Call Stack: 0 status_show ------------- Path:  Function:status_show %4 = alloca i64, align 8 %5 = getelementptr %struct.device, %struct.device* %0, i64 -1, i32 3 %6 = bitcast i64* %4 to i8* store i64 0, i64* %4, align 8 %7 = getelementptr inbounds i8*, i8** %5, i64 1 %8 = load i8*, i8** %7, align 8 %9 = call i32 @acpi_evaluate_integer(i8* %8, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @.str.4.30654, i64 0, i64 0), %struct.acpi_object_list* null, i64* nonnull %4) #78 ------------- Good: 118 Bad: 14 Ignored: 121 Check Use of Function:fsnotify Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147847*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %6, i32 2) #78 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.150840*)*)(%struct.inode.150840* %6) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %64, i64 %66, %struct.inode.150840* %6) #78 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %77, i64 %79, %struct.inode.150840* %6) #78 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %171 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150835*, %struct.inode_operations.150835** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150835, %struct.inode_operations.150835* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*, i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.user_namespace* %0, %struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 br label %202 %203 = phi i32 [ %199, %198 ], [ %201, %200 ] %204 = icmp eq i32 %203, 0 br i1 %204, label %205, label %261 %206 = shl i32 %139, 1 %207 = and i32 %206, 4 %208 = select i1 %152, i32 %207, i32 4 %209 = or i32 %208, 2 %210 = lshr i32 %139, 2 %211 = and i32 %210, 2 %212 = or i32 %208, %211 %213 = and i32 %139, 48 %214 = icmp eq i32 %213, 48 br i1 %214, label %215, label %217 %218 = and i32 %139, 16 %219 = icmp eq i32 %218, 0 br i1 %219, label %222, label %220 %223 = and i32 %139, 32 %224 = icmp eq i32 %223, 0 %225 = select i1 %224, i32 %212, i32 %209 br label %226 %227 = phi i32 [ %216, %215 ], [ %221, %220 ], [ %225, %222 ] %228 = shl i32 %139, 2 %229 = and i32 %228, 4 %230 = or i32 %227, %229 %231 = icmp eq i32 %230, 0 br i1 %231, label %261, label %232 %233 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %234 = bitcast %struct.inode.150840* %233 to i8* %235 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %233, i64 0, i32 8 %236 = load %struct.super_block.150826*, %struct.super_block.150826** %235, align 8 %237 = getelementptr inbounds %struct.super_block.150826, %struct.super_block.150826* %236, i64 0, i32 44, i32 0 %238 = load volatile i64, i64* %237, align 8 %239 = icmp eq i64 %238, 0 br i1 %239, label %261, label %240 %241 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %233, i64 0, i32 0 %242 = load i16, i16* %241, align 8 %243 = and i16 %242, -4096 %244 = icmp eq i16 %243, 16384 br i1 %244, label %245, label %251 %246 = or i32 %230, 1073741824 %247 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 16384 %250 = icmp eq i32 %249, 0 br i1 %250, label %258, label %251 %252 = phi i32 [ %246, %245 ], [ %230, %240 ] %253 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 3 %254 = load %struct.dentry.150830*, %struct.dentry.150830** %253, align 8 %255 = icmp eq %struct.dentry.150830* %254, %1 br i1 %255, label %258, label %256 %259 = phi i32 [ %252, %251 ], [ %246, %245 ] %260 = tail call i32 bitcast (i32 (i32, i8*, i32, %struct.inode.161968*, %struct.qstr*, %struct.inode.161968*, i32)* @fsnotify to i32 (i32, i8*, i32, %struct.inode.150840*, %struct.qstr*, %struct.inode.150840*, i32)*)(i32 %259, i8* %234, i32 2, %struct.inode.150840* null, %struct.qstr* null, %struct.inode.150840* %233, i32 0) #78 ------------- Use: =BAD PATH= Call Stack: 0 __fsnotify_parent 1 notify_change 2 file_remove_privs 3 __generic_file_write_iter 4 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 0 %5 = load %struct.file.294911*, %struct.file.294911** %4, align 8 %6 = getelementptr inbounds %struct.file.294911, %struct.file.294911* %5, i64 0, i32 18 %7 = load %struct.address_space.294992*, %struct.address_space.294992** %6, align 8 %8 = getelementptr inbounds %struct.address_space.294992, %struct.address_space.294992* %7, i64 0, i32 0 %9 = load %struct.inode.294985*, %struct.inode.294985** %8, align 8 %10 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = tail call %struct.block_device.294846* bitcast (%struct.block_device.294322* (%struct.inode.294518*)* @I_BDEV to %struct.block_device.294846* (%struct.inode.294985*)*)(%struct.inode.294985* %9) #78 %14 = tail call i32 bitcast (i32 (%struct.block_device.296192*)* @bdev_read_only to i32 (%struct.block_device.294846*)*)(%struct.block_device.294846* %13) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %68 %17 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 256 %20 = icmp eq i32 %19, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.inode.294985, %struct.inode.294985* %9, i64 0, i32 13 %23 = load i32, i32* %22, align 4 %24 = tail call i32 @is_hibernate_resume_dev(i32 %23) #78 %25 = icmp eq i32 %24, 0 br i1 %25, label %68, label %26 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %68, label %30 %31 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %11, %32 br i1 %33, label %34, label %68 %35 = getelementptr inbounds %struct.kiocb.294591, %struct.kiocb.294591* %0, i64 0, i32 4 %36 = load i32, i32* %35, align 8 %37 = and i32 %36, 131080 %38 = icmp eq i32 %37, 8 br i1 %38, label %68, label %39 %40 = sub i64 %11, %32 %41 = icmp ugt i64 %28, %40 br i1 %41, label %42, label %44 %43 = sub i64 %28, %40 store i64 %40, i64* %27, align 8 br label %44 %45 = phi i64 [ %43, %42 ], [ 0, %39 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #78 %46 = call i64 bitcast (i64 (%struct.kiocb*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.294591*, %struct.iov_iter*)*)(%struct.kiocb.294591* %0, %struct.iov_iter* %1) #78 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 18 %6 = load %struct.address_space*, %struct.address_space** %5, align 8 %7 = getelementptr inbounds %struct.address_space, %struct.address_space* %6, i64 0, i32 0 %8 = load %struct.inode*, %struct.inode** %7, align 8 %9 = icmp eq %struct.inode* %8, null br i1 %9, label %24, label %10 %25 = phi %struct.backing_dev_info* [ %20, %15 ], [ %23, %21 ], [ @noop_backing_dev_info, %2 ] %26 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %27 = inttoptr i64 %26 to %struct.task_struct* %28 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %27, i64 0, i32 122 store %struct.backing_dev_info* %25, %struct.backing_dev_info** %28, align 32 %29 = tail call i32 bitcast (i32 (%struct.file.150531*)* @file_remove_privs to i32 (%struct.file*)*)(%struct.file* %4) #78 Function:file_remove_privs %2 = alloca %struct.iattr.150595, align 8 %3 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.150593*, %struct.dentry.150593** %3, align 8 %5 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.150593* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 2 %20 = load %struct.inode.150604*, %struct.inode.150604** %19, align 8 %21 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %92 %26 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %92 %31 = getelementptr inbounds %struct.dentry.150593, %struct.dentry.150593* %18, i64 0, i32 5 %32 = load %struct.inode.150604*, %struct.inode.150604** %31, align 8 %33 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %74 %38 = getelementptr inbounds %struct.inode.150604, %struct.inode.150604* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #78 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry*)* @security_inode_need_killpriv to i32 (%struct.dentry.150593*)*)(%struct.dentry.150593* %18) #78 %56 = icmp slt i32 %55, 0 br i1 %56, label %92, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %92, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %74, label %64 %65 = getelementptr inbounds %struct.file.150531, %struct.file.150531* %0, i64 0, i32 1, i32 0 %66 = load %struct.vfsmount.150589*, %struct.vfsmount.150589** %65, align 8 %67 = getelementptr inbounds %struct.vfsmount.150589, %struct.vfsmount.150589* %66, i64 0, i32 3 %68 = load volatile %struct.user_namespace*, %struct.user_namespace** %67, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %69 = bitcast %struct.iattr.150595* %2 to i8* %70 = or i32 %60, 512 %71 = getelementptr inbounds %struct.iattr.150595, %struct.iattr.150595* %2, i64 0, i32 0 store i32 %70, i32* %71, align 8 %72 = call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*, %struct.inode.150840**)* @notify_change to i32 (%struct.user_namespace*, %struct.dentry.150593*, %struct.iattr.150595*, %struct.inode.150604**)*)(%struct.user_namespace* %68, %struct.dentry.150593* %18, %struct.iattr.150595* nonnull %2, %struct.inode.150604** null) #78 Function:notify_change %5 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 5 %6 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %7 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 24, i32 0, i32 0 %12 = load volatile i64, i64* %11, align 8 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %15, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.16510, i64 0, i64 0), i32 335, i32 2307, i64 12) #6, !srcloc !6 br label %15 %16 = and i32 %10, 65543 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 12 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %261 %24 = and i32 %10, 131072 %25 = icmp eq i32 %24, 0 br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %261 %32 = tail call zeroext i1 bitcast (i1 (%struct.user_namespace*, %struct.inode.150604*)* @inode_owner_or_capable to i1 (%struct.user_namespace*, %struct.inode.150840*)*)(%struct.user_namespace* %0, %struct.inode.150840* %6) #78 br i1 %32, label %36, label %33 %34 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.inode.147847*, i32)* @inode_permission to i32 (%struct.user_namespace*, %struct.inode.150840*, i32)*)(%struct.user_namespace* %0, %struct.inode.150840* %6, i32 2) #78 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %261 %37 = and i32 %10, 1 %38 = icmp eq i32 %37, 0 br i1 %38, label %52, label %39 %40 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 1 %41 = load i16, i16* %40, align 4 %42 = zext i16 %41 to i32 %43 = and i32 %42, 2048 %44 = icmp ne i32 %43, 0 %45 = and i32 %42, 1032 %46 = icmp eq i32 %45, 1032 %47 = or i1 %44, %46 br i1 %47, label %48, label %52 %53 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.150604*)* @current_time to { i64, i64 } (%struct.inode.150840*)*)(%struct.inode.150840* %6) #78 %54 = extractvalue { i64, i64 } %53, 0 %55 = extractvalue { i64, i64 } %53, 1 %56 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 0 store i64 %54, i64* %56, align 8 %57 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 7, i32 1 store i64 %55, i64* %57, align 8 %58 = trunc i32 %10 to i8 %59 = icmp sgt i8 %58, -1 %60 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 0 br i1 %59, label %61, label %63 %64 = load i64, i64* %60, align 8 %65 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 5, i32 1 %66 = load i64, i64* %65, align 8 %67 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %64, i64 %66, %struct.inode.150840* %6) #78 %68 = extractvalue { i64, i64 } %67, 0 %69 = extractvalue { i64, i64 } %67, 1 store i64 %68, i64* %60, align 8 store i64 %69, i64* %65, align 8 br label %70 %71 = and i32 %10, 256 %72 = icmp eq i32 %71, 0 %73 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 0 br i1 %72, label %74, label %76 %77 = load i64, i64* %73, align 8 %78 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 6, i32 1 %79 = load i64, i64* %78, align 8 %80 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.150604*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.150840*)*)(i64 %77, i64 %79, %struct.inode.150840* %6) #78 %81 = extractvalue { i64, i64 } %80, 0 %82 = extractvalue { i64, i64 } %80, 1 store i64 %81, i64* %73, align 8 store i64 %82, i64* %78, align 8 br label %83 %84 = and i32 %10, 16384 %85 = icmp eq i32 %84, 0 br i1 %85, label %95, label %86 %96 = phi i32 [ %37, %83 ], [ %37, %89 ], [ %94, %91 ] %97 = phi i32 [ %10, %83 ], [ %10, %89 ], [ %93, %91 ] %98 = and i32 %97, 6144 %99 = icmp eq i32 %98, 0 %100 = icmp eq i32 %96, 0 %101 = or i1 %99, %100 br i1 %101, label %103, label %102 %104 = and i32 %97, 2048 %105 = icmp eq i32 %104, 0 %106 = and i16 %8, 2048 %107 = icmp eq i16 %106, 0 %108 = or i1 %107, %105 br i1 %108, label %115, label %109 %116 = phi i32 [ %111, %109 ], [ %97, %103 ] %117 = and i32 %116, 4096 %118 = icmp ne i32 %117, 0 %119 = and i16 %8, 1032 %120 = icmp eq i16 %119, 1032 %121 = and i1 %120, %118 br i1 %121, label %122, label %138 %139 = phi i32 [ %135, %133 ], [ %116, %115 ] %140 = load i32, i32* %9, align 8 %141 = and i32 %140, -6145 %142 = icmp eq i32 %141, 0 br i1 %142, label %261, label %143 %144 = and i32 %139, 2 %145 = icmp eq i32 %144, 0 br i1 %145, label %150, label %146 %147 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 2, i32 0 %148 = load i32, i32* %147, align 8 %149 = icmp eq i32 %148, -1 br i1 %149, label %261, label %150 %151 = and i32 %139, 4 %152 = icmp eq i32 %151, 0 br i1 %152, label %157, label %153 %154 = getelementptr inbounds %struct.iattr.150951, %struct.iattr.150951* %2, i64 0, i32 3, i32 0 %155 = load i32, i32* %154, align 4 %156 = icmp eq i32 %155, -1 br i1 %156, label %261, label %157 br i1 %145, label %158, label %162 %159 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 2, i32 0 %160 = load i32, i32* %159, align 4 %161 = icmp eq i32 %160, -1 br i1 %161, label %261, label %162 br i1 %152, label %163, label %167 %164 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 3, i32 0 %165 = load i32, i32* %164, align 8 %166 = icmp eq i32 %165, -1 br i1 %166, label %261, label %167 %168 = tail call i32 bitcast (i32 (%struct.dentry*, %struct.iattr*)* @security_inode_setattr to i32 (%struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 %169 = icmp eq i32 %168, 0 br i1 %169, label %170, label %261 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %171 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 40 %172 = load %struct.file_lock_context*, %struct.file_lock_context** %171, align 8 %173 = icmp eq %struct.file_lock_context* %172, null br i1 %173, label %191, label %174 %192 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %6, i64 0, i32 7 %193 = load %struct.inode_operations.150835*, %struct.inode_operations.150835** %192, align 8 %194 = getelementptr inbounds %struct.inode_operations.150835, %struct.inode_operations.150835* %193, i64 0, i32 13 %195 = bitcast {}** %194 to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %196 = load i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*, i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)** %195, align 8 %197 = icmp eq i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)* %196, null br i1 %197, label %200, label %198 %201 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.dentry.153949*, %struct.iattr.153937*)* @simple_setattr to i32 (%struct.user_namespace*, %struct.dentry.150830*, %struct.iattr.150951*)*)(%struct.user_namespace* %0, %struct.dentry.150830* %1, %struct.iattr.150951* %2) #78 br label %202 %203 = phi i32 [ %199, %198 ], [ %201, %200 ] %204 = icmp eq i32 %203, 0 br i1 %204, label %205, label %261 %206 = shl i32 %139, 1 %207 = and i32 %206, 4 %208 = select i1 %152, i32 %207, i32 4 %209 = or i32 %208, 2 %210 = lshr i32 %139, 2 %211 = and i32 %210, 2 %212 = or i32 %208, %211 %213 = and i32 %139, 48 %214 = icmp eq i32 %213, 48 br i1 %214, label %215, label %217 %218 = and i32 %139, 16 %219 = icmp eq i32 %218, 0 br i1 %219, label %222, label %220 %223 = and i32 %139, 32 %224 = icmp eq i32 %223, 0 %225 = select i1 %224, i32 %212, i32 %209 br label %226 %227 = phi i32 [ %216, %215 ], [ %221, %220 ], [ %225, %222 ] %228 = shl i32 %139, 2 %229 = and i32 %228, 4 %230 = or i32 %227, %229 %231 = icmp eq i32 %230, 0 br i1 %231, label %261, label %232 %233 = load %struct.inode.150840*, %struct.inode.150840** %5, align 8 %234 = bitcast %struct.inode.150840* %233 to i8* %235 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %233, i64 0, i32 8 %236 = load %struct.super_block.150826*, %struct.super_block.150826** %235, align 8 %237 = getelementptr inbounds %struct.super_block.150826, %struct.super_block.150826* %236, i64 0, i32 44, i32 0 %238 = load volatile i64, i64* %237, align 8 %239 = icmp eq i64 %238, 0 br i1 %239, label %261, label %240 %241 = getelementptr inbounds %struct.inode.150840, %struct.inode.150840* %233, i64 0, i32 0 %242 = load i16, i16* %241, align 8 %243 = and i16 %242, -4096 %244 = icmp eq i16 %243, 16384 br i1 %244, label %245, label %251 %246 = or i32 %230, 1073741824 %247 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 16384 %250 = icmp eq i32 %249, 0 br i1 %250, label %258, label %251 %252 = phi i32 [ %246, %245 ], [ %230, %240 ] %253 = getelementptr inbounds %struct.dentry.150830, %struct.dentry.150830* %1, i64 0, i32 3 %254 = load %struct.dentry.150830*, %struct.dentry.150830** %253, align 8 %255 = icmp eq %struct.dentry.150830* %254, %1 br i1 %255, label %258, label %256 %257 = tail call i32 bitcast (i32 (%struct.dentry.161957*, i32, i8*, i32)* @__fsnotify_parent to i32 (%struct.dentry.150830*, i32, i8*, i32)*)(%struct.dentry.150830* %1, i32 %252, i8* %234, i32 2) #78 Function:__fsnotify_parent %5 = alloca %struct.name_snapshot, align 8 %6 = icmp ne i32 %3, 1 %7 = icmp eq i8* %2, null %8 = or i1 %7, %6 br i1 %8, label %14, label %9 %15 = phi %struct.mount.161782* [ %13, %9 ], [ null, %4 ] %16 = getelementptr inbounds %struct.dentry.161957, %struct.dentry.161957* %0, i64 0, i32 5 %17 = load %struct.inode.161968*, %struct.inode.161968** %16, align 8 %18 = getelementptr inbounds %struct.dentry.161957, %struct.dentry.161957* %0, i64 0, i32 0 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 16384 %21 = icmp eq i32 %20, 0 %22 = bitcast %struct.name_snapshot* %5 to i8* %23 = getelementptr inbounds %struct.inode.161968, %struct.inode.161968* %17, i64 0, i32 46 %24 = load %struct.fsnotify_mark_connector*, %struct.fsnotify_mark_connector** %23, align 8 %25 = icmp eq %struct.fsnotify_mark_connector* %24, null br i1 %25, label %26, label %41 %27 = getelementptr inbounds %struct.inode.161968, %struct.inode.161968* %17, i64 0, i32 8 %28 = load %struct.super_block.161952*, %struct.super_block.161952** %27, align 8 %29 = getelementptr inbounds %struct.super_block.161952, %struct.super_block.161952* %28, i64 0, i32 33 %30 = load %struct.fsnotify_mark_connector*, %struct.fsnotify_mark_connector** %29, align 8 %31 = icmp eq %struct.fsnotify_mark_connector* %30, null br i1 %31, label %32, label %41 %33 = icmp eq %struct.mount.161782* %15, null br i1 %33, label %40, label %34 %35 = getelementptr inbounds %struct.mount.161782, %struct.mount.161782* %15, i64 0, i32 20 %36 = load %struct.fsnotify_mark_connector*, %struct.fsnotify_mark_connector** %35, align 8 %37 = icmp ne %struct.fsnotify_mark_connector* %36, null %38 = xor i1 %21, true %39 = or i1 %37, %38 br i1 %39, label %41, label %120 %42 = and i32 %1, 1073741824 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %73 %74 = phi i1 [ %72, %69 ], [ false, %41 ] %75 = xor i1 %21, true %76 = or i1 %74, %75 br i1 %76, label %77, label %108 %109 = phi %struct.dentry.161957* [ %78, %90 ], [ null, %73 ] %110 = phi %struct.inode.161968* [ %80, %90 ], [ null, %73 ] %111 = tail call i32 @fsnotify(i32 %1, i8* %2, i32 %3, %struct.inode.161968* %110, %struct.qstr* null, %struct.inode.161968* %17, i32 0) #79 ------------- Good: 385 Bad: 2 Ignored: 348 Check Use of Function:acpi_bus_trim Check Use of Function:ata_acpi_dev_notify_dock Check Use of Function:pci_free_irq_vectors Check Use of Function:ata_acpi_ap_notify_dock Check Use of Function:acpi_unlock_hp_context Check Use of Function:shmem_file_read_iter Check Use of Function:backlight_force_update Check Use of Function:acpi_notifier_call_chain Check Use of Function:driver_unregister Check Use of Function:acpi_processor_throttling_init Check Use of Function:compat_table_info.68293 Check Use of Function:acpi_ns_attach_object Check Use of Function:__tcf_get_next_proto Check Use of Function:ext4_quota_off Check Use of Function:vm_stat_account Check Use of Function:may_expand_vm Check Use of Function:tcf_chain_flush Check Use of Function:rt_cache_flush Check Use of Function:inet_netconf_notify_devconf Check Use of Function:xt_copy_counters Check Use of Function:jbd2_journal_destroy Check Use of Function:translate_table Check Use of Function:unregister_inetaddr_notifier Check Use of Function:xt_compat_check_entry_offsets Check Use of Function:xt_request_find_match Check Use of Function:_ieee80211_start_next_roc Check Use of Function:xt_compat_target_offset Check Use of Function:xt_compat_target_from_user Check Use of Function:is_vmalloc_addr Use: =BAD PATH= Call Stack: 0 netlink_deliver_tap 1 netlink_sendskb 2 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #78 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #78 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #78 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 48 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #78 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 keyctl_instantiate_key_common 2 keyctl_instantiate_key 3 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = trunc i64 %8 to i32 %19 = trunc i64 %11 to i32 %20 = trunc i64 %14 to i32 switch i32 %16, label %101 [ i32 0, label %21 i32 1, label %23 i32 2, label %26 i32 3, label %29 i32 6, label %31 i32 7, label %34 i32 8, label %36 i32 9, label %38 i32 10, label %40 i32 11, label %44 i32 4, label %47 i32 5, label %49 i32 12, label %51 i32 13, label %54 i32 14, label %56 i32 15, label %58 i32 16, label %60 i32 17, label %62 i32 18, label %65 i32 19, label %67 i32 20, label %69 i32 21, label %72 i32 31, label %98 i32 30, label %96 i32 29, label %74 i32 24, label %78 i32 25, label %84 i32 26, label %84 i32 27, label %84 i32 28, label %90 ] %52 = inttoptr i64 %9 to i8* %53 = tail call i64 @keyctl_instantiate_key(i32 %17, i8* %52, i64 %12, i32 %20) #78 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %22 = tail call fastcc i64 @keyctl_instantiate_key_common(i32 %0, %struct.iov_iter* null, i32 %3) #79 Function:keyctl_instantiate_key_common %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.269667** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.269667**)) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct.269667* %6 = getelementptr inbounds %struct.task_struct.269667, %struct.task_struct.269667* %5, i64 0, i32 85 %7 = load %struct.cred.269368*, %struct.cred.269368** %6, align 64 %8 = icmp eq %struct.iov_iter* %1, null br i1 %8, label %15, label %9 %16 = phi %struct.iov_iter* [ %1, %13 ], [ null, %9 ], [ null, %3 ] %17 = phi i64 [ %11, %13 ], [ 0, %9 ], [ 0, %3 ] %18 = getelementptr inbounds %struct.cred.269368, %struct.cred.269368* %7, i64 0, i32 19 %19 = load %struct.key.269343*, %struct.key.269343** %18, align 8 %20 = icmp eq %struct.key.269343* %19, null br i1 %20, label %88, label %21 %22 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %19, i64 0, i32 16, i32 0, i32 0, i64 0 %23 = bitcast i8** %22 to %struct.request_key_auth.269670** %24 = load %struct.request_key_auth.269670*, %struct.request_key_auth.269670** %23, align 8 %25 = getelementptr inbounds %struct.request_key_auth.269670, %struct.request_key_auth.269670* %24, i64 0, i32 1 %26 = load %struct.key.269343*, %struct.key.269343** %25, align 8 %27 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %26, i64 0, i32 1 %28 = load i32, i32* %27, align 4 %29 = icmp eq i32 %28, %0 br i1 %29, label %30, label %88 %31 = icmp eq %struct.iov_iter* %16, null br i1 %31, label %39, label %32 %33 = tail call i8* @kvmalloc_node(i64 %17, i32 3264, i32 -1) #78 %34 = icmp eq i8* %33, null br i1 %34, label %88, label %35 %36 = tail call i64 @_copy_from_iter(i8* nonnull %33, i64 %17, %struct.iov_iter* nonnull %16) #78 %37 = icmp eq i64 %36, %17 br i1 %37, label %39, label %38, !prof !5, !misexpect !6 %40 = phi i8* [ null, %30 ], [ %33, %35 ] %41 = icmp eq i32 %2, 0 br i1 %41, label %72, label %42 %43 = icmp sgt i32 %2, 0 br i1 %43, label %44, label %51 %52 = icmp eq i32 %2, -7 br i1 %52, label %85, label %53 %54 = icmp sgt i32 %2, -9 br i1 %54, label %55, label %85 %86 = phi i8* [ %40, %70 ], [ %40, %72 ], [ %33, %38 ], [ %40, %78 ], [ %40, %81 ], [ %40, %51 ], [ %40, %53 ] %87 = phi i64 [ %47, %70 ], [ %76, %72 ], [ -14, %38 ], [ 0, %78 ], [ 0, %81 ], [ -22, %51 ], [ -126, %53 ] tail call void @kvfree_sensitive(i8* %86, i64 %17) #78 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 __se_sys_add_key 2 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 %53 = icmp ugt %struct.__key_reference_with_attributes* %52, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %53, label %54, label %56 %57 = call %struct.__key_reference_with_attributes* @key_create_or_update(%struct.__key_reference_with_attributes* %52, i8* nonnull %10, i8* %42, i8* %51, i64 %3, i32 -1, i64 0) #78 %58 = icmp ugt %struct.__key_reference_with_attributes* %57, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) %59 = ptrtoint %struct.__key_reference_with_attributes* %57 to i64 br i1 %58, label %66, label %60 %61 = and i64 %59, -2 %62 = inttoptr i64 %61 to %struct.key.269343* %63 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %62, i64 0, i32 1 %64 = load i32, i32* %63, align 4 %65 = sext i32 %64 to i64 call void bitcast (void (%struct.key.241476*)* @key_put to void (%struct.key.269343*)*)(%struct.key.269343* %62) #78 br label %66 %67 = phi i64 [ %65, %60 ], [ %59, %56 ] %68 = ptrtoint %struct.__key_reference_with_attributes* %52 to i64 %69 = and i64 %68, -2 %70 = inttoptr i64 %69 to %struct.key.269343* call void bitcast (void (%struct.key.241476*)* @key_put to void (%struct.key.269343*)*)(%struct.key.269343* %70) #78 br label %71 %72 = phi i8* [ %45, %47 ], [ %51, %54 ], [ %51, %66 ] %73 = phi i64 [ -14, %47 ], [ %55, %54 ], [ %67, %66 ] call void @kvfree_sensitive(i8* %72, i64 %3) #78 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 kvfree_sensitive 1 __se_sys_add_key 2 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #78 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #78 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #78 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.24366, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #78 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #78 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 3) #78 %53 = icmp ugt %struct.__key_reference_with_attributes* %52, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) br i1 %53, label %54, label %56 %57 = call %struct.__key_reference_with_attributes* @key_create_or_update(%struct.__key_reference_with_attributes* %52, i8* nonnull %10, i8* %42, i8* %51, i64 %3, i32 -1, i64 0) #78 %58 = icmp ugt %struct.__key_reference_with_attributes* %57, inttoptr (i64 -4096 to %struct.__key_reference_with_attributes*) %59 = ptrtoint %struct.__key_reference_with_attributes* %57 to i64 br i1 %58, label %66, label %60 %61 = and i64 %59, -2 %62 = inttoptr i64 %61 to %struct.key.269343* %63 = getelementptr inbounds %struct.key.269343, %struct.key.269343* %62, i64 0, i32 1 %64 = load i32, i32* %63, align 4 %65 = sext i32 %64 to i64 call void bitcast (void (%struct.key.241476*)* @key_put to void (%struct.key.269343*)*)(%struct.key.269343* %62) #78 br label %66 %67 = phi i64 [ %65, %60 ], [ %59, %56 ] %68 = ptrtoint %struct.__key_reference_with_attributes* %52 to i64 %69 = and i64 %68, -2 %70 = inttoptr i64 %69 to %struct.key.269343* call void bitcast (void (%struct.key.241476*)* @key_put to void (%struct.key.269343*)*)(%struct.key.269343* %70) #78 br label %71 %72 = phi i8* [ %45, %47 ], [ %51, %54 ], [ %51, %66 ] %73 = phi i64 [ -14, %47 ], [ %55, %54 ], [ %67, %66 ] call void @kvfree_sensitive(i8* %72, i64 %3) #78 Function:kvfree_sensitive %3 = icmp ult i8* %0, inttoptr (i64 17 to i8*) br i1 %3, label %8, label %4, !prof !4, !misexpect !5 tail call void asm sideeffect "", "r,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %0) #6, !srcloc !6 %5 = tail call zeroext i1 @is_vmalloc_addr(i8* %0) #78 ------------- Good: 422 Bad: 5 Ignored: 341 Check Use of Function:sr_block_ioctl Check Use of Function:netlink_ack Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff* %0, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #78 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #78 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #79 ------------- Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 bitcast (i32 (%struct.sk_buff*, i32 (%struct.sk_buff*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)* @netlink_rcv_skb to i32 (%struct.sk_buff.756266*, i32 (%struct.sk_buff.756266*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)*)(%struct.sk_buff.756266* %0, i32 (%struct.sk_buff.756266*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #78 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #78 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #79 ------------- Good: 16 Bad: 2 Ignored: 7 Check Use of Function:inet6_addr_add Check Use of Function:local_bh_enable.67999 Use: =BAD PATH= Call Stack: 0 ip6fl_seq_stop ------------- Path:  Function:ip6fl_seq_stop tail call fastcc void @local_bh_enable.67999() #78 ------------- Use: =BAD PATH= Call Stack: 0 local_bh_enable.67999 1 ip6fl_seq_stop ------------- Path:  Function:ip6fl_seq_stop tail call fastcc void @local_bh_enable.67999() #78 Function:local_bh_enable.67999 br label %1 tail call void @__local_bh_enable_ip(i64 ptrtoint (i8* blockaddress(@local_bh_enable.67999, %1) to i64), i32 512) #78 ------------- Good: 32 Bad: 2 Ignored: 96 Check Use of Function:filp_open Check Use of Function:__icmp_send Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %63) #78 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.837070*, %struct.net_device.837070** %78, align 8 %80 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %79, i64 0, i32 109, i32 0 %81 = load %struct.net.836644*, %struct.net.836644** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.836644* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.836958* %0, i32* null) #78 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void @rcu_read_unlock_strict() #78 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void @__icmp_send(%struct.sk_buff.836958* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #78 ------------- Good: 52 Bad: 1 Ignored: 186 Check Use of Function:inc_rlimit_ucounts Check Use of Function:ip_options_rcv_srr Check all other indirect call sites Check callee group: ata_acpi_dev_notify_dock ata_acpi_ap_notify_dock Check callee group: ata_acpi_dev_notify_dock ata_acpi_ap_notify_dock Check callee group: ata_acpi_dev_notify_dock ata_acpi_ap_notify_dock Check callee group: drm_atomic_helper_set_config Check callee group: drm_atomic_helper_page_flip Check callee group: i915_driver_release Use: =BAD PATH= Call Stack: 0 drm_minor_acquire 1 drm_open ------------- Path:  Function:drm_open %3 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 13 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 1048575 %6 = tail call %struct.drm_minor* @drm_minor_acquire(i32 %5) #78 Function:drm_minor_acquire %2 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @drm_minor_lock, i64 0, i32 0, i32 0)) #78 %3 = zext i32 %0 to i64 %4 = tail call i8* @idr_find(%struct.idr* nonnull @drm_minors_idr, i64 %3) #78 %5 = icmp eq i8* %4, null br i1 %5, label %35, label %6 %7 = getelementptr inbounds i8, i8* %4, i64 16 %8 = bitcast i8* %7 to %struct.drm_device.382396** %9 = load %struct.drm_device.382396*, %struct.drm_device.382396** %8, align 8 %10 = icmp eq %struct.drm_device.382396* %9, null br i1 %10, label %23, label %11 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @drm_minor_lock, i64 0, i32 0, i32 0), i64 %2) #78 %24 = load %struct.drm_device.382396*, %struct.drm_device.382396** %8, align 8 %25 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* nonnull @drm_unplug_srcu) #78 %26 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %24, i64 0, i32 11 %27 = load i8, i8* %26, align 4, !range !8 %28 = icmp eq i8 %27, 0 %29 = icmp ugt i32 %25, 1 br i1 %28, label %32, label %30 br i1 %29, label %31, label %36, !prof !5, !misexpect !6 tail call void @__srcu_read_unlock(%struct.srcu_struct* nonnull @drm_unplug_srcu, i32 %25) #78 %37 = load %struct.drm_device.382396*, %struct.drm_device.382396** %8, align 8 %38 = icmp eq %struct.drm_device.382396* %37, null br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %37, i64 0, i32 1 %41 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0 %42 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %40, i64 0, i32 0, i32 0, i32 0 %43 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32 -1, i32* %42) #6, !srcloc !10 %44 = icmp eq i32 %43, 1 br i1 %44, label %50, label %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %51 = getelementptr %struct.qspinlock, %struct.qspinlock* %40, i64 -1 %52 = bitcast %struct.qspinlock* %51 to %struct.drm_device.382396* %53 = getelementptr %struct.qspinlock, %struct.qspinlock* %40, i64 11 %54 = bitcast %struct.qspinlock* %53 to %struct.drm_driver** %55 = load %struct.drm_driver*, %struct.drm_driver** %54, align 8 %56 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %55, i64 0, i32 5 %57 = load void (%struct.drm_device.382396*)*, void (%struct.drm_device.382396*)** %56, align 8 %58 = icmp eq void (%struct.drm_device.382396*)* %57, null br i1 %58, label %60, label %59 tail call void %57(%struct.drm_device.382396* %52) #78 ------------- Check callee group: i915_driver_release Check callee group: i915_driver_release Check callee group: i915_driver_release Check callee group: i915_driver_release Check callee group: i915_driver_release Check callee group: drm_gem_fb_create_handle intel_user_framebuffer_create_handle Check callee group: drm_gem_fb_create_handle intel_user_framebuffer_create_handle Check callee group: ipip6_dellink Check callee group: ipip6_dellink Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: ipip6_dellink Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_driver_release Use: =BAD PATH= Call Stack: 0 drm_dev_put 1 singleton_release ------------- Path:  Function:singleton_release %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.drm_i915_private.449467** %5 = load %struct.drm_i915_private.449467*, %struct.drm_i915_private.449467** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %5, i64 0, i32 103, i32 1 %7 = bitcast %struct.file** %6 to i64* %8 = tail call %struct.file* asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %7, %struct.file* null, %struct.file* %1, i64* %7) #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_private.449467, %struct.drm_i915_private.449467* %5, i64 0, i32 0 tail call void @drm_dev_put(%struct.drm_device.382396* %9) #78 Function:drm_dev_put %2 = icmp eq %struct.drm_device.382396* %0, null br i1 %2, label %28, label %3 %4 = getelementptr inbounds %struct.drm_device.382396, %struct.drm_device.382396* %0, i64 0, i32 1 %5 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0 %6 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %4, i64 0, i32 0, i32 0, i32 0 %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %15 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 -1 %16 = bitcast %struct.qspinlock* %15 to %struct.drm_device.382396* %17 = getelementptr %struct.qspinlock, %struct.qspinlock* %4, i64 11 %18 = bitcast %struct.qspinlock* %17 to %struct.drm_driver** %19 = load %struct.drm_driver*, %struct.drm_driver** %18, align 8 %20 = getelementptr inbounds %struct.drm_driver, %struct.drm_driver* %19, i64 0, i32 5 %21 = load void (%struct.drm_device.382396*)*, void (%struct.drm_device.382396*)** %20, align 8 %22 = icmp eq void (%struct.drm_device.382396*)* %21, null br i1 %22, label %24, label %23 tail call void %21(%struct.drm_device.382396* %16) #78 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mq_walk Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_connector_free drm_property_free_blob drm_framebuffer_free Check callee group: serial8250_request_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: timens_install pidns_install cgroupns_install netns_install ipcns_install utsns_install mntns_install Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: intel_legacy_cursor_update drm_atomic_helper_update_plane drm_primary_helper_update Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: x86_pmu_aux_output_match Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: ext4_quota_off Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_pm Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: intel_legacy_cursor_update drm_atomic_helper_update_plane drm_primary_helper_update Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: proc_sys_read read_iter_null generic_file_read_iter shmem_file_read_iter blkdev_read_iter random_read_iter kernfs_fop_read_iter eventfd_read ext4_file_read_iter urandom_read_iter sock_read_iter proc_reg_read_iter pipe_read tty_read read_iter_zero hugetlbfs_read_iter seq_read_iter hung_up_tty_read nfs_file_read Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: ipip6_dellink Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: timens_install pidns_install cgroupns_install netns_install ipcns_install utsns_install mntns_install Check callee group: xhci_run Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: ipip6_dellink Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: aio_complete_rw Check callee group: mdio_ctrl_hw Check callee group: device_reset Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: ipip6_dellink Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_get_mctrl Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: nfs4_have_delegation Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: timens_install pidns_install cgroupns_install netns_install ipcns_install utsns_install mntns_install Check callee group: device_reset Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs_umount_begin Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_pm Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_walk Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: bad_inode_lookup autofs_lookup vfat_lookup ext4_lookup proc_map_files_lookup proc_tid_base_lookup proc_lookupfd nfs_lookup proc_attr_dir_lookup isofs_lookup proc_task_lookup proc_sys_lookup proc_tgid_base_lookup msdos_lookup proc_lookupfdinfo kernfs_iop_lookup proc_tgid_net_lookup proc_root_lookup proc_lookup empty_dir_lookup simple_lookup proc_ns_dir_lookup Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: proc_sys_read read_iter_null generic_file_read_iter shmem_file_read_iter blkdev_read_iter random_read_iter kernfs_fop_read_iter eventfd_read ext4_file_read_iter urandom_read_iter sock_read_iter proc_reg_read_iter pipe_read tty_read read_iter_zero hugetlbfs_read_iter seq_read_iter hung_up_tty_read nfs_file_read Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: aio_complete_rw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mq_walk Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 %123 = icmp eq i32 %122, 0 %124 = and i64 %110, 17922 %125 = select i1 %123, i64 %110, i64 %124 %126 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %127 = bitcast %struct.seqcount_spinlock* %126 to i64* %128 = load i64, i64* %127, align 8 %129 = or i64 %125, %128 store i64 %129, i64* %127, align 8 %130 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %131 = load %struct.address_space.216900*, %struct.address_space.216900** %130, align 8 %132 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %131, i64 0, i32 7 %133 = load i64, i64* %132, align 8 %134 = icmp eq i64 %133, 0 br i1 %134, label %138, label %135 %136 = and i64 %129, 2 %137 = icmp eq i64 %136, 0 br i1 %137, label %141, label %138 %139 = phi i64 [ -8195, %104 ], [ -8193, %135 ] %140 = and i64 %129, %139 store i64 %140, i64* %127, align 8 br label %141 %142 = load i32, i32* %105, align 8 %143 = and i32 %142, 162943 %144 = icmp eq i32 %143, 0 br i1 %144, label %147, label %145 %146 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #78 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %67 [label %53], !srcloc !4 %68 = icmp sgt i32 %52, 0 br i1 %68, label %98, label %69 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %71 = bitcast %struct.seqcount_spinlock* %70 to i64* %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %74 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %75 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.217027** %77 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 26 %79 = load i32, i32* %78, align 8 %80 = icmp eq i32 %79, 4 %81 = and i64 %72, 256 %82 = icmp ne i64 %81, 0 %83 = or i1 %82, %80 %84 = and i64 %72, 89604 %85 = icmp eq i64 %84, 0 %86 = or i1 %85, %83 br i1 %86, label %100, label %87 %88 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %89 = load i32, i32* %88, align 8 %90 = and i32 %89, 131072 %91 = icmp eq i32 %90, 0 br i1 %91, label %100, label %92 %93 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = icmp eq i64 %94, %96 br i1 %97, label %98, label %100 %99 = tail call fastcc i32 @nfs_update_inode(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #79 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %4 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %5 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217027** %7 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %6, align 16 %8 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 106 %14 = bitcast %struct.seqcount_spinlock* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %28 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = bitcast %struct.seqcount_spinlock* %8 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217027* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.216899* %0, i32 1) #79 %118 = icmp eq i32 %117, 0 %119 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 19 %120 = load i64, i64* %119, align 8 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 40 %122 = bitcast %struct.seqcount_spinlock* %121 to i64* store i64 %120, i64* %122, align 8 %123 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 38 %124 = bitcast %struct.seqcount_spinlock* %123 to i64* %125 = load i64, i64* %124, align 8 %126 = and i64 %125, -220997 store i64 %126, i64* %124, align 8 %127 = load i32, i32* %36, align 8 %128 = and i32 %127, 393216 %129 = icmp eq i32 %128, 393216 br i1 %129, label %130, label %191 %131 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 15 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %134 = load volatile i64, i64* %133, align 8 %135 = icmp eq i64 %134, %132 br i1 %135, label %136, label %191 %137 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %138 = load i64, i64* %137, align 8 store volatile i64 %138, i64* %133, align 8 %139 = load i16, i16* %78, align 8 %140 = and i16 %139, -4096 %141 = icmp eq i16 %140, 16384 %142 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %143 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %142, i64 0, i32 28 %144 = bitcast i8** %143 to %struct.nfs_server.217027** %145 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %144, align 16 br i1 %141, label %146, label %165 %166 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %145, i64 0, i32 10 %167 = load i32, i32* %166, align 8 %168 = and i32 %167, 268435456 %169 = icmp eq i32 %168, 0 br i1 %169, label %191, label %170 %171 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %145, i64 0, i32 0 %172 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %171, align 8 %173 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %172, i64 0, i32 12 %174 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %173, align 8 %175 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %174, i64 0, i32 47 %176 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %175, align 8 %177 = tail call i32 %176(%struct.inode.216899* %0, i32 1) #79 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: kernfs_fop_write_iter ext4_file_write_iter pipe_write hung_up_tty_write nfs_file_write blkdev_write_iter random_write_iter devkmsg_write sock_write_iter tty_write write_iter_null proc_sys_write generic_file_write_iter redirected_tty_write Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: autofs_dev_ioctl_compat rtc_dev_compat_ioctl fat_compat_dir_ioctl proc_reg_compat_ioctl hung_up_tty_compat_ioctl ext4_compat_ioctl snd_ctl_ioctl_compat loop_control_ioctl compat_ptr_ioctl dm_compat_ctl_ioctl i915_ioc32_compat_ioctl inotify_ioctl snd_disconnect_ioctl posix_clock_compat_ioctl autofs_root_compat_ioctl evdev_ioctl_compat seccomp_notify_ioctl compat_sock_ioctl snapshot_compat_ioctl hpet_compat_ioctl snd_seq_ioctl_compat pps_cdev_compat_ioctl snd_hwdep_ioctl_compat msr_ioctl snd_timer_user_ioctl_compat perf_compat_ioctl compat_blkdev_ioctl usblp_ioctl mon_bin_compat_ioctl i915_perf_ioctl tty_compat_ioctl Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: mdio_ctrl_hw Check callee group: fifo_init fifo_hd_init Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_post_op_update_inode_force_wcc_locked 1 nfs_writeback_update_inode 2 nfs4_write_done_cb 3 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: sock_wfree Check callee group: proc_sys_read read_iter_null generic_file_read_iter shmem_file_read_iter blkdev_read_iter random_read_iter kernfs_fop_read_iter eventfd_read ext4_file_read_iter urandom_read_iter sock_read_iter proc_reg_read_iter pipe_read tty_read read_iter_zero hugetlbfs_read_iter seq_read_iter hung_up_tty_read nfs_file_read Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_connector_free drm_property_free_blob drm_framebuffer_free Check callee group: serial8250_get_mctrl Check callee group: serial8250_pm Check callee group: mdio_ctrl_hw Check callee group: serial8250_pm Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: aio_complete_rw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: kernfs_fop_write_iter ext4_file_write_iter pipe_write hung_up_tty_write nfs_file_write blkdev_write_iter random_write_iter devkmsg_write sock_write_iter tty_write write_iter_null proc_sys_write generic_file_write_iter redirected_tty_write Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: seq_read_iter Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %16 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %17 = load %struct.proc_ops.78702*, %struct.proc_ops.78702** %16, align 8 %18 = getelementptr inbounds %struct.proc_ops.78702, %struct.proc_ops.78702* %17, i64 0, i32 3 %19 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %18, align 8 %20 = tail call i64 %19(%struct.kiocb* %0, %struct.iov_iter* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %16 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %17 = load %struct.proc_ops.78702*, %struct.proc_ops.78702** %16, align 8 %18 = getelementptr inbounds %struct.proc_ops.78702, %struct.proc_ops.78702* %17, i64 0, i32 3 %19 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %18, align 8 %20 = tail call i64 %19(%struct.kiocb* %0, %struct.iov_iter* %1) #78 ------------- Check callee group: tcp_abort udp_abort raw_abort Check callee group: tg3_read_indirect_reg32 Check callee group: aio_complete_rw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: proc_sys_read read_iter_null generic_file_read_iter shmem_file_read_iter blkdev_read_iter random_read_iter kernfs_fop_read_iter eventfd_read ext4_file_read_iter urandom_read_iter sock_read_iter proc_reg_read_iter pipe_read tty_read read_iter_zero hugetlbfs_read_iter seq_read_iter hung_up_tty_read nfs_file_read Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_release_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: serial8250_release_port Check callee group: i915_driver_lastclose Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_get_mctrl Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_get_mctrl Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mq_leaf Check callee group: tg3_read_indirect_reg32 Check callee group: timens_install pidns_install cgroupns_install netns_install ipcns_install utsns_install mntns_install Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: kernfs_fop_write_iter ext4_file_write_iter pipe_write hung_up_tty_write nfs_file_write blkdev_write_iter random_write_iter devkmsg_write sock_write_iter tty_write write_iter_null proc_sys_write generic_file_write_iter redirected_tty_write Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_pm Check callee group: timens_install pidns_install cgroupns_install netns_install ipcns_install utsns_install mntns_install Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_pm Check callee group: drm_atomic_helper_dirtyfb intel_user_framebuffer_dirty Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: proc_sys_read read_iter_null generic_file_read_iter shmem_file_read_iter blkdev_read_iter random_read_iter kernfs_fop_read_iter eventfd_read ext4_file_read_iter urandom_read_iter sock_read_iter proc_reg_read_iter pipe_read tty_read read_iter_zero hugetlbfs_read_iter seq_read_iter hung_up_tty_read nfs_file_read Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read 1 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %10 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %10, i64 0, i32 21 %12 = load i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*, i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.273619*, i64*, %struct.pipe_inode_info.273524*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.155109*, i64*, %struct.pipe_inode_info.155195*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.273585*, i64*, %struct.pipe_inode_info.273524*, i64, i32)*)(%struct.file.273585* %0, i64* %1, %struct.pipe_inode_info.273524* %2, i64 %3, i32 %4) #78 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.154743, align 8 %8 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 0 %9 = bitcast %struct.kiocb.154743* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.155195*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.155195* %2, i64 %3) #78 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 6 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 6 %16 = and i32 %15, 16 %17 = shl i32 %14, 3 %18 = and i32 %17, 131072 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 18 %24 = load %struct.address_space.155188*, %struct.address_space.155188** %23, align 8 %25 = getelementptr inbounds %struct.address_space.155188, %struct.address_space.155188* %24, i64 0, i32 0 %26 = load %struct.inode.155181*, %struct.inode.155181** %25, align 8 %27 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 8 %28 = load %struct.super_block.155164*, %struct.super_block.155164** %27, align 8 %29 = getelementptr inbounds %struct.super_block.155164, %struct.super_block.155164* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 2 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 2 %47 = load %struct.inode.155181*, %struct.inode.155181** %46, align 8 %48 = getelementptr inbounds %struct.inode.155181, %struct.inode.155181* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.155088** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.155088**)) #11, !srcloc !4 %54 = inttoptr i64 %53 to %struct.task_struct.155088* %55 = getelementptr inbounds %struct.task_struct.155088, %struct.task_struct.155088* %54, i64 0, i32 123 %56 = load %struct.io_context.154956*, %struct.io_context.154956** %55, align 8 %57 = icmp eq %struct.io_context.154956* %56, null br i1 %57, label %61, label %58 %62 = phi i16 [ %60, %58 ], [ 0, %51 ] %63 = icmp ult i32 %52, 65536 %64 = select i1 %63, i32 %52, i32 65536 %65 = trunc i32 %64 to i16 %66 = lshr i32 %14, 18 %67 = and i32 %66, 4 %68 = or i32 %41, %67 %69 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 0 store %struct.file.155109* %0, %struct.file.155109** %69, align 8 %70 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 1 %71 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 4 %72 = getelementptr inbounds i64, i64* %70, i64 1 %73 = bitcast i64* %72 to i8* store i32 %68, i32* %71, align 8 %74 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 5 store i16 %65, i16* %74, align 4 %75 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 6 store i16 %62, i16* %75, align 2 %76 = getelementptr inbounds %struct.kiocb.154743, %struct.kiocb.154743* %7, i64 0, i32 7, i32 0 store %struct.wait_page_queue.154741* null, %struct.wait_page_queue.154741** %76, align 8 %77 = load i64, i64* %1, align 8 store i64 %77, i64* %70, align 8 %78 = getelementptr inbounds %struct.file.155109, %struct.file.155109* %0, i64 0, i32 3 %79 = load %struct.file_operations.155106*, %struct.file_operations.155106** %78, align 8 %80 = getelementptr inbounds %struct.file_operations.155106, %struct.file_operations.155106* %79, i64 0, i32 4 %81 = load i64 (%struct.kiocb.154743*, %struct.iov_iter*)*, i64 (%struct.kiocb.154743*, %struct.iov_iter*)** %80, align 8 %82 = call i64 %81(%struct.kiocb.154743* nonnull %7, %struct.iov_iter* nonnull %6) #78 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: proc_sys_read read_iter_null generic_file_read_iter shmem_file_read_iter blkdev_read_iter random_read_iter kernfs_fop_read_iter eventfd_read ext4_file_read_iter urandom_read_iter sock_read_iter proc_reg_read_iter pipe_read tty_read read_iter_zero hugetlbfs_read_iter seq_read_iter hung_up_tty_read nfs_file_read Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: timens_install pidns_install cgroupns_install netns_install ipcns_install utsns_install mntns_install Check callee group: proc_sys_read read_iter_null generic_file_read_iter shmem_file_read_iter blkdev_read_iter random_read_iter kernfs_fop_read_iter eventfd_read ext4_file_read_iter urandom_read_iter sock_read_iter proc_reg_read_iter pipe_read tty_read read_iter_zero hugetlbfs_read_iter seq_read_iter hung_up_tty_read nfs_file_read Check callee group: seq_read_iter Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %22 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 0, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp sgt i32 %23, -1 br i1 %24, label %25, label %46, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add nuw i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %35, !prof !7, !misexpect !5 %36 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %37 = load %struct.proc_ops.78702*, %struct.proc_ops.78702** %36, align 8 %38 = getelementptr inbounds %struct.proc_ops.78702, %struct.proc_ops.78702* %37, i64 0, i32 3 %39 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %38, align 8 %40 = tail call i64 %39(%struct.kiocb* %0, %struct.iov_iter* %1) #78 ------------- Use: =BAD PATH= Call Stack: 0 proc_reg_read_iter ------------- Path:  Function:proc_reg_read_iter %3 = getelementptr inbounds %struct.kiocb, %struct.kiocb* %0, i64 0, i32 0 %4 = load %struct.file*, %struct.file** %3, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %4, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 1, i32 1 %9 = bitcast %struct.list_head** %8 to %struct.proc_dir_entry** %10 = load %struct.proc_dir_entry*, %struct.proc_dir_entry** %9, align 8 %11 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 22 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %21, label %15 %22 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 0, i32 0 %23 = load volatile i32, i32* %22, align 4 %24 = icmp sgt i32 %23, -1 br i1 %24, label %25, label %46, !prof !4, !misexpect !5 %26 = phi i32 [ %33, %32 ], [ %23, %21 ] %27 = add nuw i32 %26, 1 %28 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32 %27, i32* %22, i32 %26) #6, !srcloc !6 %29 = extractvalue { i8, i32 } %28, 0 %30 = and i8 %29, 1 %31 = icmp eq i8 %30, 0 br i1 %31, label %32, label %35, !prof !7, !misexpect !5 %36 = getelementptr inbounds %struct.proc_dir_entry, %struct.proc_dir_entry* %10, i64 0, i32 6, i32 0 %37 = load %struct.proc_ops.78702*, %struct.proc_ops.78702** %36, align 8 %38 = getelementptr inbounds %struct.proc_ops.78702, %struct.proc_ops.78702* %37, i64 0, i32 3 %39 = load i64 (%struct.kiocb*, %struct.iov_iter*)*, i64 (%struct.kiocb*, %struct.iov_iter*)** %38, align 8 %40 = tail call i64 %39(%struct.kiocb* %0, %struct.iov_iter* %1) #78 ------------- Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: kernfs_fop_write_iter ext4_file_write_iter pipe_write hung_up_tty_write nfs_file_write blkdev_write_iter random_write_iter devkmsg_write sock_write_iter tty_write write_iter_null proc_sys_write generic_file_write_iter redirected_tty_write Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: aio_complete_rw Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: aio_complete_rw Check callee group: tg3_read_indirect_reg32 Check callee group: aio_complete_rw Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Use: =BAD PATH= Call Stack: 0 sock_queue_err_skb 1 __skb_tstamp_tx 2 __dev_queue_xmit 3 dev_queue_xmit 4 netlink_deliver_tap 5 netlink_sendskb 6 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr %struct.inode, %struct.inode* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #78 %8 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %9 = inttoptr i64 %8 to %struct.task_struct* %10 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %9, i64 0, i32 95 %11 = load %struct.signal_struct*, %struct.signal_struct** %10, align 32 %12 = getelementptr %struct.signal_struct, %struct.signal_struct* %11, i64 0, i32 21, i64 1 %13 = load %struct.pid*, %struct.pid** %12, align 8 %14 = getelementptr inbounds i8*, i8** %5, i64 98 %15 = bitcast i8** %14 to %struct.pid** %16 = load %struct.pid*, %struct.pid** %15, align 8 %17 = icmp eq %struct.pid* %13, %16 br i1 %17, label %18, label %41 %19 = icmp eq %struct.pid* %13, null br i1 %19, label %37, label %20 %21 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %22 = load i32, i32* %21, align 4 %23 = icmp eq i32 %22, 2 br i1 %23, label %24, label %37 %25 = getelementptr inbounds i8*, i8** %5, i64 103 %26 = bitcast i8** %25 to %struct.sk_buff** %27 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %28 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %27, i64 0, i32 41 %29 = load i8*, i8** %28, align 8 %30 = getelementptr i8, i8* %29, i64 31 store i8 2, i8* %30, align 1 %31 = getelementptr inbounds i8*, i8** %5, i64 102 %32 = bitcast i8** %31 to %struct.sock** %33 = load %struct.sock*, %struct.sock** %32, align 8 %34 = load %struct.sk_buff*, %struct.sk_buff** %26, align 8 %35 = tail call i32 @netlink_sendskb(%struct.sock* %33, %struct.sk_buff* %34) #78 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net*, %struct.net** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net* %6, %struct.sk_buff* %1) #78 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net, %struct.net* %0, i64 0, i32 38 %5 = load volatile %struct.net_generic*, %struct.net_generic** %4, align 64 %6 = bitcast %struct.net_generic* %5 to [0 x i8*]* %7 = zext i32 %3 to i64 %8 = getelementptr [0 x i8*], [0 x i8*]* %6, i64 0, i64 %7 %9 = load i8*, i8** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @rcu_read_unlock_strict() #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = bitcast i8* %9 to %struct.list_head* %11 = bitcast i8* %9 to %struct.list_head** %12 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %13 = icmp eq %struct.list_head* %12, %10 br i1 %13, label %111, label %14, !prof !6, !misexpect !7 %15 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 1, i32 0 %16 = load %struct.sock*, %struct.sock** %15, align 8 %17 = getelementptr inbounds %struct.sock, %struct.sock* %16, i64 0, i32 48 %18 = load i16, i16* %17, align 4 switch i16 %18, label %111 [ i16 0, label %19 i16 2, label %19 i16 4, label %19 i16 5, label %19 i16 6, label %19 i16 10, label %19 i16 12, label %19 i16 16, label %19 ] %20 = load volatile %struct.list_head*, %struct.list_head** %11, align 8 %21 = icmp eq %struct.list_head* %20, %10 br i1 %21, label %111, label %22 %23 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 40 %24 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 39 %25 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 12 %26 = bitcast i8* %25 to i32* %27 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 16 %28 = bitcast i8* %27 to i32* %29 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 3, i64 0 %30 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %1, i64 0, i32 41 br label %31 %32 = phi %struct.sock* [ %16, %22 ], [ %110, %109 ] %33 = phi %struct.list_head* [ %20, %22 ], [ %107, %109 ] %34 = getelementptr %struct.list_head, %struct.list_head* %33, i64 -1 %35 = bitcast %struct.list_head* %34 to %struct.net_device** %36 = load %struct.net_device*, %struct.net_device** %35, align 8 %37 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 109, i32 0 %38 = load %struct.net*, %struct.net** %37, align 8 %39 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 0, i32 9, i32 0 %40 = load %struct.net*, %struct.net** %39, align 8 %41 = icmp eq %struct.net* %38, %40 br i1 %41, label %42, label %105 %43 = icmp eq %struct.net_device* %36, null br i1 %43, label %47, label %44 %45 = getelementptr inbounds %struct.net_device, %struct.net_device* %36, i64 0, i32 101 %46 = load i32*, i32** %45, align 64 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %46, i32* %46) #6, !srcloc !8 br label %47 %48 = load i8*, i8** %23, align 8 %49 = tail call zeroext i1 @is_vmalloc_addr(i8* %48) #78 br i1 %49, label %50, label %65 %66 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff.756266*, i32)* @skb_clone to %struct.sk_buff* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 2592) #78 %67 = icmp eq %struct.sk_buff* %66, null br i1 %67, label %98, label %68 %69 = phi %struct.sk_buff* [ %52, %54 ], [ %66, %65 ] %70 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %36, %struct.net_device** %70, align 8 %71 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 0, i32 48 %72 = load i16, i16* %71, align 4 %74 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 33 store i16 %73, i16* %74, align 8 %75 = getelementptr inbounds %struct.sock, %struct.sock* %32, i64 1, i32 0, i32 2, i32 0 %76 = load i32, i32* %75, align 4 %77 = and i32 %76, 1 %78 = icmp eq i32 %77, 0 %79 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 16 %80 = select i1 %78, i16 6, i16 7 %81 = load i16, i16* %79, align 8 %82 = and i16 %81, -8 %83 = or i16 %80, %82 store i16 %83, i16* %79, align 8 %84 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 41 %85 = bitcast i8** %84 to i64* %86 = load i64, i64* %85, align 8 %87 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 40 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = sub i64 %86, %89 %91 = trunc i64 %90 to i16 %92 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %69, i64 0, i32 35 store i16 %91, i16* %92, align 4 %93 = tail call i32 bitcast (i32 (%struct.sk_buff.763154*)* @dev_queue_xmit to i32 (%struct.sk_buff*)*)(%struct.sk_buff* nonnull %69) #78 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.763154* %0, %struct.net_device.763141* null) #78 Function:__dev_queue_xmit %3 = alloca %struct.tcphdr, align 4 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %6 = load %struct.net_device.763141*, %struct.net_device.763141** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 41 %8 = bitcast i8** %7 to i64* %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 40 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = sub i64 %9, %12 %14 = trunc i64 %13 to i16 %15 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 36 store i16 %14, i16* %15, align 2 %16 = inttoptr i64 %12 to i8* %17 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 39 %18 = load i32, i32* %17, align 4 %19 = zext i32 %18 to i64 %20 = getelementptr i8, i8* %16, i64 %19 %21 = getelementptr inbounds i8, i8* %20, i64 3 %22 = load i8, i8* %21, align 1 %23 = and i8 %22, 64 %24 = icmp eq i8 %23, 0 br i1 %24, label %28, label %25, !prof !4, !misexpect !5 %26 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %0, i64 0, i32 1, i32 0 %27 = load %struct.sock.762871*, %struct.sock.762871** %26, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, %struct.sk_buff.756266*, %struct.anon.1*, %struct.sock.756300*, i32)* @__skb_tstamp_tx to void (%struct.sk_buff.763154*, %struct.sk_buff.763154*, %struct.anon.1*, %struct.sock.762871*, i32)*)(%struct.sk_buff.763154* %0, %struct.sk_buff.763154* null, %struct.anon.1* null, %struct.sock.762871* %27, i32 1) #78 Function:__skb_tstamp_tx %6 = icmp eq %struct.sock.756300* %3, null br i1 %6, label %164, label %7 %8 = icmp eq %struct.anon.1* %2, null %9 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 65 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, 16384 %12 = icmp eq i16 %11, 0 %13 = and i1 %8, %12 br i1 %13, label %14, label %25 %26 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 65 %27 = and i16 %10, 2048 %28 = icmp ne i16 %27, 0 %29 = load volatile i32, i32* @sysctl_tstamp_allow_data, align 4 %30 = icmp ne i32 %29, 0 %31 = or i1 %30, %28 br i1 %31, label %44, label %32, !prof !4, !misexpect !5 br i1 %28, label %45, label %65 %66 = tail call %struct.sk_buff.756266* @skb_clone(%struct.sk_buff.756266* %0, i32 2592) #79 %67 = icmp eq %struct.sk_buff.756266* %66, null br i1 %67, label %164, label %100 %101 = phi %struct.sk_buff.756266* [ %62, %68 ], [ %66, %65 ] %102 = phi i8 [ %63, %68 ], [ 0, %65 ] br i1 %8, label %114, label %103 %115 = tail call i64 @ktime_get_with_offset(i32 0) #78 %116 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 2, i32 0 store i64 %115, i64* %116, align 8 br label %117 %118 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 0 %119 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i32* store i32 42, i32* %120, align 4 %121 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 28 store i8 4, i8* %121, align 4 %122 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 32 %123 = bitcast i8* %122 to i32* store i32 %4, i32* %123, align 4 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 44 store i8 %102, i8* %124, align 4 %125 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 0, i32 0, i32 2, i32 0 %126 = load %struct.net_device.756253*, %struct.net_device.756253** %125, align 8 %127 = icmp eq %struct.net_device.756253* %126, null br i1 %127, label %131, label %128 %129 = getelementptr inbounds %struct.net_device.756253, %struct.net_device.756253* %126, i64 0, i32 17 %130 = load i32, i32* %129, align 16 br label %131 %132 = phi i32 [ %130, %128 ], [ 0, %117 ] %133 = bitcast i8* %118 to i32* store i32 %132, i32* %133, align 4 %134 = load i16, i16* %26, align 8 %135 = trunc i16 %134 to i8 %136 = icmp sgt i8 %135, -1 br i1 %136, label %160, label %137 %138 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 40 %139 = load i8*, i8** %138, align 8 %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 39 %141 = load i32, i32* %140, align 4 %142 = zext i32 %141 to i64 %143 = getelementptr i8, i8* %139, i64 %142 %144 = getelementptr inbounds i8, i8* %143, i64 28 %145 = bitcast i8* %144 to i32* %146 = load i32, i32* %145, align 4 %147 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %101, i64 0, i32 3, i64 36 %148 = bitcast i8* %147 to i32* store i32 %146, i32* %148, align 4 %149 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 48 %150 = load i16, i16* %149, align 4 %151 = icmp eq i16 %150, 6 br i1 %151, label %152, label %160 %153 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 47 %154 = load i16, i16* %153, align 2 %155 = icmp eq i16 %154, 1 br i1 %155, label %156, label %160 %157 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %3, i64 0, i32 68, i32 0 %158 = load volatile i32, i32* %157, align 4 %159 = sub i32 %146, %158 store i32 %159, i32* %148, align 4 br label %160 %161 = tail call i32 @sock_queue_err_skb(%struct.sock.756300* nonnull %3, %struct.sk_buff.756266* nonnull %101) #78 Function:sock_queue_err_skb %3 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %0, i64 0, i32 7, i32 0, i32 0 %4 = load volatile i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %1, i64 0, i32 42 %6 = load i32, i32* %5, align 8 %7 = add i32 %6, %4 %8 = getelementptr inbounds %struct.sock.756300, %struct.sock.756300* %0, i64 0, i32 11 %9 = load volatile i32, i32* %8, align 4 %10 = icmp ult i32 %7, %9 br i1 %10, label %11, label %80 %12 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %1, i64 0, i32 4, i32 0, i32 1 %13 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %12, align 8 %14 = icmp eq void (%struct.sk_buff.756266*)* %13, null br i1 %14, label %18, label %15 tail call void %13(%struct.sk_buff.756266* %1) #78 ------------- Check callee group: serial8250_pm Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs4_xattr_get_nfs4_acl ------------- Path:  Function:nfs4_xattr_get_nfs4_acl %7 = getelementptr inbounds %struct.inode, %struct.inode* %2, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.236401** %11 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %11, i64 0, i32 10 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 8 %15 = icmp eq i32 %14, 0 br i1 %15, label %60, label %16 %17 = tail call i32 bitcast (i32 (%struct.inode.216899*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %2, i64 256) #78 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs3_get_acl ------------- Path:  Function:nfs3_get_acl %4 = alloca [7 x %struct.page.235423*], align 16 %5 = alloca %struct.nfs3_getaclargs, align 8 %6 = alloca %struct.nfs3_getaclres, align 8 %7 = alloca %struct.rpc_message.235546, align 8 %8 = getelementptr inbounds %struct.inode.235416, %struct.inode.235416* %0, i64 0, i32 8 %9 = load %struct.super_block.235399*, %struct.super_block.235399** %8, align 8 %10 = getelementptr inbounds %struct.super_block.235399, %struct.super_block.235399* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.235643** %12 = load %struct.nfs_server.235643*, %struct.nfs_server.235643** %11, align 16 %13 = bitcast [7 x %struct.page.235423*]* %4 to i8* %14 = bitcast %struct.nfs3_getaclargs* %5 to i8* %15 = getelementptr %struct.inode.235416, %struct.inode.235416* %0, i64 -1, i32 24, i32 2 %16 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %15, i64 2 %17 = bitcast %struct.nfs3_getaclargs* %5 to %struct.seqcount_spinlock** store %struct.seqcount_spinlock* %16, %struct.seqcount_spinlock** %17, align 8 %18 = getelementptr inbounds %struct.nfs3_getaclargs, %struct.nfs3_getaclargs* %5, i64 0, i32 1 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.nfs3_getaclargs, %struct.nfs3_getaclargs* %5, i64 0, i32 2 %20 = getelementptr inbounds [7 x %struct.page.235423*], [7 x %struct.page.235423*]* %4, i64 0, i64 0 store %struct.page.235423** %20, %struct.page.235423*** %19, align 8 %21 = bitcast %struct.nfs3_getaclres* %6 to i8* %22 = bitcast %struct.rpc_message.235546* %7 to i8* %23 = getelementptr inbounds %struct.rpc_message.235546, %struct.rpc_message.235546* %7, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message.235546, %struct.rpc_message.235546* %7, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs3_getaclargs** %26 = bitcast %struct.rpc_message.235546* %7 to i64* store i64 0, i64* %26, align 8 store %struct.nfs3_getaclargs* %5, %struct.nfs3_getaclargs** %25, align 8 %27 = getelementptr inbounds %struct.rpc_message.235546, %struct.rpc_message.235546* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs3_getaclres** store %struct.nfs3_getaclres* %6, %struct.nfs3_getaclres** %28, align 8 %29 = getelementptr inbounds %struct.rpc_message.235546, %struct.rpc_message.235546* %7, i64 0, i32 3 store %struct.cred* null, %struct.cred** %29, align 8 br i1 %2, label %245, label %30 %31 = getelementptr inbounds %struct.nfs_server.235643, %struct.nfs_server.235643* %12, i64 0, i32 10 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 8 %34 = icmp eq i32 %33, 0 br i1 %34, label %245, label %35 %36 = call i32 bitcast (i32 (%struct.inode.216899*, i64)* @nfs_revalidate_inode to i32 (%struct.inode.235416*, i64)*)(%struct.inode.235416* %0, i64 256) #78 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.216899*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #79 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.216899*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #79 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.216899*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #79 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.216899*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #79 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.216899*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #79 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_revalidate_inode 1 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %87 = trunc i32 %2 to i8 %88 = icmp sgt i8 %87, -1 br i1 %88, label %89, label %94 %90 = tail call i32 bitcast (i32 (%struct.inode.216899*, i64)* @nfs_revalidate_inode to i32 (%struct.inode*, i64)*)(%struct.inode* %1, i64 135168) #79 Function:nfs_revalidate_inode %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %45 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: timens_install pidns_install cgroupns_install netns_install ipcns_install utsns_install mntns_install Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: kernfs_fop_write_iter ext4_file_write_iter pipe_write hung_up_tty_write nfs_file_write blkdev_write_iter random_write_iter devkmsg_write sock_write_iter tty_write write_iter_null proc_sys_write generic_file_write_iter redirected_tty_write Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: rfkill_fop_ioctl seccomp_notify_ioctl pps_cdev_ioctl snapshot_ioctl hpet_ioctl ext4_ioctl hiddev_ioctl posix_clock_ioctl usbdev_ioctl tty_ioctl mon_bin_ioctl pipe_ioctl autofs_dev_ioctl hidraw_ioctl nvram_misc_ioctl sock_ioctl evdev_ioctl dm_ctl_ioctl rtc_dev_ioctl fat_dir_ioctl msr_ioctl snd_timer_user_ioctl perf_ioctl usblp_ioctl bsg_ioctl drm_ioctl inotify_ioctl hung_up_tty_ioctl proc_reg_unlocked_ioctl fat_generic_ioctl autofs_root_ioctl random_ioctl block_ioctl sync_file_ioctl rpc_pipe_ioctl snd_disconnect_ioctl tracing_buffers_ioctl dma_buf_ioctl sg_ioctl loop_control_ioctl i915_perf_ioctl snd_hwdep_ioctl cache_ioctl_pipefs snd_ctl_ioctl ns_ioctl snd_seq_ioctl Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_request_port Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: proc_sys_read read_iter_null generic_file_read_iter shmem_file_read_iter blkdev_read_iter random_read_iter kernfs_fop_read_iter eventfd_read ext4_file_read_iter urandom_read_iter sock_read_iter proc_reg_read_iter pipe_read tty_read read_iter_zero hugetlbfs_read_iter seq_read_iter hung_up_tty_read nfs_file_read Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: aio_complete_rw Check callee group: security_msg_queue_associate security_sem_associate security_shm_associate Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: dm_pr_register sd_pr_register Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: md_ioctl sd_ioctl dm_blk_ioctl lo_ioctl sr_block_ioctl Check callee group: aio_complete_rw Check callee group: tg3_read_indirect_reg32 Check callee group: kernfs_fop_write_iter ext4_file_write_iter pipe_write hung_up_tty_write nfs_file_write blkdev_write_iter random_write_iter devkmsg_write sock_write_iter tty_write write_iter_null proc_sys_write generic_file_write_iter redirected_tty_write Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: md_compat_ioctl blkdev_compat_ptr_ioctl lo_compat_ioctl Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_dirtyfb intel_user_framebuffer_dirty Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs_create mqueue_create msdos_create ext4_create vfat_create bad_inode_create shmem_create hugetlbfs_create ramfs_create Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs_rename ext4_rename2 vfat_rename bad_inode_rename2 kernfs_iop_rename shmem_rename2 simple_rename msdos_rename Check callee group: mq_walk Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: shmem_xattr_handler_get ext4_xattr_security_get nfs4_xattr_get_nfs4_acl sockfs_xattr_get ext4_xattr_trusted_get ext4_xattr_hurd_get posix_acl_xattr_get ext4_xattr_user_get kernfs_vfs_xattr_get Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_open e1000e_open Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: i915_ttm_adjust_lru Check callee group: sock_wfree Check callee group: e1000_update_phy_info_task Check callee group: serial8250_release_port Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: mdio_ctrl_hw Check callee group: nfs_swap_deactivate Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: ipip6_dellink Check callee group: tg3_write_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: e1000_update_phy_info_task Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 %123 = icmp eq i32 %122, 0 %124 = and i64 %110, 17922 %125 = select i1 %123, i64 %110, i64 %124 %126 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %127 = bitcast %struct.seqcount_spinlock* %126 to i64* %128 = load i64, i64* %127, align 8 %129 = or i64 %125, %128 store i64 %129, i64* %127, align 8 %130 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %131 = load %struct.address_space.216900*, %struct.address_space.216900** %130, align 8 %132 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %131, i64 0, i32 7 %133 = load i64, i64* %132, align 8 %134 = icmp eq i64 %133, 0 br i1 %134, label %138, label %135 %136 = and i64 %129, 2 %137 = icmp eq i64 %136, 0 br i1 %137, label %141, label %138 %139 = phi i64 [ -8195, %104 ], [ -8193, %135 ] %140 = and i64 %129, %139 store i64 %140, i64* %127, align 8 br label %141 %142 = load i32, i32* %105, align 8 %143 = and i32 %142, 162943 %144 = icmp eq i32 %143, 0 br i1 %144, label %147, label %145 %146 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #78 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %67 [label %53], !srcloc !4 %68 = icmp sgt i32 %52, 0 br i1 %68, label %98, label %69 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %71 = bitcast %struct.seqcount_spinlock* %70 to i64* %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %74 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %75 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.217027** %77 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 26 %79 = load i32, i32* %78, align 8 %80 = icmp eq i32 %79, 4 %81 = and i64 %72, 256 %82 = icmp ne i64 %81, 0 %83 = or i1 %82, %80 %84 = and i64 %72, 89604 %85 = icmp eq i64 %84, 0 %86 = or i1 %85, %83 br i1 %86, label %100, label %87 %88 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %89 = load i32, i32* %88, align 8 %90 = and i32 %89, 131072 %91 = icmp eq i32 %90, 0 br i1 %91, label %100, label %92 %93 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = icmp eq i64 %94, %96 br i1 %97, label %98, label %100 %99 = tail call fastcc i32 @nfs_update_inode(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #79 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %4 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %5 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217027** %7 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %6, align 16 %8 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 106 %14 = bitcast %struct.seqcount_spinlock* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %28 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = bitcast %struct.seqcount_spinlock* %8 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217027* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.216899* %0, i32 1) #79 %118 = icmp eq i32 %117, 0 %119 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 19 %120 = load i64, i64* %119, align 8 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 40 %122 = bitcast %struct.seqcount_spinlock* %121 to i64* store i64 %120, i64* %122, align 8 %123 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 38 %124 = bitcast %struct.seqcount_spinlock* %123 to i64* %125 = load i64, i64* %124, align 8 %126 = and i64 %125, -220997 store i64 %126, i64* %124, align 8 %127 = load i32, i32* %36, align 8 %128 = and i32 %127, 393216 %129 = icmp eq i32 %128, 393216 br i1 %129, label %130, label %191 %131 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 15 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %134 = load volatile i64, i64* %133, align 8 %135 = icmp eq i64 %134, %132 br i1 %135, label %136, label %191 %137 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %138 = load i64, i64* %137, align 8 store volatile i64 %138, i64* %133, align 8 %139 = load i16, i16* %78, align 8 %140 = and i16 %139, -4096 %141 = icmp eq i16 %140, 16384 %142 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %143 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %142, i64 0, i32 28 %144 = bitcast i8** %143 to %struct.nfs_server.217027** %145 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %144, align 16 br i1 %141, label %146, label %165 %166 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %145, i64 0, i32 10 %167 = load i32, i32* %166, align 8 %168 = and i32 %167, 268435456 %169 = icmp eq i32 %168, 0 br i1 %169, label %191, label %170 %171 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %145, i64 0, i32 0 %172 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %171, align 8 %173 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %172, i64 0, i32 12 %174 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %173, align 8 %175 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %174, i64 0, i32 47 %176 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %175, align 8 %177 = tail call i32 %176(%struct.inode.216899* %0, i32 1) #79 %178 = load i64, i64* %124, align 8 %179 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %180 = load %struct.address_space.216900*, %struct.address_space.216900** %179, align 8 %181 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %180, i64 0, i32 7 %182 = load i64, i64* %181, align 8 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %186 %187 = and i64 %178, 2 %188 = icmp eq i64 %187, 0 br i1 %188, label %191, label %189 %190 = and i64 %178, -8193 store i64 %190, i64* %124, align 8 br label %191 %192 = phi i64 [ %190, %189 ], [ %178, %186 ], [ %185, %184 ], [ %126, %165 ], [ %164, %163 ], [ %162, %161 ], [ %126, %130 ], [ %126, %109 ] %193 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 17 %194 = bitcast %struct.cpu_itimer* %193 to i8* %195 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 17, i32 1 %196 = load i64, i64* %195, align 8 %197 = load i32, i32* %36, align 8 %198 = and i32 %197, 81920 %199 = icmp eq i32 %198, 81920 br i1 %199, label %200, label %214 %201 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 17, i32 0 %202 = load i64, i64* %201, align 8 %203 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 18, i32 0 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %202, %204 br i1 %205, label %206, label %214 %207 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 18, i32 1 %208 = load i64, i64* %207, align 8 %209 = icmp eq i64 %196, %208 br i1 %209, label %210, label %214 %211 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 13 %212 = bitcast %struct.cpu_itimer* %211 to i8* %213 = load i32, i32* %36, align 8 br label %214 %215 = phi i32 [ %197, %206 ], [ %197, %191 ], [ %197, %200 ], [ %213, %210 ] %216 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 16 %217 = bitcast %struct.cpu_itimer* %216 to i8* %218 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 16, i32 1 %219 = load i64, i64* %218, align 8 %220 = and i32 %215, 40960 %221 = icmp eq i32 %220, 40960 br i1 %221, label %222, label %261 %223 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 16, i32 0 %224 = load i64, i64* %223, align 8 %225 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 17, i32 0 %226 = load i64, i64* %225, align 8 %227 = icmp eq i64 %224, %226 br i1 %227, label %228, label %261 %229 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 17, i32 1 %230 = load i64, i64* %229, align 8 %231 = icmp eq i64 %219, %230 br i1 %231, label %232, label %261 %233 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 12 %234 = bitcast %struct.cpu_itimer* %233 to i8* %235 = load i16, i16* %78, align 8 %236 = and i16 %235, -4096 %237 = icmp eq i16 %236, 16384 br i1 %237, label %238, label %261 %239 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %240 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %239, i64 0, i32 28 %241 = bitcast i8** %240 to %struct.nfs_server.217027** %242 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %241, align 16 %243 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %242, i64 0, i32 0 %244 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %243, align 8 %245 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %244, i64 0, i32 12 %246 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %245, align 8 %247 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %246, i64 0, i32 47 %248 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %247, align 8 %249 = tail call i32 %248(%struct.inode.216899* %0, i32 1) #79 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: fifo_init fifo_hd_init Check callee group: e1000_update_phy_info_task Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nv_set_multicast Check callee group: generic_access_phys vm_access vm_access_ttm ttm_bo_vm_access kernfs_vma_access Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: generic_access_phys vm_access vm_access_ttm ttm_bo_vm_access kernfs_vma_access Check callee group: mq_walk Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: mdio_ctrl_hw Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mq_find Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: aio_complete_rw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: uart_set_ldisc Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_set_inode_stale_locked 1 nfs_update_inode 2 nfs_refresh_inode_locked 3 nfs_post_op_update_inode_force_wcc_locked 4 nfs_writeback_update_inode 5 nfs4_write_done_cb 6 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 %123 = icmp eq i32 %122, 0 %124 = and i64 %110, 17922 %125 = select i1 %123, i64 %110, i64 %124 %126 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %127 = bitcast %struct.seqcount_spinlock* %126 to i64* %128 = load i64, i64* %127, align 8 %129 = or i64 %125, %128 store i64 %129, i64* %127, align 8 %130 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %131 = load %struct.address_space.216900*, %struct.address_space.216900** %130, align 8 %132 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %131, i64 0, i32 7 %133 = load i64, i64* %132, align 8 %134 = icmp eq i64 %133, 0 br i1 %134, label %138, label %135 %136 = and i64 %129, 2 %137 = icmp eq i64 %136, 0 br i1 %137, label %141, label %138 %139 = phi i64 [ -8195, %104 ], [ -8193, %135 ] %140 = and i64 %129, %139 store i64 %140, i64* %127, align 8 br label %141 %142 = load i32, i32* %105, align 8 %143 = and i32 %142, 162943 %144 = icmp eq i32 %143, 0 br i1 %144, label %147, label %145 %146 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #78 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %67 [label %53], !srcloc !4 %68 = icmp sgt i32 %52, 0 br i1 %68, label %98, label %69 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %71 = bitcast %struct.seqcount_spinlock* %70 to i64* %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %74 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %75 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.217027** %77 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 26 %79 = load i32, i32* %78, align 8 %80 = icmp eq i32 %79, 4 %81 = and i64 %72, 256 %82 = icmp ne i64 %81, 0 %83 = or i1 %82, %80 %84 = and i64 %72, 89604 %85 = icmp eq i64 %84, 0 %86 = or i1 %85, %83 br i1 %86, label %100, label %87 %88 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %89 = load i32, i32* %88, align 8 %90 = and i32 %89, 131072 %91 = icmp eq i32 %90, 0 br i1 %91, label %100, label %92 %93 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = icmp eq i64 %94, %96 br i1 %97, label %98, label %100 %99 = tail call fastcc i32 @nfs_update_inode(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #79 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %4 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %5 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217027** %7 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %6, align 16 %8 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 106 %14 = bitcast %struct.seqcount_spinlock* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %28 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = bitcast %struct.seqcount_spinlock* %8 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %68 = load i16, i16* %67, align 4 %69 = xor i16 %15, %68 %70 = icmp ugt i16 %69, 4095 br i1 %70, label %71, label %77 %72 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 11 %73 = load i64, i64* %72, align 8 %74 = zext i16 %15 to i32 %75 = zext i16 %68 to i32 %76 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([49 x i8], [49 x i8]* @.str.7.21583, i64 0, i64 0), i8* getelementptr inbounds ([17 x i8], [17 x i8]* @__func__.nfs_update_inode, i64 0, i64 0), i64 %73, i32 %74, i32 %75) #78 br label %651 tail call fastcc void @nfs_set_inode_stale_locked(%struct.inode.216899* %0) #80 Function:nfs_set_inode_stale_locked %2 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 36 %4 = bitcast %struct.seqcount_spinlock* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %4, i32 2, i8* %4) #6, !srcloc !4 %5 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %8 = load %struct.super_block.216885*, %struct.super_block.216885** %7, align 8 %9 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.217027** %11 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %11, i64 0, i32 6 %13 = load %struct.nfs_iostats*, %struct.nfs_iostats** %12, align 8 %14 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %13, i64 0, i32 1, i64 3 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %14, i64* %14) #6, !srcloc !5 %15 = load %struct.super_block.216885*, %struct.super_block.216885** %7, align 8 %16 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.217027** %18 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %17, align 16 %19 = load i16, i16* %5, align 8 %20 = and i16 %19, -4096 %21 = icmp eq i16 %20, 16384 %22 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %18, i64 0, i32 21 %23 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %18, i64 0, i32 19 %24 = select i1 %21, i32* %22, i32* %23 %25 = load i32, i32* %24, align 4 %26 = zext i32 %25 to i64 %27 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 42 %28 = bitcast %struct.seqcount_spinlock* %27 to i64* store i64 %26, i64* %28, align 8 %29 = load volatile i64, i64* @jiffies, align 64 %30 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 44 %31 = bitcast %struct.seqcount_spinlock* %30 to i64* store i64 %29, i64* %31, align 8 %32 = and i16 %6, -4096 switch i16 %32, label %57 [ i16 -32768, label %33 i16 16384, label %33 i16 -24576, label %33 ] %34 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %17, align 16 %35 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %34, i64 0, i32 0 %36 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %35, align 8 %37 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %36, i64 0, i32 12 %38 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %37, align 8 %39 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %38, i64 0, i32 47 %40 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %39, align 8 %41 = tail call i32 %40(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: ata_acpi_dev_uevent ata_acpi_ap_uevent Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: drm_atomic_helper_set_config Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_getattr ------------- Path:  Function:nfs_getattr %6 = getelementptr inbounds %struct.path.216280, %struct.path.216280* %1, i64 0, i32 1 %7 = load %struct.dentry.216888*, %struct.dentry.216888** %6, align 8 %8 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %7, i64 0, i32 5 %9 = load %struct.inode.216899*, %struct.inode.216899** %8, align 8 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %9, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %31 [label %17], !srcloc !4 %32 = and i32 %3, 2047 %33 = and i32 %4, 16384 %34 = icmp eq i32 %33, 0 %35 = xor i1 %16, true %36 = or i1 %34, %35 br i1 %36, label %54, label %37 %55 = and i32 %3, 192 %56 = icmp eq i32 %55, 0 br i1 %56, label %66, label %57 %67 = getelementptr inbounds %struct.path.216280, %struct.path.216280* %1, i64 0, i32 0 %68 = load %struct.vfsmount.216886*, %struct.vfsmount.216886** %67, align 8 %69 = getelementptr inbounds %struct.vfsmount.216886, %struct.vfsmount.216886* %68, i64 0, i32 2 %70 = load i32, i32* %69, align 8 %71 = and i32 %70, 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %81 %74 = and i32 %70, 16 %75 = icmp eq i32 %74, 0 br i1 %75, label %83, label %76 %84 = phi i32 [ %82, %81 ], [ %32, %76 ], [ %32, %73 ] %85 = and i32 %84, 1790 %86 = icmp eq i32 %85, 0 br i1 %86, label %230, label %87 br i1 %16, label %88, label %118 %89 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %90 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %89, i64 0, i32 28 %91 = bitcast i8** %90 to %struct.nfs_server.217027** %92 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %91, align 16 %93 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %92, i64 0, i32 0 %94 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %93, align 8 %95 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %94, i64 0, i32 12 %96 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %95, align 8 %97 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %96, i64 0, i32 47 %98 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %97, align 8 %99 = tail call i32 %98(%struct.inode.216899* %9, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr 1 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %6 = getelementptr inbounds %struct.path, %struct.path* %1, i64 0, i32 1 %7 = load %struct.dentry*, %struct.dentry** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %7, i64 0, i32 5 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr %struct.inode, %struct.inode* %9, i64 -1, i32 24, i32 2 %11 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %10, i64 2 %12 = bitcast %struct.seqcount_spinlock* %11 to i16* %13 = load i16, i16* %12, align 2 %14 = icmp eq i16 %13, 0 br i1 %14, label %17, label %15 %16 = tail call i32 bitcast (i32 (%struct.user_namespace*, %struct.path.216280*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.user_namespace*, %struct.path*, %struct.kstat*, i32, i32)*)(%struct.user_namespace* %0, %struct.path* %1, %struct.kstat* %2, i32 %3, i32 %4) #78 Function:nfs_getattr %6 = getelementptr inbounds %struct.path.216280, %struct.path.216280* %1, i64 0, i32 1 %7 = load %struct.dentry.216888*, %struct.dentry.216888** %6, align 8 %8 = getelementptr inbounds %struct.dentry.216888, %struct.dentry.216888* %7, i64 0, i32 5 %9 = load %struct.inode.216899*, %struct.inode.216899** %8, align 8 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %9, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = and i32 %4, 8192 %16 = icmp eq i32 %15, 0 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_getattr, %17)) #6 to label %31 [label %17], !srcloc !4 %32 = and i32 %3, 2047 %33 = and i32 %4, 16384 %34 = icmp eq i32 %33, 0 %35 = xor i1 %16, true %36 = or i1 %34, %35 br i1 %36, label %54, label %37 %55 = and i32 %3, 192 %56 = icmp eq i32 %55, 0 br i1 %56, label %66, label %57 %67 = getelementptr inbounds %struct.path.216280, %struct.path.216280* %1, i64 0, i32 0 %68 = load %struct.vfsmount.216886*, %struct.vfsmount.216886** %67, align 8 %69 = getelementptr inbounds %struct.vfsmount.216886, %struct.vfsmount.216886* %68, i64 0, i32 2 %70 = load i32, i32* %69, align 8 %71 = and i32 %70, 8 %72 = icmp eq i32 %71, 0 br i1 %72, label %73, label %81 %74 = and i32 %70, 16 %75 = icmp eq i32 %74, 0 br i1 %75, label %83, label %76 %84 = phi i32 [ %82, %81 ], [ %32, %76 ], [ %32, %73 ] %85 = and i32 %84, 1790 %86 = icmp eq i32 %85, 0 br i1 %86, label %230, label %87 br i1 %16, label %88, label %118 %89 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %90 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %89, i64 0, i32 28 %91 = bitcast i8** %90 to %struct.nfs_server.217027** %92 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %91, align 16 %93 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %92, i64 0, i32 0 %94 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %93, align 8 %95 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %94, i64 0, i32 12 %96 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %95, align 8 %97 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %96, i64 0, i32 47 %98 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %97, align 8 %99 = tail call i32 %98(%struct.inode.216899* %9, i32 1) #78 ------------- Check callee group: i915_driver_lastclose Check callee group: drm_atomic_helper_disable_plane drm_primary_helper_disable Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: sock_wfree Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mq_walk Check callee group: mdio_ctrl_hw Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: i915_ttm_adjust_lru Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: i915_ttm_adjust_lru Check callee group: x86_pmu_aux_output_match Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: i915_driver_open Check callee group: ext4_iomap_swap_activate nfs_swap_activate Check callee group: tg3_read_indirect_reg32 Check callee group: nfs_swap_deactivate Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: rfkill_fop_ioctl seccomp_notify_ioctl pps_cdev_ioctl snapshot_ioctl hpet_ioctl ext4_ioctl hiddev_ioctl posix_clock_ioctl usbdev_ioctl tty_ioctl mon_bin_ioctl pipe_ioctl autofs_dev_ioctl hidraw_ioctl nvram_misc_ioctl sock_ioctl evdev_ioctl dm_ctl_ioctl rtc_dev_ioctl fat_dir_ioctl msr_ioctl snd_timer_user_ioctl perf_ioctl usblp_ioctl bsg_ioctl drm_ioctl inotify_ioctl hung_up_tty_ioctl proc_reg_unlocked_ioctl fat_generic_ioctl autofs_root_ioctl random_ioctl block_ioctl sync_file_ioctl rpc_pipe_ioctl snd_disconnect_ioctl tracing_buffers_ioctl dma_buf_ioctl sg_ioctl loop_control_ioctl i915_perf_ioctl snd_hwdep_ioctl cache_ioctl_pipefs snd_ctl_ioctl ns_ioctl snd_seq_ioctl Use: =BAD PATH= Call Stack: 0 compat_ptr_ioctl ------------- Path:  Function:compat_ptr_ioctl %4 = getelementptr inbounds %struct.file.148401, %struct.file.148401* %0, i64 0, i32 3 %5 = load %struct.file_operations.148351*, %struct.file_operations.148351** %4, align 8 %6 = getelementptr inbounds %struct.file_operations.148351, %struct.file_operations.148351* %5, i64 0, i32 10 %7 = bitcast {}** %6 to i64 (%struct.file.148401*, i32, i64)** %8 = load i64 (%struct.file.148401*, i32, i64)*, i64 (%struct.file.148401*, i32, i64)** %7, align 8 %9 = icmp eq i64 (%struct.file.148401*, i32, i64)* %8, null br i1 %9, label %13, label %10 %11 = and i64 %2, 4294967295 %12 = tail call i64 %8(%struct.file.148401* %0, i32 %1, i64 %11) #78 ------------- Use: =BAD PATH= Call Stack: 0 compat_ptr_ioctl ------------- Path:  Function:compat_ptr_ioctl %4 = getelementptr inbounds %struct.file.148401, %struct.file.148401* %0, i64 0, i32 3 %5 = load %struct.file_operations.148351*, %struct.file_operations.148351** %4, align 8 %6 = getelementptr inbounds %struct.file_operations.148351, %struct.file_operations.148351* %5, i64 0, i32 10 %7 = bitcast {}** %6 to i64 (%struct.file.148401*, i32, i64)** %8 = load i64 (%struct.file.148401*, i32, i64)*, i64 (%struct.file.148401*, i32, i64)** %7, align 8 %9 = icmp eq i64 (%struct.file.148401*, i32, i64)* %8, null br i1 %9, label %13, label %10 %11 = and i64 %2, 4294967295 %12 = tail call i64 %8(%struct.file.148401* %0, i32 %1, i64 %11) #78 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: nv_set_multicast Check callee group: rfkill_fop_ioctl seccomp_notify_ioctl pps_cdev_ioctl snapshot_ioctl hpet_ioctl ext4_ioctl hiddev_ioctl posix_clock_ioctl usbdev_ioctl tty_ioctl mon_bin_ioctl pipe_ioctl autofs_dev_ioctl hidraw_ioctl nvram_misc_ioctl sock_ioctl evdev_ioctl dm_ctl_ioctl rtc_dev_ioctl fat_dir_ioctl msr_ioctl snd_timer_user_ioctl perf_ioctl usblp_ioctl bsg_ioctl drm_ioctl inotify_ioctl hung_up_tty_ioctl proc_reg_unlocked_ioctl fat_generic_ioctl autofs_root_ioctl random_ioctl block_ioctl sync_file_ioctl rpc_pipe_ioctl snd_disconnect_ioctl tracing_buffers_ioctl dma_buf_ioctl sg_ioctl loop_control_ioctl i915_perf_ioctl snd_hwdep_ioctl cache_ioctl_pipefs snd_ctl_ioctl ns_ioctl snd_seq_ioctl Check callee group: rfkill_fop_ioctl seccomp_notify_ioctl pps_cdev_ioctl snapshot_ioctl hpet_ioctl ext4_ioctl hiddev_ioctl posix_clock_ioctl usbdev_ioctl tty_ioctl mon_bin_ioctl pipe_ioctl autofs_dev_ioctl hidraw_ioctl nvram_misc_ioctl sock_ioctl evdev_ioctl dm_ctl_ioctl rtc_dev_ioctl fat_dir_ioctl msr_ioctl snd_timer_user_ioctl perf_ioctl usblp_ioctl bsg_ioctl drm_ioctl inotify_ioctl hung_up_tty_ioctl proc_reg_unlocked_ioctl fat_generic_ioctl autofs_root_ioctl random_ioctl block_ioctl sync_file_ioctl rpc_pipe_ioctl snd_disconnect_ioctl tracing_buffers_ioctl dma_buf_ioctl sg_ioctl loop_control_ioctl i915_perf_ioctl snd_hwdep_ioctl cache_ioctl_pipefs snd_ctl_ioctl ns_ioctl snd_seq_ioctl Check callee group: tg3_read_indirect_reg32 Check callee group: rfkill_fop_ioctl seccomp_notify_ioctl pps_cdev_ioctl snapshot_ioctl hpet_ioctl ext4_ioctl hiddev_ioctl posix_clock_ioctl usbdev_ioctl tty_ioctl mon_bin_ioctl pipe_ioctl autofs_dev_ioctl hidraw_ioctl nvram_misc_ioctl sock_ioctl evdev_ioctl dm_ctl_ioctl rtc_dev_ioctl fat_dir_ioctl msr_ioctl snd_timer_user_ioctl perf_ioctl usblp_ioctl bsg_ioctl drm_ioctl inotify_ioctl hung_up_tty_ioctl proc_reg_unlocked_ioctl fat_generic_ioctl autofs_root_ioctl random_ioctl block_ioctl sync_file_ioctl rpc_pipe_ioctl snd_disconnect_ioctl tracing_buffers_ioctl dma_buf_ioctl sg_ioctl loop_control_ioctl i915_perf_ioctl snd_hwdep_ioctl cache_ioctl_pipefs snd_ctl_ioctl ns_ioctl snd_seq_ioctl Check callee group: ata_acpi_dev_uevent ata_acpi_ap_uevent Check callee group: tg3_read_indirect_reg32 Check callee group: ata_acpi_dev_uevent ata_acpi_ap_uevent Check callee group: ipip6_newlink Check callee group: sock_wfree Check callee group: mq_select_queue Check callee group: nfs_create mqueue_create msdos_create ext4_create vfat_create bad_inode_create shmem_create hugetlbfs_create ramfs_create Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_write_indirect_reg32 Check callee group: dm_pr_release sd_pr_release Check callee group: fifo_init fifo_hd_init Check callee group: mdio_ctrl_hw Check callee group: dm_pr_release sd_pr_release Check callee group: drm_atomic_helper_dirtyfb intel_user_framebuffer_dirty Check callee group: bad_inode_lookup autofs_lookup vfat_lookup ext4_lookup proc_map_files_lookup proc_tid_base_lookup proc_lookupfd nfs_lookup proc_attr_dir_lookup isofs_lookup proc_task_lookup proc_sys_lookup proc_tgid_base_lookup msdos_lookup proc_lookupfdinfo kernfs_iop_lookup proc_tgid_net_lookup proc_root_lookup proc_lookup empty_dir_lookup simple_lookup proc_ns_dir_lookup Check callee group: tg3_write_indirect_reg32 Check callee group: bad_inode_lookup autofs_lookup vfat_lookup ext4_lookup proc_map_files_lookup proc_tid_base_lookup proc_lookupfd nfs_lookup proc_attr_dir_lookup isofs_lookup proc_task_lookup proc_sys_lookup proc_tgid_base_lookup msdos_lookup proc_lookupfdinfo kernfs_iop_lookup proc_tgid_net_lookup proc_root_lookup proc_lookup empty_dir_lookup simple_lookup proc_ns_dir_lookup Check callee group: tg3_read_indirect_reg32 Check callee group: nfs_atomic_open bad_inode_atomic_open Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: drm_connector_free drm_property_free_blob drm_framebuffer_free Check callee group: intel_legacy_cursor_update drm_atomic_helper_update_plane drm_primary_helper_update Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: nfs4_have_delegation Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: kernfs_fop_write_iter ext4_file_write_iter pipe_write hung_up_tty_write nfs_file_write blkdev_write_iter random_write_iter devkmsg_write sock_write_iter tty_write write_iter_null proc_sys_write generic_file_write_iter redirected_tty_write Check callee group: mdio_ctrl_hw Check callee group: mq_leaf Check callee group: serial8250_pm Check callee group: nfs4_lookup_revalidate vfat_revalidate_ci map_files_d_revalidate proc_misc_d_revalidate proc_net_d_revalidate vfat_revalidate proc_sys_revalidate pid_revalidate kernfs_dop_revalidate tid_fd_revalidate nfs_lookup_revalidate Check callee group: serial8250_pm Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_revalidate_mapping 1 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 2 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.214586** %31 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #78 %40 = icmp eq i32 %39, 0 br i1 %40, label %46, label %41 %42 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 18 %43 = load %struct.address_space*, %struct.address_space** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.address_space.216900*)* @nfs_revalidate_mapping to i32 (%struct.inode*, %struct.address_space*)*)(%struct.inode* %22, %struct.address_space* %43) #78 Function:nfs_revalidate_mapping %3 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 4 %4 = load i32, i32* %3, align 4 %5 = and i32 %4, 256 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %59 %8 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %9 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 38 %10 = bitcast %struct.seqcount_spinlock* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 256 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %49 %15 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %16 = load %struct.super_block.216885*, %struct.super_block.216885** %15, align 8 %17 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.nfs_server.217027** %19 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %18, align 16 %20 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %19, i64 0, i32 0 %21 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %20, align 8 %22 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %21, i64 0, i32 12 %23 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %22, align 8 %24 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %23, i64 0, i32 47 %25 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %24, align 8 %26 = tail call i32 %25(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: md_set_read_only Check callee group: mdio_ctrl_hw Check callee group: shmem_xattr_handler_get ext4_xattr_security_get nfs4_xattr_get_nfs4_acl sockfs_xattr_get ext4_xattr_trusted_get ext4_xattr_hurd_get posix_acl_xattr_get ext4_xattr_user_get kernfs_vfs_xattr_get Check callee group: tg3_write_indirect_reg32 Check callee group: shmem_xattr_handler_get ext4_xattr_security_get nfs4_xattr_get_nfs4_acl sockfs_xattr_get ext4_xattr_trusted_get ext4_xattr_hurd_get posix_acl_xattr_get ext4_xattr_user_get kernfs_vfs_xattr_get Check callee group: device_reset Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 extts_enable_store ------------- Path:  Function:extts_enable_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds i8, i8* %8, i64 968 %10 = bitcast i8* %9 to %struct.ptp_clock_info** %11 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %10, align 8 %12 = bitcast %struct.ptp_clock_request* %5 to i8* %13 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1 %15 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.2.57542, i64 0, i64 0), %union.anon.211.645476* %14, i32* nonnull %6) #78 %16 = icmp eq i32 %15, 2 br i1 %16, label %17, label %31 %18 = bitcast %union.anon.211.645476* %14 to i32* %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %11, i64 0, i32 4 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %19, %21 br i1 %22, label %23, label %31 %24 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %11, i64 0, i32 17 %25 = load i32 (%struct.ptp_clock_info*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info*, %struct.ptp_clock_request*, i32)** %24, align 8 %26 = load i32, i32* %6, align 4 %27 = icmp ne i32 %26, 0 %28 = zext i1 %27 to i32 %29 = call i32 %25(%struct.ptp_clock_info* %11, %struct.ptp_clock_request* nonnull %5, i32 %28) #79 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: serial8250_release_port Check callee group: serial8250_release_port Check callee group: pci_fastcom335_setup pci_xr17v35x_setup pci_xr17c154_setup pci_connect_tech_setup Check callee group: fifo_init fifo_hd_init Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: mq_find Check callee group: mq_find Check callee group: tg3_read_indirect_reg32 Check callee group: mq_find Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_attribute_cache_expired 1 nfs_readdir ------------- Path:  Function:nfs_readdir %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %6 = load %struct.dentry*, %struct.dentry** %5, align 8 %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %6, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 67108864 %10 = icmp eq i32 %9, 0 br i1 %10, label %19, label %11, !prof !4, !misexpect !5 %20 = phi %struct.dentry* [ %18, %11 ], [ %6, %2 ] %21 = getelementptr inbounds %struct.dentry, %struct.dentry* %20, i64 0, i32 5 %22 = load %struct.inode*, %struct.inode** %21, align 8 %23 = getelementptr %struct.inode, %struct.inode* %22, i64 -1, i32 24, i32 2 %24 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.nfs_open_dir_context** %26 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %25, align 8 %27 = getelementptr inbounds %struct.inode, %struct.inode* %22, i64 0, i32 8 %28 = load %struct.super_block*, %struct.super_block** %27, align 8 %29 = getelementptr inbounds %struct.super_block, %struct.super_block* %28, i64 0, i32 28 %30 = bitcast i8** %29 to %struct.nfs_server.214586** %31 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %30, align 16 %32 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %31, i64 0, i32 6 %33 = load %struct.nfs_iostats*, %struct.nfs_iostats** %32, align 8 %34 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %33, i64 0, i32 1, i64 12 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %34, i64* %34) #6, !srcloc !6 %35 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %41, label %38 %39 = tail call i32 bitcast (i32 (%struct.inode.216899*)* @nfs_attribute_cache_expired to i32 (%struct.inode*)*)(%struct.inode* %22) #78 Function:nfs_attribute_cache_expired %2 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %3 = load %struct.super_block.216885*, %struct.super_block.216885** %2, align 8 %4 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %3, i64 0, i32 28 %5 = bitcast i8** %4 to %struct.nfs_server.217027** %6 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %5, align 16 %7 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %6, i64 0, i32 0 %8 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %7, align 8 %9 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %8, i64 0, i32 12 %10 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %9, align 8 %11 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %10, i64 0, i32 47 %12 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %11, align 8 %13 = tail call i32 %12(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_request_port Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: sock_wfree Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: mq_walk Check callee group: e1000_update_phy_info_task Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: i915_ttm_adjust_lru Check callee group: i915_ttm_adjust_lru Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: mq_leaf Check callee group: tg3_write_indirect_reg32 Check callee group: mq_walk Check callee group: sock_wfree Check callee group: timens_install pidns_install cgroupns_install netns_install ipcns_install utsns_install mntns_install Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 %123 = icmp eq i32 %122, 0 %124 = and i64 %110, 17922 %125 = select i1 %123, i64 %110, i64 %124 %126 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %127 = bitcast %struct.seqcount_spinlock* %126 to i64* %128 = load i64, i64* %127, align 8 %129 = or i64 %125, %128 store i64 %129, i64* %127, align 8 %130 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %131 = load %struct.address_space.216900*, %struct.address_space.216900** %130, align 8 %132 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %131, i64 0, i32 7 %133 = load i64, i64* %132, align 8 %134 = icmp eq i64 %133, 0 br i1 %134, label %138, label %135 %136 = and i64 %129, 2 %137 = icmp eq i64 %136, 0 br i1 %137, label %141, label %138 %139 = phi i64 [ -8195, %104 ], [ -8193, %135 ] %140 = and i64 %129, %139 store i64 %140, i64* %127, align 8 br label %141 %142 = load i32, i32* %105, align 8 %143 = and i32 %142, 162943 %144 = icmp eq i32 %143, 0 br i1 %144, label %147, label %145 %146 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #78 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %67 [label %53], !srcloc !4 %68 = icmp sgt i32 %52, 0 br i1 %68, label %98, label %69 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %71 = bitcast %struct.seqcount_spinlock* %70 to i64* %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %74 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %75 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.217027** %77 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 26 %79 = load i32, i32* %78, align 8 %80 = icmp eq i32 %79, 4 %81 = and i64 %72, 256 %82 = icmp ne i64 %81, 0 %83 = or i1 %82, %80 %84 = and i64 %72, 89604 %85 = icmp eq i64 %84, 0 %86 = or i1 %85, %83 br i1 %86, label %100, label %87 %88 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %89 = load i32, i32* %88, align 8 %90 = and i32 %89, 131072 %91 = icmp eq i32 %90, 0 br i1 %91, label %100, label %92 %93 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = icmp eq i64 %94, %96 br i1 %97, label %98, label %100 %99 = tail call fastcc i32 @nfs_update_inode(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #79 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %4 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %5 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217027** %7 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %6, align 16 %8 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 106 %14 = bitcast %struct.seqcount_spinlock* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %28 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = bitcast %struct.seqcount_spinlock* %8 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217027* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.216899* %0, i32 1) #79 %118 = icmp eq i32 %117, 0 %119 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 19 %120 = load i64, i64* %119, align 8 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 40 %122 = bitcast %struct.seqcount_spinlock* %121 to i64* store i64 %120, i64* %122, align 8 %123 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 38 %124 = bitcast %struct.seqcount_spinlock* %123 to i64* %125 = load i64, i64* %124, align 8 %126 = and i64 %125, -220997 store i64 %126, i64* %124, align 8 %127 = load i32, i32* %36, align 8 %128 = and i32 %127, 393216 %129 = icmp eq i32 %128, 393216 br i1 %129, label %130, label %191 %131 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 15 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %134 = load volatile i64, i64* %133, align 8 %135 = icmp eq i64 %134, %132 br i1 %135, label %136, label %191 %137 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %138 = load i64, i64* %137, align 8 store volatile i64 %138, i64* %133, align 8 %139 = load i16, i16* %78, align 8 %140 = and i16 %139, -4096 %141 = icmp eq i16 %140, 16384 %142 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %143 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %142, i64 0, i32 28 %144 = bitcast i8** %143 to %struct.nfs_server.217027** %145 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %144, align 16 br i1 %141, label %146, label %165 %147 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %145, i64 0, i32 0 %148 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %147, align 8 %149 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %148, i64 0, i32 12 %150 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %149, align 8 %151 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %150, i64 0, i32 47 %152 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %151, align 8 %153 = tail call i32 %152(%struct.inode.216899* %0, i32 1) #79 ------------- Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_set_inode_stale_locked 1 nfs_update_inode 2 nfs_refresh_inode_locked 3 nfs_post_op_update_inode_force_wcc_locked 4 nfs_writeback_update_inode 5 nfs4_write_done_cb 6 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 %123 = icmp eq i32 %122, 0 %124 = and i64 %110, 17922 %125 = select i1 %123, i64 %110, i64 %124 %126 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %127 = bitcast %struct.seqcount_spinlock* %126 to i64* %128 = load i64, i64* %127, align 8 %129 = or i64 %125, %128 store i64 %129, i64* %127, align 8 %130 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %131 = load %struct.address_space.216900*, %struct.address_space.216900** %130, align 8 %132 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %131, i64 0, i32 7 %133 = load i64, i64* %132, align 8 %134 = icmp eq i64 %133, 0 br i1 %134, label %138, label %135 %136 = and i64 %129, 2 %137 = icmp eq i64 %136, 0 br i1 %137, label %141, label %138 %139 = phi i64 [ -8195, %104 ], [ -8193, %135 ] %140 = and i64 %129, %139 store i64 %140, i64* %127, align 8 br label %141 %142 = load i32, i32* %105, align 8 %143 = and i32 %142, 162943 %144 = icmp eq i32 %143, 0 br i1 %144, label %147, label %145 %146 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #78 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %67 [label %53], !srcloc !4 %68 = icmp sgt i32 %52, 0 br i1 %68, label %98, label %69 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %71 = bitcast %struct.seqcount_spinlock* %70 to i64* %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %74 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %75 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.217027** %77 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 26 %79 = load i32, i32* %78, align 8 %80 = icmp eq i32 %79, 4 %81 = and i64 %72, 256 %82 = icmp ne i64 %81, 0 %83 = or i1 %82, %80 %84 = and i64 %72, 89604 %85 = icmp eq i64 %84, 0 %86 = or i1 %85, %83 br i1 %86, label %100, label %87 %88 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %89 = load i32, i32* %88, align 8 %90 = and i32 %89, 131072 %91 = icmp eq i32 %90, 0 br i1 %91, label %100, label %92 %93 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = icmp eq i64 %94, %96 br i1 %97, label %98, label %100 %99 = tail call fastcc i32 @nfs_update_inode(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #79 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %4 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %5 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217027** %7 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %6, align 16 %8 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 106 %14 = bitcast %struct.seqcount_spinlock* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %28 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = bitcast %struct.seqcount_spinlock* %8 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %67 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %68 = load i16, i16* %67, align 4 %69 = xor i16 %15, %68 %70 = icmp ugt i16 %69, 4095 br i1 %70, label %71, label %77 %72 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 11 %73 = load i64, i64* %72, align 8 %74 = zext i16 %15 to i32 %75 = zext i16 %68 to i32 %76 = tail call i32 (i8*, ...) @_printk(i8* getelementptr inbounds ([49 x i8], [49 x i8]* @.str.7.21583, i64 0, i64 0), i8* getelementptr inbounds ([17 x i8], [17 x i8]* @__func__.nfs_update_inode, i64 0, i64 0), i64 %73, i32 %74, i32 %75) #78 br label %651 tail call fastcc void @nfs_set_inode_stale_locked(%struct.inode.216899* %0) #80 Function:nfs_set_inode_stale_locked %2 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %3 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 36 %4 = bitcast %struct.seqcount_spinlock* %3 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %4, i32 2, i8* %4) #6, !srcloc !4 %5 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %8 = load %struct.super_block.216885*, %struct.super_block.216885** %7, align 8 %9 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.217027** %11 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %11, i64 0, i32 6 %13 = load %struct.nfs_iostats*, %struct.nfs_iostats** %12, align 8 %14 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %13, i64 0, i32 1, i64 3 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %14, i64* %14) #6, !srcloc !5 %15 = load %struct.super_block.216885*, %struct.super_block.216885** %7, align 8 %16 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.217027** %18 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %17, align 16 %19 = load i16, i16* %5, align 8 %20 = and i16 %19, -4096 %21 = icmp eq i16 %20, 16384 %22 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %18, i64 0, i32 21 %23 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %18, i64 0, i32 19 %24 = select i1 %21, i32* %22, i32* %23 %25 = load i32, i32* %24, align 4 %26 = zext i32 %25 to i64 %27 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 42 %28 = bitcast %struct.seqcount_spinlock* %27 to i64* store i64 %26, i64* %28, align 8 %29 = load volatile i64, i64* @jiffies, align 64 %30 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %2, i64 44 %31 = bitcast %struct.seqcount_spinlock* %30 to i64* store i64 %29, i64* %31, align 8 %32 = and i16 %6, -4096 switch i16 %32, label %57 [ i16 -32768, label %33 i16 16384, label %33 i16 -24576, label %33 ] %58 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %17, align 16 %59 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %58, i64 0, i32 0 %60 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %59, align 8 %61 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %60, i64 0, i32 12 %62 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %61, align 8 %63 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %62, i64 0, i32 47 %64 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %63, align 8 %65 = tail call i32 %64(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: proc_sys_read read_iter_null generic_file_read_iter shmem_file_read_iter blkdev_read_iter random_read_iter kernfs_fop_read_iter eventfd_read ext4_file_read_iter urandom_read_iter sock_read_iter proc_reg_read_iter pipe_read tty_read read_iter_zero hugetlbfs_read_iter seq_read_iter hung_up_tty_read nfs_file_read Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_invalidate_atime 1 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 1, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 10, i32 0 %46 = load %struct.rpc_procinfo*, %struct.rpc_procinfo** %45, align 8 %47 = icmp eq %struct.rpc_procinfo* %46, getelementptr inbounds ([69 x %struct.rpc_procinfo], [69 x %struct.rpc_procinfo]* @nfs4_procedures, i64 0, i64 68) br i1 %47, label %48, label %66 %67 = load i32, i32* %17, align 4 br label %68 %69 = phi i32 [ %67, %66 ], [ %61, %60 ] %70 = icmp sgt i32 %69, 0 br i1 %70, label %71, label %74 %72 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %73 = load %struct.inode*, %struct.inode** %72, align 8 call void bitcast (void (%struct.inode.216899*)* @nfs_invalidate_atime to void (%struct.inode*)*)(%struct.inode* %73) #78 Function:nfs_invalidate_atime %2 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 18 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %3) #78 %4 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %5 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %6 = load %struct.super_block.216885*, %struct.super_block.216885** %5, align 8 %7 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.217027** %9 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %8, align 16 %10 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %9, i64 0, i32 0 %11 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %10, align 8 %12 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %11, i64 0, i32 12 %13 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %12, align 8 %14 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %13, i64 0, i32 47 %15 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %14, align 8 %16 = tail call i32 %15(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 period_store ------------- Path:  Function:period_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds i8, i8* %7, i64 968 %9 = bitcast i8* %8 to %struct.ptp_clock_info** %10 = load %struct.ptp_clock_info*, %struct.ptp_clock_info** %9, align 8 %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 1, i32* %12, align 8 %13 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 2 %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 0, i32 1 %16 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 0 %17 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 1 %18 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.6.57538, i64 0, i64 0), i32* %13, i64* %14, i32* %15, i64* %16, i32* %17) #78 %19 = icmp eq i32 %18, 5 br i1 %19, label %20, label %36 %21 = load i32, i32* %13, align 8 %22 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %10, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp ult i32 %21, %23 br i1 %24, label %25, label %36 %26 = load i64, i64* %16, align 8 %27 = icmp ne i64 %26, 0 %28 = load i32, i32* %17, align 8 %29 = icmp ne i32 %28, 0 %30 = or i1 %27, %29 %31 = zext i1 %30 to i32 %32 = getelementptr inbounds %struct.ptp_clock_info, %struct.ptp_clock_info* %10, i64 0, i32 17 %33 = load i32 (%struct.ptp_clock_info*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info*, %struct.ptp_clock_request*, i32)** %32, align 8 %34 = call i32 %33(%struct.ptp_clock_info* %10, %struct.ptp_clock_request* nonnull %5, i32 %31) #79 ------------- Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 %123 = icmp eq i32 %122, 0 %124 = and i64 %110, 17922 %125 = select i1 %123, i64 %110, i64 %124 %126 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %127 = bitcast %struct.seqcount_spinlock* %126 to i64* %128 = load i64, i64* %127, align 8 %129 = or i64 %125, %128 store i64 %129, i64* %127, align 8 %130 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %131 = load %struct.address_space.216900*, %struct.address_space.216900** %130, align 8 %132 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %131, i64 0, i32 7 %133 = load i64, i64* %132, align 8 %134 = icmp eq i64 %133, 0 br i1 %134, label %138, label %135 %136 = and i64 %129, 2 %137 = icmp eq i64 %136, 0 br i1 %137, label %141, label %138 %139 = phi i64 [ -8195, %104 ], [ -8193, %135 ] %140 = and i64 %129, %139 store i64 %140, i64* %127, align 8 br label %141 %142 = load i32, i32* %105, align 8 %143 = and i32 %142, 162943 %144 = icmp eq i32 %143, 0 br i1 %144, label %147, label %145 %146 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #78 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %67 [label %53], !srcloc !4 %68 = icmp sgt i32 %52, 0 br i1 %68, label %98, label %69 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %71 = bitcast %struct.seqcount_spinlock* %70 to i64* %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %74 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %75 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.217027** %77 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 26 %79 = load i32, i32* %78, align 8 %80 = icmp eq i32 %79, 4 %81 = and i64 %72, 256 %82 = icmp ne i64 %81, 0 %83 = or i1 %82, %80 %84 = and i64 %72, 89604 %85 = icmp eq i64 %84, 0 %86 = or i1 %85, %83 br i1 %86, label %100, label %87 %88 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %89 = load i32, i32* %88, align 8 %90 = and i32 %89, 131072 %91 = icmp eq i32 %90, 0 br i1 %91, label %100, label %92 %93 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = icmp eq i64 %94, %96 br i1 %97, label %98, label %100 %99 = tail call fastcc i32 @nfs_update_inode(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #79 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %4 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %5 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217027** %7 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %6, align 16 %8 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 106 %14 = bitcast %struct.seqcount_spinlock* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %28 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = bitcast %struct.seqcount_spinlock* %8 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217027* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.216899* %0, i32 1) #79 %118 = icmp eq i32 %117, 0 %119 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 19 %120 = load i64, i64* %119, align 8 %121 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 40 %122 = bitcast %struct.seqcount_spinlock* %121 to i64* store i64 %120, i64* %122, align 8 %123 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 38 %124 = bitcast %struct.seqcount_spinlock* %123 to i64* %125 = load i64, i64* %124, align 8 %126 = and i64 %125, -220997 store i64 %126, i64* %124, align 8 %127 = load i32, i32* %36, align 8 %128 = and i32 %127, 393216 %129 = icmp eq i32 %128, 393216 br i1 %129, label %130, label %191 %131 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 15 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %134 = load volatile i64, i64* %133, align 8 %135 = icmp eq i64 %134, %132 br i1 %135, label %136, label %191 %137 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %138 = load i64, i64* %137, align 8 store volatile i64 %138, i64* %133, align 8 %139 = load i16, i16* %78, align 8 %140 = and i16 %139, -4096 %141 = icmp eq i16 %140, 16384 %142 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %143 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %142, i64 0, i32 28 %144 = bitcast i8** %143 to %struct.nfs_server.217027** %145 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %144, align 16 br i1 %141, label %146, label %165 %166 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %145, i64 0, i32 10 %167 = load i32, i32* %166, align 8 %168 = and i32 %167, 268435456 %169 = icmp eq i32 %168, 0 br i1 %169, label %191, label %170 %171 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %145, i64 0, i32 0 %172 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %171, align 8 %173 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %172, i64 0, i32 12 %174 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %173, align 8 %175 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %174, i64 0, i32 47 %176 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %175, align 8 %177 = tail call i32 %176(%struct.inode.216899* %0, i32 1) #79 %178 = load i64, i64* %124, align 8 %179 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %180 = load %struct.address_space.216900*, %struct.address_space.216900** %179, align 8 %181 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %180, i64 0, i32 7 %182 = load i64, i64* %181, align 8 %183 = icmp eq i64 %182, 0 br i1 %183, label %184, label %186 %187 = and i64 %178, 2 %188 = icmp eq i64 %187, 0 br i1 %188, label %191, label %189 %190 = and i64 %178, -8193 store i64 %190, i64* %124, align 8 br label %191 %192 = phi i64 [ %190, %189 ], [ %178, %186 ], [ %185, %184 ], [ %126, %165 ], [ %164, %163 ], [ %162, %161 ], [ %126, %130 ], [ %126, %109 ] %193 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 17 %194 = bitcast %struct.cpu_itimer* %193 to i8* %195 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 17, i32 1 %196 = load i64, i64* %195, align 8 %197 = load i32, i32* %36, align 8 %198 = and i32 %197, 81920 %199 = icmp eq i32 %198, 81920 br i1 %199, label %200, label %214 %201 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 17, i32 0 %202 = load i64, i64* %201, align 8 %203 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 18, i32 0 %204 = load i64, i64* %203, align 8 %205 = icmp eq i64 %202, %204 br i1 %205, label %206, label %214 %207 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 18, i32 1 %208 = load i64, i64* %207, align 8 %209 = icmp eq i64 %196, %208 br i1 %209, label %210, label %214 %211 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 13 %212 = bitcast %struct.cpu_itimer* %211 to i8* %213 = load i32, i32* %36, align 8 br label %214 %215 = phi i32 [ %197, %206 ], [ %197, %191 ], [ %197, %200 ], [ %213, %210 ] %216 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 16 %217 = bitcast %struct.cpu_itimer* %216 to i8* %218 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 16, i32 1 %219 = load i64, i64* %218, align 8 %220 = and i32 %215, 40960 %221 = icmp eq i32 %220, 40960 br i1 %221, label %222, label %261 %223 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 16, i32 0 %224 = load i64, i64* %223, align 8 %225 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 17, i32 0 %226 = load i64, i64* %225, align 8 %227 = icmp eq i64 %224, %226 br i1 %227, label %228, label %261 %229 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 17, i32 1 %230 = load i64, i64* %229, align 8 %231 = icmp eq i64 %219, %230 br i1 %231, label %232, label %261 %233 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 12 %234 = bitcast %struct.cpu_itimer* %233 to i8* %235 = load i16, i16* %78, align 8 %236 = and i16 %235, -4096 %237 = icmp eq i16 %236, 16384 br i1 %237, label %238, label %261 %239 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %240 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %239, i64 0, i32 28 %241 = bitcast i8** %240 to %struct.nfs_server.217027** %242 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %241, align 16 %243 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %242, i64 0, i32 0 %244 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %243, align 8 %245 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %244, i64 0, i32 12 %246 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %245, align 8 %247 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %246, i64 0, i32 47 %248 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %247, align 8 %249 = tail call i32 %248(%struct.inode.216899* %0, i32 1) #79 %250 = load i64, i64* %124, align 8 %251 = or i64 %250, 2 store i64 %251, i64* %124, align 8 %252 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %253 = load %struct.address_space.216900*, %struct.address_space.216900** %252, align 8 %254 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %253, i64 0, i32 7 %255 = load i64, i64* %254, align 8 %256 = icmp eq i64 %255, 0 br i1 %256, label %257, label %259 %260 = and i64 %251, -8193 store i64 %260, i64* %124, align 8 br label %261 %262 = phi i64 [ %260, %259 ], [ %258, %257 ], [ %192, %232 ], [ %192, %228 ], [ %192, %222 ], [ %192, %214 ] %263 = load i32, i32* %36, align 8 %264 = and i32 %263, 192 %265 = icmp eq i32 %264, 192 br i1 %265, label %266, label %289 %290 = phi i32 [ %263, %261 ], [ %263, %266 ], [ %263, %278 ], [ %288, %283 ] %291 = and i32 %290, 131072 %292 = icmp eq i32 %291, 0 br i1 %292, label %316, label %293 %317 = and i64 %125, 256 %318 = or i64 %262, %317 store i64 %318, i64* %124, align 8 %319 = xor i1 %118, true %320 = and i64 %318, 256 %321 = icmp eq i64 %320, 0 %322 = and i1 %321, %319 br label %323 %324 = phi i64 [ 0, %293 ], [ %312, %311 ], [ 0, %316 ] %325 = phi i64 [ %125, %293 ], [ %313, %311 ], [ %125, %316 ] %326 = phi i1 [ true, %293 ], [ true, %311 ], [ %322, %316 ] %327 = phi i1 [ false, %293 ], [ %314, %311 ], [ false, %316 ] %328 = load i32, i32* %36, align 8 %329 = and i32 %328, 8192 %330 = icmp eq i32 %329, 0 br i1 %330, label %334, label %331 %335 = and i64 %11, 8192 %336 = icmp eq i64 %335, 0 br i1 %336, label %341, label %337 %342 = load i32, i32* %36, align 8 %343 = and i32 %342, 16384 %344 = icmp eq i32 %343, 0 br i1 %344, label %348, label %345 %349 = and i64 %11, 16384 %350 = icmp eq i64 %349, 0 br i1 %350, label %355, label %351 %356 = load i32, i32* %36, align 8 %357 = and i32 %356, 64 %358 = icmp eq i32 %357, 0 br i1 %358, label %393, label %359 %360 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 6 %361 = load i64, i64* %360, align 8 %362 = icmp ult i64 %361, 9223372036854775807 %363 = select i1 %362, i64 %361, i64 9223372036854775807 %364 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 14 %365 = load i64, i64* %364, align 8 %366 = icmp eq i64 %363, %365 %367 = xor i1 %118, true %368 = or i1 %366, %367 br i1 %368, label %383, label %369 %370 = load i16, i16* %78, align 8 %371 = and i16 %370, -4096 %372 = icmp eq i16 %371, -32768 br i1 %372, label %373, label %380 store i64 %363, i64* %364, align 8 %381 = or i64 %324, 2 %382 = select i1 %35, i64 %324, i64 %381 br label %383 %384 = phi i64 [ %324, %359 ], [ %324, %373 ], [ %382, %380 ] %385 = icmp eq i64 %363, 0 br i1 %385, label %386, label %397 %387 = load i32, i32* %36, align 8 %388 = and i32 %387, 768 %389 = icmp eq i32 %388, 0 br i1 %389, label %390, label %397 %398 = phi i64 [ %384, %386 ], [ %384, %390 ], [ %384, %383 ], [ %324, %393 ] %399 = load i32, i32* %36, align 8 %400 = and i32 %399, 4096 %401 = icmp eq i32 %400, 0 br i1 %401, label %407, label %402 %408 = and i64 %11, 4096 %409 = icmp eq i64 %408, 0 br i1 %409, label %414, label %410 %415 = load i32, i32* %36, align 8 %416 = and i32 %415, 2 %417 = icmp eq i32 %416, 0 br i1 %417, label %429, label %418 %419 = load i16, i16* %78, align 8 %420 = and i16 %419, 4095 %421 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %422 = load i16, i16* %421, align 4 %423 = and i16 %422, 4095 %424 = icmp eq i16 %420, %423 br i1 %424, label %436, label %425 %437 = phi i64 [ %428, %425 ], [ %398, %418 ], [ %398, %432 ], [ %398, %429 ] %438 = load i32, i32* %36, align 8 %439 = and i32 %438, 8 %440 = icmp eq i32 %439, 0 br i1 %440, label %449, label %441 %450 = and i64 %11, 8 %451 = icmp eq i64 %450, 0 br i1 %451, label %456, label %452 %457 = phi i64 [ %437, %441 ], [ %448, %447 ], [ %437, %452 ], [ %437, %449 ] %458 = load i32, i32* %36, align 8 %459 = and i32 %458, 16 %460 = icmp eq i32 %459, 0 br i1 %460, label %469, label %461 %470 = and i64 %11, 16 %471 = icmp eq i64 %470, 0 br i1 %471, label %476, label %472 %477 = phi i64 [ %457, %461 ], [ %468, %467 ], [ %457, %472 ], [ %457, %469 ] %478 = load i32, i32* %36, align 8 %479 = and i32 %478, 4 %480 = icmp eq i32 %479, 0 br i1 %480, label %493, label %481 %482 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 12, i32 0 %483 = load i32, i32* %482, align 8 %484 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 2 %485 = load i32, i32* %484, align 8 %486 = icmp eq i32 %483, %485 br i1 %486, label %500, label %487 %501 = phi i64 [ %492, %487 ], [ %477, %481 ], [ %477, %496 ], [ %477, %493 ] %502 = load i32, i32* %36, align 8 %503 = and i32 %502, 512 %504 = icmp eq i32 %503, 0 br i1 %504, label %511, label %505 %512 = and i64 %11, 512 %513 = icmp eq i64 %512, 0 br i1 %513, label %518, label %514 %519 = load i32, i32* %36, align 8 %520 = and i32 %519, 256 %521 = icmp eq i32 %520, 0 br i1 %521, label %529, label %522 %530 = and i64 %11, 256 %531 = icmp eq i64 %530, 0 br i1 %531, label %536, label %532 br i1 %327, label %537, label %565 br i1 %326, label %566, label %595 %567 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 44 %568 = bitcast %struct.seqcount_spinlock* %567 to i64* %569 = load i64, i64* %568, align 8 %570 = sub i64 %12, %569 %571 = icmp sgt i64 %570, -1 %572 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 42 %573 = bitcast %struct.seqcount_spinlock* %572 to i64* %574 = load i64, i64* %573, align 8 %575 = sub i64 %570, %574 %576 = icmp slt i64 %575, 0 %577 = and i1 %571, %576 br i1 %577, label %594, label %578 store i64 %12, i64* %568, align 8 br label %595 %596 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %597 = load i64, i64* %596, align 8 %598 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 46 %599 = bitcast %struct.seqcount_spinlock* %598 to i64* %600 = load i64, i64* %599, align 8 %601 = sub i64 %597, %600 %602 = icmp sgt i64 %601, 0 br i1 %602, label %603, label %604 %605 = load i16, i16* %78, align 8 %606 = and i16 %605, -4096 switch i16 %606, label %607 [ i16 -32768, label %609 i16 16384, label %609 i16 -24576, label %609 ] %610 = phi i64 [ %501, %604 ], [ %608, %607 ], [ %501, %604 ], [ %501, %604 ] %611 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %612 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %611, i64 0, i32 28 %613 = bitcast i8** %612 to %struct.nfs_server.217027** %614 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %613, align 16 %615 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %614, i64 0, i32 0 %616 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %615, align 8 %617 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %616, i64 0, i32 12 %618 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %617, align 8 %619 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %618, i64 0, i32 47 %620 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %619, align 8 %621 = tail call i32 %620(%struct.inode.216899* %0, i32 1) #79 ------------- Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: fifo_init fifo_hd_init Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs4_update_changeattr_locked 2 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236416** %6 = load %struct.nfs_unlinkdata.236416*, %struct.nfs_unlinkdata.236416** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236411* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %50 = phi i32 [ %26, %19 ], [ %47, %46 ] %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 3 %54 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 2 %55 = load %struct.nfs_fattr*, %struct.nfs_fattr** %54, align 8 %56 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %55, i64 0, i32 19 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18 %59 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %58, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %59) #78 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %1, %struct.perf_guest_switch_msr* %53, i64 %57, i64 2) #78 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.236401** %18 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %83, label %29 %84 = phi i64 [ %13, %24 ], [ %70, %69 ], [ %13, %26 ] tail call void bitcast (void (%struct.inode.216899*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %0, i64 %84) #78 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %5 = load %struct.super_block.216885*, %struct.super_block.216885** %4, align 8 %6 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217027** %8 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs4_update_changeattr_locked 2 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236419** %7 = load %struct.nfs_renamedata.236419*, %struct.nfs_renamedata.236419** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236411* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %51 = phi i32 [ %27, %20 ], [ %48, %47 ] %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %74 %54 = icmp eq %struct.inode* %2, %1 %55 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 2 %56 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 3 %57 = load %struct.nfs_fattr*, %struct.nfs_fattr** %56, align 8 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %57, i64 0, i32 19 %59 = load i64, i64* %58, align 8 %60 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18 %61 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %60, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %61) #78 br i1 %54, label %72, label %62 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %2, %struct.perf_guest_switch_msr* %55, i64 %59, i64 2) #78 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.236401** %18 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %83, label %29 %84 = phi i64 [ %13, %24 ], [ %70, %69 ], [ %13, %26 ] tail call void bitcast (void (%struct.inode.216899*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %0, i64 %84) #78 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %5 = load %struct.super_block.216885*, %struct.super_block.216885** %4, align 8 %6 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217027** %8 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, -4096 %6 = icmp eq i16 %5, 16384 br i1 %6, label %7, label %8 tail call void bitcast (void (%struct.inode.216899*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* %1, i64 2) #78 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %5 = load %struct.super_block.216885*, %struct.super_block.216885** %4, align 8 %6 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217027** %8 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_safe_remove 2 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %17 [label %3], !srcloc !4 %18 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %19 = bitcast %struct.anon.1* %18 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %19) #78 %20 = bitcast %struct.anon.1* %18 to %struct.swap_cluster_info* %21 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %20, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = icmp ugt i32 %22, 1 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 2, i32 1 %32 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %31, align 8 %33 = icmp eq %struct.hlist_bl_node** %32, null br i1 %33, label %35, label %34 %36 = phi i1 [ true, %30 ], [ false, %34 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = bitcast %struct.anon.1* %18 to i8* store volatile i8 0, i8* %37, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %38 = tail call fastcc i32 @nfs_safe_remove(%struct.dentry* %1) #79 Function:nfs_safe_remove %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %81 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_remove_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_safe_remove, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp ne %struct.inode* %7, null %29 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %30 = load %struct.super_block*, %struct.super_block** %29, align 8 %31 = getelementptr inbounds %struct.super_block, %struct.super_block* %30, i64 0, i32 28 %32 = bitcast i8** %31 to %struct.nfs_server.214586** %33 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %32, align 16 %34 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %33, i64 0, i32 0 %35 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %34, align 8 %36 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %35, i64 0, i32 12 %37 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %36, align 8 %38 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %37, i64 0, i32 16 %39 = load i32 (%struct.inode*, %struct.dentry*)*, i32 (%struct.inode*, %struct.dentry*)** %38, align 8 %40 = tail call i32 %39(%struct.inode* %5, %struct.dentry* %0) #78 %41 = icmp eq i32 %40, 0 %42 = and i1 %28, %41 br i1 %42, label %43, label %56 %44 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 18 %45 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %44, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #78 %46 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %50, label %49 tail call void bitcast (void (%struct.inode.150604*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* nonnull %7) #78 br label %50 %51 = tail call i64 @nfs_inc_attr_generation_counter() #78 %52 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 24, i32 2 %53 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %52, i64 46 %54 = bitcast %struct.seqcount_spinlock* %53 to i64* store i64 %51, i64* %54, align 8 tail call void bitcast (void (%struct.inode.216899*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %7, i64 66304) #78 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %5 = load %struct.super_block.216885*, %struct.super_block.216885** %4, align 8 %6 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217027** %8 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_safe_remove 2 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %17 [label %3], !srcloc !4 %18 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %19 = bitcast %struct.anon.1* %18 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %19) #78 %20 = bitcast %struct.anon.1* %18 to %struct.swap_cluster_info* %21 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %20, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = icmp ugt i32 %22, 1 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 2, i32 1 %32 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %31, align 8 %33 = icmp eq %struct.hlist_bl_node** %32, null br i1 %33, label %35, label %34 %36 = phi i1 [ true, %30 ], [ false, %34 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = bitcast %struct.anon.1* %18 to i8* store volatile i8 0, i8* %37, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %38 = tail call fastcc i32 @nfs_safe_remove(%struct.dentry* %1) #79 Function:nfs_safe_remove %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %81 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_remove_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_safe_remove, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp ne %struct.inode* %7, null %29 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %30 = load %struct.super_block*, %struct.super_block** %29, align 8 %31 = getelementptr inbounds %struct.super_block, %struct.super_block* %30, i64 0, i32 28 %32 = bitcast i8** %31 to %struct.nfs_server.214586** %33 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %32, align 16 %34 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %33, i64 0, i32 0 %35 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %34, align 8 %36 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %35, i64 0, i32 12 %37 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %36, align 8 %38 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %37, i64 0, i32 16 %39 = load i32 (%struct.inode*, %struct.dentry*)*, i32 (%struct.inode*, %struct.dentry*)** %38, align 8 %40 = tail call i32 %39(%struct.inode* %5, %struct.dentry* %0) #78 %41 = icmp eq i32 %40, 0 %42 = and i1 %28, %41 br i1 %42, label %43, label %56 %44 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 18 %45 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %44, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #78 %46 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %50, label %49 tail call void bitcast (void (%struct.inode.150604*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* nonnull %7) #78 br label %50 %51 = tail call i64 @nfs_inc_attr_generation_counter() #78 %52 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 24, i32 2 %53 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %52, i64 46 %54 = bitcast %struct.seqcount_spinlock* %53 to i64* store i64 %51, i64* %54, align 8 tail call void bitcast (void (%struct.inode.216899*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %7, i64 66304) #78 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %5 = load %struct.super_block.216885*, %struct.super_block.216885** %4, align 8 %6 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217027** %8 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_set_cache_invalid 1 nfs_safe_remove 2 nfs_unlink ------------- Path:  Function:nfs_unlink callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_unlink_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_unlink, %3)) #6 to label %17 [label %3], !srcloc !4 %18 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 7, i32 0 %19 = bitcast %struct.anon.1* %18 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %19) #78 %20 = bitcast %struct.anon.1* %18 to %struct.swap_cluster_info* %21 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %20, i64 0, i32 1 %22 = load i32, i32* %21, align 4 %23 = icmp ugt i32 %22, 1 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 2, i32 1 %32 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %31, align 8 %33 = icmp eq %struct.hlist_bl_node** %32, null br i1 %33, label %35, label %34 %36 = phi i1 [ true, %30 ], [ false, %34 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %37 = bitcast %struct.anon.1* %18 to i8* store volatile i8 0, i8* %37, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %38 = tail call fastcc i32 @nfs_safe_remove(%struct.dentry* %1) #79 Function:nfs_safe_remove %2 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 3 %3 = load %struct.dentry*, %struct.dentry** %2, align 8 %4 = getelementptr inbounds %struct.dentry, %struct.dentry* %3, i64 0, i32 5 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4096 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %81 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_remove_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_safe_remove, %13)) #6 to label %27 [label %13], !srcloc !4 %28 = icmp ne %struct.inode* %7, null %29 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %30 = load %struct.super_block*, %struct.super_block** %29, align 8 %31 = getelementptr inbounds %struct.super_block, %struct.super_block* %30, i64 0, i32 28 %32 = bitcast i8** %31 to %struct.nfs_server.214586** %33 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %32, align 16 %34 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %33, i64 0, i32 0 %35 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %34, align 8 %36 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %35, i64 0, i32 12 %37 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %36, align 8 %38 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %37, i64 0, i32 16 %39 = load i32 (%struct.inode*, %struct.dentry*)*, i32 (%struct.inode*, %struct.dentry*)** %38, align 8 %40 = tail call i32 %39(%struct.inode* %5, %struct.dentry* %0) #78 %41 = icmp eq i32 %40, 0 %42 = and i1 %28, %41 br i1 %42, label %43, label %56 %44 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 18 %45 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %44, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #78 %46 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 12, i32 0 %47 = load i32, i32* %46, align 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %50, label %49 tail call void bitcast (void (%struct.inode.150604*)* @drop_nlink to void (%struct.inode*)*)(%struct.inode* nonnull %7) #78 br label %50 %51 = tail call i64 @nfs_inc_attr_generation_counter() #78 %52 = getelementptr %struct.inode, %struct.inode* %7, i64 -1, i32 24, i32 2 %53 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %52, i64 46 %54 = bitcast %struct.seqcount_spinlock* %53 to i64* store i64 %51, i64* %54, align 8 tail call void bitcast (void (%struct.inode.216899*, i64)* @nfs_set_cache_invalid to void (%struct.inode*, i64)*)(%struct.inode* nonnull %7, i64 66304) #78 Function:nfs_set_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %5 = load %struct.super_block.216885*, %struct.super_block.216885** %4, align 8 %6 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %5, i64 0, i32 28 %7 = bitcast i8** %6 to %struct.nfs_server.217027** %8 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %7, align 16 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %8, i64 0, i32 0 %10 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %9, align 8 %11 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %10, i64 0, i32 12 %12 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %11, align 8 %13 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %12, i64 0, i32 47 %14 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %13, align 8 %15 = tail call i32 %14(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_lock ------------- Path:  Function:nfs_lock %4 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 18 %5 = load %struct.address_space.214817*, %struct.address_space.214817** %4, align 8 %6 = getelementptr inbounds %struct.address_space.214817, %struct.address_space.214817* %5, i64 0, i32 0 %7 = load %struct.inode.215256*, %struct.inode.215256** %6, align 8 %8 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %7, i64 0, i32 8 %9 = load %struct.super_block.215246*, %struct.super_block.215246** %8, align 8 %10 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.215399** %12 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 16 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !4 %16 = getelementptr inbounds %struct.file_lock.215252, %struct.file_lock.215252* %2, i64 0, i32 6 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 4096 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %86 %21 = load %struct.super_block.215246*, %struct.super_block.215246** %8, align 8 %22 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %21, i64 0, i32 28 %23 = bitcast i8** %22 to %struct.nfs_server.215399** %24 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %23, align 16 %25 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %24, i64 0, i32 8 %26 = load i32, i32* %25, align 8 %27 = lshr i32 %26, 21 %28 = and i32 %27, 1 %29 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %24, i64 0, i32 0 %30 = load %struct.nfs_client.215393*, %struct.nfs_client.215393** %29, align 8 %31 = getelementptr inbounds %struct.nfs_client.215393, %struct.nfs_client.215393* %30, i64 0, i32 12 %32 = load %struct.nfs_rpc_ops.215376*, %struct.nfs_rpc_ops.215376** %31, align 8 %33 = getelementptr inbounds %struct.nfs_rpc_ops.215376, %struct.nfs_rpc_ops.215376* %32, i64 0, i32 43 %34 = load i32 (%struct.file_lock.215252*)*, i32 (%struct.file_lock.215252*)** %33, align 8 %35 = icmp eq i32 (%struct.file_lock.215252*)* %34, null br i1 %35, label %39, label %36 %40 = icmp eq i32 %1, 5 br i1 %40, label %41, label %78 %42 = load %struct.address_space.214817*, %struct.address_space.214817** %4, align 8 %43 = getelementptr inbounds %struct.address_space.214817, %struct.address_space.214817* %42, i64 0, i32 0 %44 = load %struct.inode.215256*, %struct.inode.215256** %43, align 8 %45 = getelementptr inbounds %struct.file_lock.215252, %struct.file_lock.215252* %2, i64 0, i32 7 %46 = load i8, i8* %45, align 4 tail call void bitcast (void (%struct.file*, %struct.file_lock*)* @posix_test_lock to void (%struct.file.215264*, %struct.file_lock.215252*)*)(%struct.file.215264* %0, %struct.file_lock.215252* %2) #78 %47 = load i8, i8* %45, align 4 %48 = icmp eq i8 %47, 2 br i1 %48, label %49, label %86 store i8 %46, i8* %45, align 4 %50 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %44, i64 0, i32 8 %51 = load %struct.super_block.215246*, %struct.super_block.215246** %50, align 8 %52 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.215399** %54 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %53, align 16 %55 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %54, i64 0, i32 0 %56 = load %struct.nfs_client.215393*, %struct.nfs_client.215393** %55, align 8 %57 = getelementptr inbounds %struct.nfs_client.215393, %struct.nfs_client.215393* %56, i64 0, i32 12 %58 = load %struct.nfs_rpc_ops.215376*, %struct.nfs_rpc_ops.215376** %57, align 8 %59 = getelementptr inbounds %struct.nfs_rpc_ops.215376, %struct.nfs_rpc_ops.215376* %58, i64 0, i32 47 %60 = load i32 (%struct.inode.215256*, i32)*, i32 (%struct.inode.215256*, i32)** %59, align 8 %61 = tail call i32 %60(%struct.inode.215256* %44, i32 1) #78 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_update_inode 1 nfs_refresh_inode_locked 2 nfs_post_op_update_inode_force_wcc_locked 3 nfs_writeback_update_inode 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 %123 = icmp eq i32 %122, 0 %124 = and i64 %110, 17922 %125 = select i1 %123, i64 %110, i64 %124 %126 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %127 = bitcast %struct.seqcount_spinlock* %126 to i64* %128 = load i64, i64* %127, align 8 %129 = or i64 %125, %128 store i64 %129, i64* %127, align 8 %130 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %131 = load %struct.address_space.216900*, %struct.address_space.216900** %130, align 8 %132 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %131, i64 0, i32 7 %133 = load i64, i64* %132, align 8 %134 = icmp eq i64 %133, 0 br i1 %134, label %138, label %135 %136 = and i64 %129, 2 %137 = icmp eq i64 %136, 0 br i1 %137, label %141, label %138 %139 = phi i64 [ -8195, %104 ], [ -8193, %135 ] %140 = and i64 %129, %139 store i64 %140, i64* %127, align 8 br label %141 %142 = load i32, i32* %105, align 8 %143 = and i32 %142, 162943 %144 = icmp eq i32 %143, 0 br i1 %144, label %147, label %145 %146 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #78 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %67 [label %53], !srcloc !4 %68 = icmp sgt i32 %52, 0 br i1 %68, label %98, label %69 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %71 = bitcast %struct.seqcount_spinlock* %70 to i64* %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %74 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %75 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.217027** %77 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 26 %79 = load i32, i32* %78, align 8 %80 = icmp eq i32 %79, 4 %81 = and i64 %72, 256 %82 = icmp ne i64 %81, 0 %83 = or i1 %82, %80 %84 = and i64 %72, 89604 %85 = icmp eq i64 %84, 0 %86 = or i1 %85, %83 br i1 %86, label %100, label %87 %88 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %89 = load i32, i32* %88, align 8 %90 = and i32 %89, 131072 %91 = icmp eq i32 %90, 0 br i1 %91, label %100, label %92 %93 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %96 = load volatile i64, i64* %95, align 8 %97 = icmp eq i64 %94, %96 br i1 %97, label %98, label %100 %99 = tail call fastcc i32 @nfs_update_inode(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #79 Function:nfs_update_inode %3 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %4 = load %struct.super_block.216885*, %struct.super_block.216885** %3, align 8 %5 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217027** %7 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %6, align 16 %8 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %9 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 9 %10 = load i32, i32* %9, align 4 %11 = zext i32 %10 to i64 %12 = load volatile i64, i64* @jiffies, align 64 %13 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %8, i64 106 %14 = bitcast %struct.seqcount_spinlock* %13 to i16* %15 = load i16, i16* %14, align 8 %16 = and i16 %15, -4096 %17 = icmp eq i16 %16, -32768 br i1 %17, label %18, label %34 %35 = phi i1 [ false, %24 ], [ %33, %28 ], [ false, %2 ], [ false, %18 ] %36 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 2048 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %43 %44 = bitcast %struct.seqcount_spinlock* %8 to i64* %45 = load i64, i64* %44, align 8 %46 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %45, %47 br i1 %48, label %63, label %49 %64 = and i32 %37, 1 %65 = icmp eq i32 %64, 0 br i1 %65, label %77, label %66 %78 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %79 = icmp ne i16 %16, 16384 %80 = and i32 %37, 1024 %81 = icmp eq i32 %80, 0 %82 = or i1 %81, %79 br i1 %82, label %109, label %83 %84 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27 %85 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8 %86 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %84, i64 0, i32 0 %87 = load i64, i64* %86, align 8 %88 = getelementptr inbounds %struct.cpu_itimer, %struct.cpu_itimer* %85, i64 0, i32 0 %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %87, %89 br i1 %90, label %91, label %97 %92 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %7, i64 0, i32 27, i32 1 %93 = load i64, i64* %92, align 8 %94 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 8, i32 1 %95 = load i64, i64* %94, align 8 %96 = icmp eq i64 %93, %95 br i1 %96, label %109, label %97 %110 = phi %struct.nfs_server.217027* [ %7, %91 ], [ %7, %77 ], [ %7, %97 ], [ %108, %102 ] %111 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %110, i64 0, i32 0 %112 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %111, align 8 %113 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %112, i64 0, i32 12 %114 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %113, align 8 %115 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %114, i64 0, i32 47 %116 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %115, align 8 %117 = tail call i32 %116(%struct.inode.216899* %0, i32 1) #79 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.214823, %struct.kiocb.214823* %0, i64 0, i32 0 %4 = load %struct.file.215264*, %struct.file.215264** %3, align 8 %5 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %4, i64 0, i32 2 %6 = load %struct.inode.215256*, %struct.inode.215256** %5, align 8 %7 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %6, i64 0, i32 8 %8 = load %struct.super_block.215246*, %struct.super_block.215246** %7, align 8 %9 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.nfs_server.215399** %11 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %10, align 16 %12 = getelementptr inbounds %struct.nfs_server.215399, %struct.nfs_server.215399* %11, i64 0, i32 8 %13 = load i32, i32* %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.file*, %struct.inode*)* @nfs_key_timeout_notify to i32 (%struct.file.215264*, %struct.inode.215256*)*)(%struct.file.215264* %4, %struct.inode.215256* %6) #78 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = getelementptr inbounds %struct.kiocb.214823, %struct.kiocb.214823* %0, i64 0, i32 4 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 131072 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %26 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %6, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 256 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %148 %31 = and i32 %20, 16 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %39 %40 = load %struct.super_block.215246*, %struct.super_block.215246** %7, align 8 %41 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %40, i64 0, i32 28 %42 = bitcast i8** %41 to %struct.nfs_server.215399** %43 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %42, align 16 %44 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %4, i64 0, i32 7 %45 = load i32, i32* %44, align 8 %46 = and i32 %45, 16384 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %50 %49 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode.215256*, i64)*)(%struct.inode.215256* %6, i64 2048) #78 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_file_llseek ------------- Path:  Function:nfs_file_llseek %4 = icmp ult i32 %2, 2 br i1 %4, label %25, label %5 %6 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 18 %7 = load %struct.address_space.214817*, %struct.address_space.214817** %6, align 8 %8 = getelementptr inbounds %struct.address_space.214817, %struct.address_space.214817* %7, i64 0, i32 0 %9 = load %struct.inode.215256*, %struct.inode.215256** %8, align 8 %10 = getelementptr inbounds %struct.inode.215256, %struct.inode.215256* %9, i64 0, i32 8 %11 = load %struct.super_block.215246*, %struct.super_block.215246** %10, align 8 %12 = getelementptr inbounds %struct.super_block.215246, %struct.super_block.215246* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.215399** %14 = load %struct.nfs_server.215399*, %struct.nfs_server.215399** %13, align 16 %15 = getelementptr inbounds %struct.file.215264, %struct.file.215264* %0, i64 0, i32 7 %16 = load i32, i32* %15, align 8 %17 = and i32 %16, 16384 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %21 %20 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode.215256*, i64)*)(%struct.inode.215256* %9, i64 2048) #78 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs_check_cache_invalid 1 nfs_access_get_cached 2 nfs_do_access 3 nfs_permission ------------- Path:  Function:nfs_permission %4 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #11, !srcloc !4 %5 = inttoptr i64 %4 to %struct.task_struct* %6 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %5, i64 0, i32 85 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 8 %9 = load %struct.super_block*, %struct.super_block** %8, align 8 %10 = getelementptr inbounds %struct.super_block, %struct.super_block* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.214586** %12 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %11, align 16 %13 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 6 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !5 %16 = and i32 %2, 7 %17 = icmp eq i32 %16, 0 br i1 %17, label %57, label %18 %19 = and i32 %2, 80 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %40 %22 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 0 %23 = load i16, i16* %22, align 8 %24 = and i16 %23, -4096 switch i16 %24, label %40 [ i16 -24576, label %57 i16 -32768, label %25 i16 16384, label %37 ] %38 = and i32 %2, 6 %39 = icmp eq i32 %38, 2 br i1 %39, label %57, label %40 %41 = load %struct.super_block*, %struct.super_block** %8, align 8 %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.214586** %44 = load %struct.nfs_server.214586*, %struct.nfs_server.214586** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.214586, %struct.nfs_server.214586* %44, i64 0, i32 0 %46 = load %struct.nfs_client.214580*, %struct.nfs_client.214580** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.214580, %struct.nfs_client.214580* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.214562*, %struct.nfs_rpc_ops.214562** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.214562, %struct.nfs_rpc_ops.214562* %48, i64 0, i32 13 %50 = load i32 (%struct.inode*, %struct.nfs_access_entry*)*, i32 (%struct.inode*, %struct.nfs_access_entry*)** %49, align 8 %51 = icmp eq i32 (%struct.inode*, %struct.nfs_access_entry*)* %50, null br i1 %51, label %86, label %52 %53 = tail call fastcc i32 @nfs_do_access(%struct.inode* %1, %struct.cred* %7, i32 %2) #78 Function:nfs_do_access %4 = alloca %struct.nfs_access_entry, align 8 %5 = bitcast %struct.nfs_access_entry* %4 to i8* %6 = trunc i32 %2 to i8 %7 = icmp sgt i8 %6, -1 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_access_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_do_access, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %4, i64 0, i32 3 %24 = call i32 @nfs_access_get_cached(%struct.inode* %0, %struct.cred* %1, i32* %23, i1 zeroext %7) #79 Function:nfs_access_get_cached %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 38 %7 = bitcast %struct.seqcount_spinlock* %6 to i64* %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %33 %12 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 50 %13 = bitcast %struct.seqcount_spinlock* %12 to %struct.list_head* %14 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 52 %15 = bitcast %struct.seqcount_spinlock* %14 to %struct.list_head** %16 = load volatile %struct.list_head*, %struct.list_head** %15, align 8 %17 = getelementptr %struct.list_head, %struct.list_head* %16, i64 -2, i32 1 %18 = icmp eq %struct.list_head* %16, %13 br i1 %18, label %34, label %19 %20 = getelementptr inbounds %struct.list_head*, %struct.list_head** %17, i64 5 %21 = bitcast %struct.list_head** %20 to %struct.cred** %22 = load %struct.cred*, %struct.cred** %21, align 8 %23 = tail call i32 @cred_fscmp(%struct.cred* %1, %struct.cred* %22) #78 %24 = icmp ne i32 %23, 0 %25 = icmp eq %struct.list_head** %17, null %26 = or i1 %25, %24 br i1 %26, label %35, label %27 %28 = tail call zeroext i1 bitcast (i1 (%struct.inode.216899*, i64)* @nfs_check_cache_invalid to i1 (%struct.inode*, i64)*)(%struct.inode* %0, i64 8) #78 Function:nfs_check_cache_invalid %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = and i64 %6, %1 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %38 %10 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %11 = load %struct.super_block.216885*, %struct.super_block.216885** %10, align 8 %12 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.217027** %14 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %13, align 16 %15 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %14, i64 0, i32 0 %16 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %15, align 8 %17 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %16, i64 0, i32 12 %18 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %17, align 8 %19 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %18, i64 0, i32 47 %20 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %19, align 8 %21 = tail call i32 %20(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_refresh_inode_locked 1 nfs_post_op_update_inode_force_wcc_locked 2 nfs_writeback_update_inode 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 %123 = icmp eq i32 %122, 0 %124 = and i64 %110, 17922 %125 = select i1 %123, i64 %110, i64 %124 %126 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %127 = bitcast %struct.seqcount_spinlock* %126 to i64* %128 = load i64, i64* %127, align 8 %129 = or i64 %125, %128 store i64 %129, i64* %127, align 8 %130 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %131 = load %struct.address_space.216900*, %struct.address_space.216900** %130, align 8 %132 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %131, i64 0, i32 7 %133 = load i64, i64* %132, align 8 %134 = icmp eq i64 %133, 0 br i1 %134, label %138, label %135 %136 = and i64 %129, 2 %137 = icmp eq i64 %136, 0 br i1 %137, label %141, label %138 %139 = phi i64 [ -8195, %104 ], [ -8193, %135 ] %140 = and i64 %129, %139 store i64 %140, i64* %127, align 8 br label %141 %142 = load i32, i32* %105, align 8 %143 = and i32 %142, 162943 %144 = icmp eq i32 %143, 0 br i1 %144, label %147, label %145 %146 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #78 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %67 [label %53], !srcloc !4 %68 = icmp sgt i32 %52, 0 br i1 %68, label %98, label %69 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %71 = bitcast %struct.seqcount_spinlock* %70 to i64* %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %74 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %75 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.217027** %77 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 26 %79 = load i32, i32* %78, align 8 %80 = icmp eq i32 %79, 4 %81 = and i64 %72, 256 %82 = icmp ne i64 %81, 0 %83 = or i1 %82, %80 %84 = and i64 %72, 89604 %85 = icmp eq i64 %84, 0 %86 = or i1 %85, %83 br i1 %86, label %100, label %87 %101 = icmp eq i32 %52, 0 br i1 %101, label %102, label %343 %103 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 0 %104 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %103, align 8 %105 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %104, i64 0, i32 12 %106 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %105, align 8 %107 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %106, i64 0, i32 47 %108 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %107, align 8 %109 = tail call i32 %108(%struct.inode.216899* %0, i32 1) #78 %110 = icmp eq i32 %109, 0 br i1 %110, label %111, label %343 %112 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %113 = load i32, i32* %112, align 8 %114 = and i32 %113, 2048 %115 = icmp eq i32 %114, 0 br i1 %115, label %116, label %119 %120 = bitcast %struct.seqcount_spinlock* %3 to i64* %121 = load i64, i64* %120, align 8 %122 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 9 %123 = load i64, i64* %122, align 8 %124 = icmp eq i64 %121, %123 br i1 %124, label %133, label %125 %134 = and i32 %113, 1 %135 = icmp eq i32 %134, 0 br i1 %135, label %136, label %140 %141 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %142 = load i16, i16* %141, align 4 %143 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %144 = load i16, i16* %143, align 8 %145 = xor i16 %144, %142 %146 = icmp ugt i16 %145, 4095 br i1 %146, label %343, label %147 %148 = phi i16 [ %139, %136 ], [ %144, %140 ] %149 = and i16 %148, -4096 %150 = icmp eq i16 %149, -32768 br i1 %150, label %151, label %167 %152 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 78 %153 = bitcast %struct.seqcount_spinlock* %152 to %struct.list_head* %154 = bitcast %struct.seqcount_spinlock* %152 to %struct.list_head** %155 = load volatile %struct.list_head*, %struct.list_head** %154, align 8 %156 = icmp eq %struct.list_head* %155, %153 br i1 %156, label %167, label %157 %158 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 190, i32 0, i32 0 %159 = load volatile i32, i32* %158, align 4 %160 = icmp sgt i32 %159, 0 br i1 %160, label %161, label %167 %162 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 36 %163 = bitcast %struct.seqcount_spinlock* %162 to i64* %164 = load volatile i64, i64* %163, align 8 %165 = and i64 %164, 4096 %166 = icmp eq i64 %165, 0 br i1 %166, label %227, label %167 %168 = and i32 %113, 131072 %169 = icmp eq i32 %168, 0 br i1 %169, label %177, label %170 %171 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %172 = load i64, i64* %171, align 8 %173 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %174 = load volatile i64, i64* %173, align 8 %175 = icmp eq i64 %174, %172 %176 = select i1 %175, i64 0, i64 256 br label %177 %178 = phi i64 [ 0, %167 ], [ %176, %170 ] %179 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 16, i32 1 %180 = load i64, i64* %179, align 8 %181 = and i32 %113, 8192 %182 = icmp eq i32 %181, 0 br i1 %182, label %195, label %183 %184 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 16, i32 0 %185 = load i64, i64* %184, align 8 %186 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 12, i32 0 %187 = load i64, i64* %186, align 8 %188 = icmp eq i64 %185, %187 br i1 %188, label %189, label %193 %190 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 12, i32 1 %191 = load i64, i64* %190, align 8 %192 = icmp eq i64 %180, %191 br i1 %192, label %195, label %193 %194 = or i64 %178, 1024 br label %195 %196 = phi i64 [ %178, %177 ], [ %194, %193 ], [ %178, %189 ] %197 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 17, i32 1 %198 = load i64, i64* %197, align 8 %199 = and i32 %113, 16384 %200 = icmp eq i32 %199, 0 br i1 %200, label %213, label %201 %202 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 17, i32 0 %203 = load i64, i64* %202, align 8 %204 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 13, i32 0 %205 = load i64, i64* %204, align 8 %206 = icmp eq i64 %203, %205 br i1 %206, label %207, label %211 %208 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 13, i32 1 %209 = load i64, i64* %208, align 8 %210 = icmp eq i64 %198, %209 br i1 %210, label %213, label %211 %212 = or i64 %196, 512 br label %213 %214 = phi i64 [ %196, %195 ], [ %212, %211 ], [ %196, %207 ] %215 = and i32 %113, 64 %216 = icmp eq i32 %215, 0 br i1 %216, label %227, label %217 %218 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 14 %219 = load i64, i64* %218, align 8 %220 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 6 %221 = load i64, i64* %220, align 8 %222 = icmp ult i64 %221, 9223372036854775807 %223 = select i1 %222, i64 %221, i64 9223372036854775807 %224 = icmp eq i64 %219, %223 %225 = or i64 %214, 2048 %226 = select i1 %224, i64 %214, i64 %225 br label %227 %228 = phi i64 [ 0, %161 ], [ %214, %213 ], [ %226, %217 ] %229 = and i32 %113, 2 %230 = icmp eq i32 %229, 0 br i1 %230, label %239, label %231 %232 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 1 %233 = load i16, i16* %232, align 4 %234 = xor i16 %233, %148 %235 = and i16 %234, 4095 %236 = icmp eq i16 %235, 0 %237 = or i64 %228, 131072 %238 = select i1 %236, i64 %228, i64 %237 br label %239 %240 = phi i64 [ %228, %227 ], [ %238, %231 ] %241 = and i32 %113, 8 %242 = icmp eq i32 %241, 0 br i1 %242, label %251, label %243 %244 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 2, i32 0 %245 = load i32, i32* %244, align 4 %246 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 3, i32 0 %247 = load i32, i32* %246, align 4 %248 = icmp eq i32 %245, %247 %249 = or i64 %240, 4096 %250 = select i1 %248, i64 %240, i64 %249 br label %251 %252 = phi i64 [ %240, %239 ], [ %250, %243 ] %253 = and i32 %113, 16 %254 = icmp eq i32 %253, 0 br i1 %254, label %263, label %255 %256 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 3, i32 0 %257 = load i32, i32* %256, align 8 %258 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 4, i32 0 %259 = load i32, i32* %258, align 8 %260 = icmp eq i32 %257, %259 %261 = or i64 %252, 4096 %262 = select i1 %260, i64 %252, i64 %261 br label %263 %264 = phi i64 [ %252, %251 ], [ %262, %255 ] %265 = and i32 %113, 4 %266 = icmp eq i32 %265, 0 br i1 %266, label %275, label %267 %268 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 12, i32 0 %269 = load i32, i32* %268, align 8 %270 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 2 %271 = load i32, i32* %270, align 8 %272 = icmp eq i32 %269, %271 %273 = or i64 %264, 65536 %274 = select i1 %272, i64 %264, i64 %273 br label %275 %276 = phi i64 [ %264, %263 ], [ %274, %267 ] %277 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 15, i32 1 %278 = load i64, i64* %277, align 8 %279 = and i32 %113, 4096 %280 = icmp eq i32 %279, 0 br i1 %280, label %294, label %281 %282 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 15, i32 0 %283 = load i64, i64* %282, align 8 %284 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 11, i32 0 %285 = load i64, i64* %284, align 8 %286 = icmp eq i64 %283, %285 br i1 %286, label %289, label %287 %290 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 11, i32 1 %291 = load i64, i64* %290, align 8 %292 = icmp eq i64 %278, %291 %293 = or i64 %276, 4 br i1 %292, label %294, label %296 %295 = icmp eq i64 %276, 0 br i1 %295, label %338, label %296 %297 = phi i64 [ %276, %294 ], [ %288, %287 ], [ %293, %289 ] %298 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %299 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %298, i64 0, i32 28 %300 = bitcast i8** %299 to %struct.nfs_server.217027** %301 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %300, align 16 %302 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %301, i64 0, i32 0 %303 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %302, align 8 %304 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %303, i64 0, i32 12 %305 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %304, align 8 %306 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %305, i64 0, i32 47 %307 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %306, align 8 %308 = tail call i32 %307(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs_refresh_inode_locked 1 nfs_post_op_update_inode_force_wcc_locked 2 nfs_writeback_update_inode 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %4, align 8 %6 = icmp eq %struct.nfs4_slot.236411* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.236429*, %struct.nfs_open_context.236429** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.236430*, %struct.nfs_lock_context.236430** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.236429, %struct.nfs_open_context.236429* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.236428*, %struct.nfs4_state.236428** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.238111*, i32, %struct.nfs_lock_context.238113*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.236428*, i32, %struct.nfs_lock_context.236430*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.236428* %27, i32 2, %struct.nfs_lock_context.236430* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #78 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %47 = load i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)*, i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task*, %struct.nfs_pgio_header.236445*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task* %0, %struct.nfs_pgio_header.236445* %1) #79 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 0 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %22 [label %8], !srcloc !4 %23 = load i32, i32* %6, align 4 %24 = icmp slt i32 %23, 0 br i1 %24, label %25, label %55 %56 = getelementptr inbounds %struct.inode, %struct.inode* %5, i64 0, i32 8 %57 = load %struct.super_block*, %struct.super_block** %56, align 8 %58 = getelementptr inbounds %struct.super_block, %struct.super_block* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.236401** %60 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %59, align 16 %61 = getelementptr inbounds %struct.nfs_pgio_header.236445, %struct.nfs_pgio_header.236445* %1, i64 0, i32 22 %62 = load i64, i64* %61, align 8 %63 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %60, i64 0, i32 0 %64 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %63, align 8 %65 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 23 %66 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %65, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %66) #78 %67 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %64, i64 0, i32 25 %68 = load i64, i64* %67, align 8 %69 = sub i64 %68, %62 %70 = icmp slt i64 %69, 0 br i1 %70, label %71, label %72 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %73 = bitcast %struct.spinlock* %65 to i8* store volatile i8 0, i8* %73, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void bitcast (void (%struct.nfs_pgio_header*)* @nfs_writeback_update_inode to void (%struct.nfs_pgio_header.236445*)*)(%struct.nfs_pgio_header.236445* %1) #78 Function:nfs_writeback_update_inode %2 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19 %3 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 0 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.inode, %struct.inode* %4, i64 0, i32 18 %6 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %5, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #78 %7 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 20, i32 5 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 21, i32 2 %10 = load i64, i64* %9, align 8 %11 = add i64 %10, %8 %12 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %2, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 64 %15 = icmp eq i32 %14, 0 %16 = getelementptr inbounds %struct.nfs_pgio_header, %struct.nfs_pgio_header* %0, i64 0, i32 19, i32 6 br i1 %15, label %19, label %17 store i64 %11, i64* %16, align 8 br label %20 %21 = phi i64 [ %18, %17 ], [ %11, %19 ] %22 = icmp ult i64 %21, 9223372036854775807 %23 = select i1 %22, i64 %21, i64 9223372036854775807 %24 = load %struct.inode*, %struct.inode** %3, align 8 %25 = getelementptr inbounds %struct.inode, %struct.inode* %24, i64 0, i32 14 %26 = load i64, i64* %25, align 8 %27 = icmp slt i64 %23, %26 br i1 %27, label %28, label %30 %31 = icmp eq i64 %11, %21 br i1 %31, label %32, label %37 tail call void @nfs_fattr_set_barrier(%struct.nfs_fattr* %2) #78 %33 = load i32, i32* %12, align 8 %34 = or i32 %33, 64 br label %35 %36 = phi i32 [ %29, %28 ], [ %34, %32 ] store i32 %36, i32* %12, align 8 br label %37 %38 = tail call i32 bitcast (i32 (%struct.inode.216899*, %struct.nfs_fattr*)* @nfs_post_op_update_inode_force_wcc_locked to i32 (%struct.inode*, %struct.nfs_fattr*)*)(%struct.inode* %4, %struct.nfs_fattr* %2) #78 Function:nfs_post_op_update_inode_force_wcc_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %58, label %11 %12 = load volatile i64, i64* getelementptr inbounds (%struct.anon.1, %struct.anon.1* @nfs_attr_generation_counter, i64 0, i32 0), align 8 %13 = sub i64 %6, %12 %14 = icmp sgt i64 %13, 0 br i1 %14, label %58, label %15 %16 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %17 = load %struct.super_block.216885*, %struct.super_block.216885** %16, align 8 %18 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %17, i64 0, i32 28 %19 = bitcast i8** %18 to %struct.nfs_server.217027** %20 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %19, align 16 %21 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %20, i64 0, i32 26 %22 = load i32, i32* %21, align 8 switch i32 %22, label %38 [ i32 4, label %23 i32 3, label %26 ] %27 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = and i32 %28, 131072 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 14 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 33, i32 0 %35 = load volatile i64, i64* %34, align 8 %36 = sub i64 %33, %35 %37 = icmp sgt i64 %36, 0 br i1 %37, label %58, label %50 %59 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 0 %60 = load i32, i32* %59, align 8 %61 = and i32 %60, 162943 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %67 %68 = and i32 %60, 393216 %69 = icmp eq i32 %68, 131072 br i1 %69, label %70, label %75 %76 = phi i32 [ %60, %67 ], [ %74, %70 ] %77 = and i32 %76, 81920 %78 = icmp eq i32 %77, 16384 br i1 %78, label %79, label %85 %86 = phi i32 [ %76, %75 ], [ %84, %79 ] %87 = and i32 %86, 40960 %88 = icmp eq i32 %87, 8192 br i1 %88, label %89, label %95 %96 = phi i32 [ %86, %85 ], [ %94, %89 ] %97 = and i32 %96, 192 %98 = icmp eq i32 %97, 64 br i1 %98, label %99, label %104 %105 = phi i32* [ %59, %95 ], [ %59, %99 ], [ %65, %63 ] %106 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 0 %107 = load i16, i16* %106, align 8 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, 16384 %110 = select i1 %109, i64 18178, i64 18176 %111 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %112 = load %struct.super_block.216885*, %struct.super_block.216885** %111, align 8 %113 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %112, i64 0, i32 28 %114 = bitcast i8** %113 to %struct.nfs_server.217027** %115 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %114, align 16 %116 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %115, i64 0, i32 0 %117 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %116, align 8 %118 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %117, i64 0, i32 12 %119 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %118, align 8 %120 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %119, i64 0, i32 47 %121 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %120, align 8 %122 = tail call i32 %121(%struct.inode.216899* %0, i32 1) #78 %123 = icmp eq i32 %122, 0 %124 = and i64 %110, 17922 %125 = select i1 %123, i64 %110, i64 %124 %126 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %127 = bitcast %struct.seqcount_spinlock* %126 to i64* %128 = load i64, i64* %127, align 8 %129 = or i64 %125, %128 store i64 %129, i64* %127, align 8 %130 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 9 %131 = load %struct.address_space.216900*, %struct.address_space.216900** %130, align 8 %132 = getelementptr inbounds %struct.address_space.216900, %struct.address_space.216900* %131, i64 0, i32 7 %133 = load i64, i64* %132, align 8 %134 = icmp eq i64 %133, 0 br i1 %134, label %138, label %135 %136 = and i64 %129, 2 %137 = icmp eq i64 %136, 0 br i1 %137, label %141, label %138 %139 = phi i64 [ -8195, %104 ], [ -8193, %135 ] %140 = and i64 %129, %139 store i64 %140, i64* %127, align 8 br label %141 %142 = load i32, i32* %105, align 8 %143 = and i32 %142, 162943 %144 = icmp eq i32 %143, 0 br i1 %144, label %147, label %145 %146 = tail call fastcc i32 @nfs_refresh_inode_locked(%struct.inode.216899* %0, %struct.nfs_fattr* %1) #78 Function:nfs_refresh_inode_locked %3 = getelementptr %struct.inode.216899, %struct.inode.216899* %0, i64 -1, i32 24, i32 2 %4 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 46 %5 = bitcast %struct.seqcount_spinlock* %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %1, i64 0, i32 20 %8 = load i64, i64* %7, align 8 %9 = sub i64 %8, %6 %10 = icmp sgt i64 %9, 0 br i1 %10, label %51, label %11 %52 = phi i32 [ %50, %43 ], [ %37, %28 ], [ 1, %11 ], [ 0, %38 ], [ 0, %23 ], [ 0, %15 ], [ 1, %2 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_refresh_inode_enter to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@nfs_refresh_inode_locked, %53)) #6 to label %67 [label %53], !srcloc !4 %68 = icmp sgt i32 %52, 0 br i1 %68, label %98, label %69 %70 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %3, i64 38 %71 = bitcast %struct.seqcount_spinlock* %70 to i64* %72 = load i64, i64* %71, align 8 %73 = getelementptr inbounds %struct.inode.216899, %struct.inode.216899* %0, i64 0, i32 8 %74 = load %struct.super_block.216885*, %struct.super_block.216885** %73, align 8 %75 = getelementptr inbounds %struct.super_block.216885, %struct.super_block.216885* %74, i64 0, i32 28 %76 = bitcast i8** %75 to %struct.nfs_server.217027** %77 = load %struct.nfs_server.217027*, %struct.nfs_server.217027** %76, align 16 %78 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 26 %79 = load i32, i32* %78, align 8 %80 = icmp eq i32 %79, 4 %81 = and i64 %72, 256 %82 = icmp ne i64 %81, 0 %83 = or i1 %82, %80 %84 = and i64 %72, 89604 %85 = icmp eq i64 %84, 0 %86 = or i1 %85, %83 br i1 %86, label %100, label %87 %101 = icmp eq i32 %52, 0 br i1 %101, label %102, label %343 %103 = getelementptr inbounds %struct.nfs_server.217027, %struct.nfs_server.217027* %77, i64 0, i32 0 %104 = load %struct.nfs_client.217021*, %struct.nfs_client.217021** %103, align 8 %105 = getelementptr inbounds %struct.nfs_client.217021, %struct.nfs_client.217021* %104, i64 0, i32 12 %106 = load %struct.nfs_rpc_ops.217004*, %struct.nfs_rpc_ops.217004** %105, align 8 %107 = getelementptr inbounds %struct.nfs_rpc_ops.217004, %struct.nfs_rpc_ops.217004* %106, i64 0, i32 47 %108 = load i32 (%struct.inode.216899*, i32)*, i32 (%struct.inode.216899*, i32)** %107, align 8 %109 = tail call i32 %108(%struct.inode.216899* %0, i32 1) #78 ------------- Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs_rmdir simple_rmdir ext4_rmdir vfat_rmdir autofs_dir_rmdir tracefs_syscall_rmdir bad_inode_rmdir kernfs_iop_rmdir shmem_rmdir msdos_rmdir Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Use: =BAD PATH= Call Stack: 0 nfs4_update_changeattr_locked 1 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.236416** %6 = load %struct.nfs_unlinkdata.236416*, %struct.nfs_unlinkdata.236416** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %7, align 8 %9 = icmp eq %struct.nfs4_slot.236411* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %50 = phi i32 [ %26, %19 ], [ %47, %46 ] %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %61 %53 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 3 %54 = getelementptr inbounds %struct.nfs_unlinkdata.236416, %struct.nfs_unlinkdata.236416* %6, i64 0, i32 1, i32 2 %55 = load %struct.nfs_fattr*, %struct.nfs_fattr** %54, align 8 %56 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %55, i64 0, i32 19 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18 %59 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %58, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %59) #78 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %1, %struct.perf_guest_switch_msr* %53, i64 %57, i64 2) #78 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.236401** %18 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %83, label %29 store volatile i64 %23, i64* %6, align 8 %30 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 0 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33 %34 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, %7 br i1 %36, label %69, label %37 br i1 %11, label %38, label %40 tail call void @nfs_force_lookup_revalidate(%struct.inode* %0) #78 %39 = load %struct.super_block*, %struct.super_block** %14, align 8 br label %40 %41 = phi %struct.super_block* [ %39, %38 ], [ %15, %37 ] %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.236401** %44 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %44, i64 0, i32 0 %46 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.236454*, %struct.nfs_rpc_ops.236454** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.236454, %struct.nfs_rpc_ops.236454* %48, i64 0, i32 47 %50 = load i32 (%struct.inode*, i32)*, i32 (%struct.inode*, i32)** %49, align 8 %51 = tail call i32 %50(%struct.inode* %0, i32 1) #78 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_update_changeattr_locked 1 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.236419** %7 = load %struct.nfs_renamedata.236419*, %struct.nfs_renamedata.236419** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.236411*, %struct.nfs4_slot.236411** %8, align 8 %10 = icmp eq %struct.nfs4_slot.236411* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task, %struct.rpc_task* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %51 = phi i32 [ %27, %20 ], [ %48, %47 ] %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %74 %54 = icmp eq %struct.inode* %2, %1 %55 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 2 %56 = getelementptr inbounds %struct.nfs_renamedata.236419, %struct.nfs_renamedata.236419* %7, i64 0, i32 1, i32 3 %57 = load %struct.nfs_fattr*, %struct.nfs_fattr** %56, align 8 %58 = getelementptr inbounds %struct.nfs_fattr, %struct.nfs_fattr* %57, i64 0, i32 19 %59 = load i64, i64* %58, align 8 %60 = getelementptr inbounds %struct.inode, %struct.inode* %1, i64 0, i32 18 %61 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %60, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %61) #78 br i1 %54, label %72, label %62 call fastcc void @nfs4_update_changeattr_locked(%struct.inode* %2, %struct.perf_guest_switch_msr* %55, i64 %59, i64 2) #78 Function:nfs4_update_changeattr_locked %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 24, i32 2 %6 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %7 = load volatile i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = select i1 %11, i64 1538, i64 1536 %13 = or i64 %12, %3 %14 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %15 = load %struct.super_block*, %struct.super_block** %14, align 8 %16 = getelementptr inbounds %struct.super_block, %struct.super_block* %15, i64 0, i32 28 %17 = bitcast i8** %16 to %struct.nfs_server.236401** %18 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %17, align 16 %19 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %18, i64 0, i32 26 %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 4 %22 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 2 %23 = load i64, i64* %22, align 8 br i1 %21, label %24, label %26 %27 = sub i64 %7, %23 %28 = icmp sgt i64 %27, -1 br i1 %28, label %83, label %29 store volatile i64 %23, i64* %6, align 8 %30 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 0 %31 = load i32, i32* %30, align 8 %32 = icmp eq i32 %31, 0 br i1 %32, label %37, label %33 %34 = getelementptr inbounds %struct.perf_guest_switch_msr, %struct.perf_guest_switch_msr* %1, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %35, %7 br i1 %36, label %69, label %37 br i1 %11, label %38, label %40 tail call void @nfs_force_lookup_revalidate(%struct.inode* %0) #78 %39 = load %struct.super_block*, %struct.super_block** %14, align 8 br label %40 %41 = phi %struct.super_block* [ %39, %38 ], [ %15, %37 ] %42 = getelementptr inbounds %struct.super_block, %struct.super_block* %41, i64 0, i32 28 %43 = bitcast i8** %42 to %struct.nfs_server.236401** %44 = load %struct.nfs_server.236401*, %struct.nfs_server.236401** %43, align 16 %45 = getelementptr inbounds %struct.nfs_server.236401, %struct.nfs_server.236401* %44, i64 0, i32 0 %46 = load %struct.nfs_client.236460*, %struct.nfs_client.236460** %45, align 8 %47 = getelementptr inbounds %struct.nfs_client.236460, %struct.nfs_client.236460* %46, i64 0, i32 12 %48 = load %struct.nfs_rpc_ops.236454*, %struct.nfs_rpc_ops.236454** %47, align 8 %49 = getelementptr inbounds %struct.nfs_rpc_ops.236454, %struct.nfs_rpc_ops.236454* %48, i64 0, i32 47 %50 = load i32 (%struct.inode*, i32)*, i32 (%struct.inode*, i32)** %49, align 8 %51 = tail call i32 %50(%struct.inode* %0, i32 1) #78 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: nfs4_have_delegation Check callee group: tg3_read_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: md_ioctl sd_ioctl dm_blk_ioctl lo_ioctl sr_block_ioctl Use: =BAD PATH= Call Stack: 0 blkdev_compat_ptr_ioctl ------------- Path:  Function:blkdev_compat_ptr_ioctl %5 = getelementptr inbounds %struct.block_device.302495, %struct.block_device.302495* %0, i64 0, i32 16 %6 = load %struct.gendisk.302329*, %struct.gendisk.302329** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.302329, %struct.gendisk.302329* %6, i64 0, i32 8 %8 = load %struct.block_device_operations.302324*, %struct.block_device_operations.302324** %7, align 8 %9 = getelementptr inbounds %struct.block_device_operations.302324, %struct.block_device_operations.302324* %8, i64 0, i32 4 %10 = bitcast {}** %9 to i32 (%struct.block_device.302495*, i32, i32, i64)** %11 = load i32 (%struct.block_device.302495*, i32, i32, i64)*, i32 (%struct.block_device.302495*, i32, i32, i64)** %10, align 8 %12 = icmp eq i32 (%struct.block_device.302495*, i32, i32, i64)* %11, null br i1 %12, label %16, label %13 %14 = and i64 %3, 4294967295 %15 = tail call i32 %11(%struct.block_device.302495* %0, i32 %1, i32 %2, i64 %14) #78 ------------- Use: =BAD PATH= Call Stack: 0 blkdev_compat_ptr_ioctl ------------- Path:  Function:blkdev_compat_ptr_ioctl %5 = getelementptr inbounds %struct.block_device.302495, %struct.block_device.302495* %0, i64 0, i32 16 %6 = load %struct.gendisk.302329*, %struct.gendisk.302329** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.302329, %struct.gendisk.302329* %6, i64 0, i32 8 %8 = load %struct.block_device_operations.302324*, %struct.block_device_operations.302324** %7, align 8 %9 = getelementptr inbounds %struct.block_device_operations.302324, %struct.block_device_operations.302324* %8, i64 0, i32 4 %10 = bitcast {}** %9 to i32 (%struct.block_device.302495*, i32, i32, i64)** %11 = load i32 (%struct.block_device.302495*, i32, i32, i64)*, i32 (%struct.block_device.302495*, i32, i32, i64)** %10, align 8 %12 = icmp eq i32 (%struct.block_device.302495*, i32, i32, i64)* %11, null br i1 %12, label %16, label %13 %14 = and i64 %3, 4294967295 %15 = tail call i32 %11(%struct.block_device.302495* %0, i32 %1, i32 %2, i64 %14) #78 ------------- Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 unix_release_sock 5 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 %123 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %124 = icmp eq %struct.sk_buff* %123, null br i1 %124, label %125, label %113 %126 = getelementptr inbounds %struct.path, %struct.path* %3, i64 0, i32 1 %127 = load %struct.dentry*, %struct.dentry** %126, align 8 %128 = icmp eq %struct.dentry* %127, null br i1 %128, label %130, label %129 %131 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %132 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %131, i64 0, i32 0, i32 0 %133 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %132, i32 -1, i32* %132) #6, !srcloc !7 %134 = icmp eq i32 %133, 1 br i1 %134, label %140, label %135 %136 = add i32 %133, -1 %137 = or i32 %136, %133 %138 = icmp sgt i32 %137, -1 br i1 %138, label %141, label %139, !prof !13, !misexpect !5 %142 = load i32, i32* @unix_tot_inflight, align 4 %143 = icmp eq i32 %142, 0 br i1 %143, label %145, label %144 call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 unix_release_sock 5 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 %123 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %124 = icmp eq %struct.sk_buff* %123, null br i1 %124, label %125, label %113 %126 = getelementptr inbounds %struct.path, %struct.path* %3, i64 0, i32 1 %127 = load %struct.dentry*, %struct.dentry** %126, align 8 %128 = icmp eq %struct.dentry* %127, null br i1 %128, label %130, label %129 %131 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %132 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %131, i64 0, i32 0, i32 0 %133 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %132, i32 -1, i32* %132) #6, !srcloc !7 %134 = icmp eq i32 %133, 1 br i1 %134, label %140, label %135 %136 = add i32 %133, -1 %137 = or i32 %136, %133 %138 = icmp sgt i32 %137, -1 br i1 %138, label %141, label %139, !prof !13, !misexpect !5 %142 = load i32, i32* @unix_tot_inflight, align 4 %143 = icmp eq i32 %142, 0 br i1 %143, label %145, label %144 call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 unix_release_sock 5 unix_release ------------- Path:  Function:unix_release %2 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %3 = load %struct.sock*, %struct.sock** %2, align 8 %4 = icmp eq %struct.sock* %3, null br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.sock, %struct.sock* %3, i64 0, i32 0, i32 8 %7 = load %struct.proto*, %struct.proto** %6, align 8 %8 = getelementptr inbounds %struct.proto, %struct.proto* %7, i64 0, i32 0 %9 = load void (%struct.sock*, i64)*, void (%struct.sock*, i64)** %8, align 8 tail call void %9(%struct.sock* nonnull %3, i64 0) #78 tail call fastcc void @unix_release_sock(%struct.sock* nonnull %3, i32 0) #79 Function:unix_release_sock %3 = alloca %struct.path, align 8 %4 = bitcast %struct.path* %3 to i8* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_table_lock, i64 0, i32 0, i32 0)) #78 %5 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 15, i32 0, i32 1 %6 = load %struct.hlist_node**, %struct.hlist_node*** %5, align 8 %7 = icmp eq %struct.hlist_node** %6, null br i1 %7, label %24, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_table_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %25 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 16 %26 = bitcast i16* %25 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %26) #78 %27 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 52 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %27) #78 %28 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 13, i32 0 tail call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %28, i64 0) #6, !srcloc !10 %29 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 72 store %struct.socket* null, %struct.socket** %29, align 8 %30 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 13, i32 0 store %struct.socket_wq* null, %struct.socket_wq** %30, align 8 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %27) #78 %31 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 67 store i8 3, i8* %31, align 8 %32 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 1 %33 = bitcast %struct.kuid_t* %32 to i8* %34 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 4 %35 = bitcast %struct.kuid_t* %32 to i8* %36 = load volatile i8, i8* %34, align 2 store volatile i8 7, i8* %34, align 2 %37 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 0, i32 12 %38 = bitcast %struct.anon.1* %37 to %struct.sock** %39 = load %struct.sock*, %struct.sock** %38, align 16 store %struct.sock* null, %struct.sock** %38, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %40 = bitcast i16* %25 to i8* store volatile i8 0, i8* %40, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %41 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 7, i32 3 %42 = load %struct.sk_buff*, %struct.sk_buff** %41, align 16 %43 = icmp eq %struct.sk_buff* %42, null br i1 %43, label %45, label %44 %46 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 1 %47 = bitcast %struct.socket_lock_t* %46 to %struct.wait_queue_head* tail call void @__wake_up(%struct.wait_queue_head* %47, i32 1, i32 0, i8* null) #78 %48 = icmp eq %struct.sock* %39, null br i1 %48, label %107, label %49 %50 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 47 %51 = load i16, i16* %50, align 2 switch i16 %51, label %77 [ i16 1, label %52 i16 5, label %52 ] %53 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 0, i32 16 %54 = bitcast i16* %53 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %54) #78 %55 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 67 store i8 3, i8* %55, align 8 %56 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %56, i64 0, i32 0 %58 = load %struct.sk_buff*, %struct.sk_buff** %57, align 8 %59 = bitcast %struct.sk_buff_head* %56 to %struct.sk_buff* %60 = icmp ne %struct.sk_buff* %58, %59 %61 = icmp ne i32 %1, 0 %62 = or i1 %61, %60 br i1 %62, label %63, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %66 = bitcast i16* %53 to i8* store volatile i8 0, i8* %66, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %67 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 77 %68 = load void (%struct.sock*)*, void (%struct.sock*)** %67, align 8 tail call void %68(%struct.sock* nonnull %39) #78 %69 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 13, i32 0 %70 = load volatile i64, i64* %69, align 8 %71 = and i64 %70, 65536 %72 = icmp eq i64 %71, 0 br i1 %72, label %77, label %73 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %74 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 13, i32 0 %75 = load volatile %struct.socket_wq*, %struct.socket_wq** %74, align 8 %76 = tail call i32 bitcast (i32 (%struct.socket_wq.273608*, i32, i32)* @sock_wake_async to i32 (%struct.socket_wq*, i32, i32)*)(%struct.socket_wq* %75, i32 1, i32 6) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @rcu_read_unlock_strict() #78 br label %77 %78 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 1, i32 1, i32 0 %79 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %78, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %79) #78 %80 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 1, i32 6 %81 = bitcast %struct.sk_buff_head* %80 to i8** %82 = load i8*, i8** %81, align 8 %83 = bitcast %struct.sock* %39 to i8* %84 = icmp eq i8* %82, %83 br i1 %84, label %85, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %96 = bitcast %struct.spinlock* %78 to i8* store volatile i8 0, i8* %96, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %97 = getelementptr inbounds %struct.sock, %struct.sock* %39, i64 0, i32 0, i32 19 %98 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %97, i64 0, i32 0, i32 0 %99 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %98, i32 -1, i32* %98) #6, !srcloc !7 %100 = icmp eq i32 %99, 1 br i1 %100, label %106, label %101 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 tail call void bitcast (void (%struct.sock.273622*)* @sk_free to void (%struct.sock*)*)(%struct.sock* nonnull %39) #78 br label %107 %108 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 6 %109 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %110 = icmp eq %struct.sk_buff* %109, null br i1 %110, label %125, label %111 %112 = icmp eq i8 %36, 10 br label %113 %114 = phi %struct.sk_buff* [ %109, %111 ], [ %123, %118 ] br i1 %112, label %115, label %118 %116 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 1, i32 0 %117 = load %struct.sock*, %struct.sock** %116, align 8 tail call fastcc void @unix_release_sock(%struct.sock* %117, i32 1) #79 br label %118 %119 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 6 %120 = load i32, i32* %119, align 8 %121 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %114, i64 0, i32 3, i64 28 %122 = bitcast i8* %121 to i32* store i32 %120, i32* %122, align 4 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %114, i32 0) #78 %123 = tail call %struct.sk_buff* bitcast (%struct.sk_buff.756266* (%struct.sk_buff_head.756025*)* @skb_dequeue to %struct.sk_buff* (%struct.sk_buff_head*)*)(%struct.sk_buff_head* %108) #78 %124 = icmp eq %struct.sk_buff* %123, null br i1 %124, label %125, label %113 %126 = getelementptr inbounds %struct.path, %struct.path* %3, i64 0, i32 1 %127 = load %struct.dentry*, %struct.dentry** %126, align 8 %128 = icmp eq %struct.dentry* %127, null br i1 %128, label %130, label %129 %131 = getelementptr inbounds %struct.sock, %struct.sock* %0, i64 0, i32 0, i32 19 %132 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %131, i64 0, i32 0, i32 0 %133 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %132, i32 -1, i32* %132) #6, !srcloc !7 %134 = icmp eq i32 %133, 1 br i1 %134, label %140, label %135 %136 = add i32 %133, -1 %137 = or i32 %136, %133 %138 = icmp sgt i32 %137, -1 br i1 %138, label %141, label %139, !prof !13, !misexpect !5 %142 = load i32, i32* @unix_tot_inflight, align 4 %143 = icmp eq i32 %142, 0 br i1 %143, label %145, label %144 call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 wait_for_unix_gc 5 unix_dgram_sendmsg ------------- Path:  Function:unix_dgram_sendmsg %4 = alloca i32, align 4 %5 = alloca %struct.scm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %9 = load %struct.net*, %struct.net** %8, align 8 %10 = bitcast %struct.msghdr* %1 to %struct.sockaddr_un** %11 = load %struct.sockaddr_un*, %struct.sockaddr_un** %10, align 8 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast %struct.scm_cookie* %5 to i8* tail call void @wait_for_unix_gc() #78 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load volatile i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %8 %5 = load volatile i8, i8* @gc_in_progress, align 1, !range !4 %6 = icmp eq i8 %5, 0 br i1 %6, label %7, label %8 tail call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 wait_for_unix_gc 5 unix_dgram_sendmsg 6 unix_seqpacket_sendmsg ------------- Path:  Function:unix_seqpacket_sendmsg %4 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %5 = load %struct.sock*, %struct.sock** %4, align 8 %6 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 53 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %13, label %9, !prof !4, !misexpect !5 %14 = getelementptr inbounds %struct.sock, %struct.sock* %5, i64 0, i32 0, i32 4 %15 = load volatile i8, i8* %14, align 2 %16 = icmp eq i8 %15, 1 br i1 %16, label %17, label %24 %18 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %19 = load i32, i32* %18, align 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %22, label %21 %23 = tail call i32 @unix_dgram_sendmsg(%struct.socket* %0, %struct.msghdr* %1, i64 %2) #78 Function:unix_dgram_sendmsg %4 = alloca i32, align 4 %5 = alloca %struct.scm_cookie, align 8 %6 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %7 = load %struct.sock*, %struct.sock** %6, align 8 %8 = getelementptr inbounds %struct.sock, %struct.sock* %7, i64 0, i32 0, i32 9, i32 0 %9 = load %struct.net*, %struct.net** %8, align 8 %10 = bitcast %struct.msghdr* %1 to %struct.sockaddr_un** %11 = load %struct.sockaddr_un*, %struct.sockaddr_un** %10, align 8 %12 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %13 = bitcast %struct.scm_cookie* %5 to i8* tail call void @wait_for_unix_gc() #78 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load volatile i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %8 %5 = load volatile i8, i8* @gc_in_progress, align 1, !range !4 %6 = icmp eq i8 %5, 0 br i1 %6, label %7, label %8 tail call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 unix_gc 4 wait_for_unix_gc 5 unix_stream_sendmsg ------------- Path:  Function:unix_stream_sendmsg %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca %struct.scm_cookie, align 8 %7 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %8 = load %struct.sock*, %struct.sock** %7, align 8 %9 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %10 = bitcast %struct.scm_cookie* %6 to i8* tail call void @wait_for_unix_gc() #78 Function:wait_for_unix_gc %1 = alloca %struct.wait_queue_entry, align 8 %2 = load volatile i32, i32* @unix_tot_inflight, align 4 %3 = icmp ugt i32 %2, 16000 br i1 %3, label %4, label %8 %5 = load volatile i8, i8* @gc_in_progress, align 1, !range !4 %6 = icmp eq i8 %5, 0 br i1 %6, label %7, label %8 tail call void @unix_gc() #78 Function:unix_gc %1 = alloca %struct.sk_buff_head.756025, align 8 %2 = alloca %struct.list_head, align 8 %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.sk_buff_head.756025* %1 to i8* %5 = bitcast %struct.list_head* %2 to i8* %6 = bitcast %struct.list_head* %3 to i8* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %8, align 8 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @unix_gc_lock, i64 0, i32 0, i32 0)) #78 %9 = load i8, i8* @gc_in_progress, align 1, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %205 store volatile i8 1, i8* @gc_in_progress, align 1 %12 = load i8*, i8** bitcast (%struct.list_head* @gc_inflight_list to i8**), align 8 %13 = icmp eq i8* %12, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %13, label %14, label %18 %19 = phi i8* [ %21, %52 ], [ %12, %11 ] %20 = bitcast i8* %19 to i8** %21 = load i8*, i8** %20, align 8 %22 = bitcast i8* %19 to %struct.list_head* %23 = getelementptr i8, i8* %19, i64 -200 %24 = bitcast i8* %23 to %struct.socket.756297** %25 = load %struct.socket.756297*, %struct.socket.756297** %24, align 16 %26 = getelementptr inbounds %struct.socket.756297, %struct.socket.756297* %25, i64 0, i32 3 %27 = load %struct.file.756535*, %struct.file.756535** %26, align 16 %28 = getelementptr inbounds %struct.file.756535, %struct.file.756535* %27, i64 0, i32 6, i32 0 %29 = load volatile i64, i64* %28, align 8 %30 = getelementptr i8, i8* %19, i64 16 %31 = bitcast i8* %30 to i64* %32 = load volatile i64, i64* %31, align 8 %33 = icmp slt i64 %32, 1 br i1 %33, label %34, label %35, !prof !5, !misexpect !6 %36 = icmp slt i64 %29, %32 br i1 %36, label %37, label %38, !prof !5, !misexpect !6 %39 = icmp eq i64 %29, %32 br i1 %39, label %40, label %52 %41 = getelementptr inbounds i8, i8* %19, i64 8 %42 = bitcast i8* %41 to %struct.list_head** %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = bitcast i8* %19 to %struct.list_head** %45 = load %struct.list_head*, %struct.list_head** %44, align 8 %46 = getelementptr inbounds %struct.list_head, %struct.list_head* %45, i64 0, i32 1 store %struct.list_head* %43, %struct.list_head** %46, align 8 %47 = getelementptr inbounds %struct.list_head, %struct.list_head* %43, i64 0, i32 0 store volatile %struct.list_head* %45, %struct.list_head** %47, align 8 %48 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 store i8* %19, i8** bitcast (%struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1) to i8**), align 8 store %struct.list_head* @gc_candidates, %struct.list_head** %44, align 8 store %struct.list_head* %48, %struct.list_head** %42, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 0 store volatile %struct.list_head* %22, %struct.list_head** %49, align 8 %50 = getelementptr i8, i8* %19, i64 32 %51 = bitcast i8* %50 to i64* call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 0) #6, !srcloc !9 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %51, i64 1) #6, !srcloc !9 br label %52 %53 = icmp eq i8* %21, bitcast (%struct.list_head* @gc_inflight_list to i8*) br i1 %53, label %14, label %18 %15 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %16 = icmp eq i8* %15, bitcast (%struct.list_head* @gc_candidates to i8*) %17 = bitcast i8* %15 to %struct.list_head* br i1 %16, label %63, label %54 %55 = phi i8* [ %59, %54 ], [ %15, %14 ] %56 = getelementptr i8, i8* %55, i64 -856 %57 = bitcast i8* %56 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %57, void (%struct.unix_sock*)* nonnull @dec_inflight, %struct.sk_buff_head.756025* null) #79 %58 = bitcast i8* %55 to i8** %59 = load i8*, i8** %58, align 8 %60 = icmp eq i8* %59, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %60, label %61, label %54 %62 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 br label %63 %64 = phi %struct.list_head* [ %62, %61 ], [ %17, %14 ] %65 = getelementptr inbounds %struct.list_head, %struct.list_head* %64, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %65, align 8 %66 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %64, %struct.list_head** %66, align 8 %67 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* @gc_candidates, %struct.list_head** %67, align 8 store volatile %struct.list_head* %2, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 0), align 8 %68 = icmp eq %struct.list_head* %64, @gc_candidates br i1 %68, label %99, label %69 %70 = bitcast %struct.list_head** %67 to %struct.list_head*** %71 = bitcast %struct.list_head** %8 to %struct.list_head*** br label %72 %73 = phi %struct.list_head* [ @gc_candidates, %69 ], [ %98, %95 ] %74 = phi %struct.list_head* [ %64, %69 ], [ %96, %95 ] %75 = getelementptr %struct.list_head, %struct.list_head* %74, i64 -54, i32 1 %76 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 107 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %74, i64 0, i32 1 store %struct.list_head* %73, %struct.list_head** %77, align 8 %78 = getelementptr inbounds %struct.list_head, %struct.list_head* %73, i64 0, i32 0 store volatile %struct.list_head* %74, %struct.list_head** %78, align 8 %79 = load %struct.list_head*, %struct.list_head** %76, align 8 %80 = getelementptr inbounds %struct.list_head, %struct.list_head* %79, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %80, align 8 store %struct.list_head* %79, %struct.list_head** %66, align 8 store %struct.list_head** %76, %struct.list_head*** %70, align 8 store volatile %struct.list_head* %2, %struct.list_head** %76, align 8 %81 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 109 %82 = bitcast %struct.list_head** %81 to i64* %83 = load volatile i64, i64* %82, align 8 %84 = icmp sgt i64 %83, 0 br i1 %84, label %85, label %95 %86 = bitcast %struct.list_head** %76 to %struct.list_head* %87 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 108 %88 = load %struct.list_head*, %struct.list_head** %87, align 8 store %struct.list_head* %88, %struct.list_head** %67, align 8 %89 = getelementptr inbounds %struct.list_head, %struct.list_head* %88, i64 0, i32 0 store volatile %struct.list_head* %2, %struct.list_head** %89, align 8 %90 = load %struct.list_head*, %struct.list_head** %8, align 8 store %struct.list_head** %76, %struct.list_head*** %71, align 8 store %struct.list_head* %3, %struct.list_head** %76, align 8 store %struct.list_head* %90, %struct.list_head** %87, align 8 %91 = getelementptr inbounds %struct.list_head, %struct.list_head* %90, i64 0, i32 0 store volatile %struct.list_head* %86, %struct.list_head** %91, align 8 %92 = getelementptr inbounds %struct.list_head*, %struct.list_head** %75, i64 111 %93 = bitcast %struct.list_head** %92 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %93, i64 1) #6, !srcloc !10 %94 = bitcast %struct.list_head** %75 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %94, void (%struct.unix_sock*)* nonnull @inc_inflight_move_tail, %struct.sk_buff_head.756025* null) #79 br label %95 %96 = load %struct.list_head*, %struct.list_head** %66, align 8 %97 = icmp eq %struct.list_head* %96, @gc_candidates %98 = load %struct.list_head*, %struct.list_head** %67, align 8 br i1 %97, label %99, label %72 %100 = phi %struct.list_head* [ @gc_candidates, %63 ], [ %98, %95 ] store %struct.list_head* %100, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_candidates, i64 0, i32 1), align 8 %101 = getelementptr inbounds %struct.list_head, %struct.list_head* %100, i64 0, i32 0 store volatile %struct.list_head* @gc_candidates, %struct.list_head** %101, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %66, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %67, align 8 %102 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %102, align 4 %103 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %103, align 8 %104 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 1 %105 = bitcast %struct.sk_buff.756266** %104 to %struct.sk_buff_head.756025** store %struct.sk_buff_head.756025* %1, %struct.sk_buff_head.756025** %105, align 8 %106 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 2 store i32 0, i32* %106, align 8 %107 = load i8*, i8** bitcast (%struct.list_head* @gc_candidates to i8**), align 8 %108 = icmp eq i8* %107, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %108, label %109, label %112 %113 = phi i8* [ %117, %112 ], [ %107, %99 ] %114 = getelementptr i8, i8* %113, i64 -856 %115 = bitcast i8* %114 to %struct.sock.756300* call fastcc void @scan_children(%struct.sock.756300* %115, void (%struct.unix_sock*)* nonnull @inc_inflight, %struct.sk_buff_head.756025* nonnull %1) #79 %116 = bitcast i8* %113 to i8** %117 = load i8*, i8** %116, align 8 %118 = icmp eq i8* %117, bitcast (%struct.list_head* @gc_candidates to i8*) br i1 %118, label %109, label %112 %110 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %111 = icmp eq %struct.list_head* %110, %3 br i1 %111, label %133, label %119 %120 = phi %struct.list_head* [ %131, %119 ], [ %110, %109 ] %121 = getelementptr %struct.list_head, %struct.list_head* %120, i64 2 %122 = bitcast %struct.list_head* %121 to i64* call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %122, i64 0) #6, !srcloc !10 %123 = getelementptr inbounds %struct.list_head, %struct.list_head* %120, i64 0, i32 1 %124 = load %struct.list_head*, %struct.list_head** %123, align 8 %125 = getelementptr %struct.list_head, %struct.list_head* %120, i64 0, i32 0 %126 = load %struct.list_head*, %struct.list_head** %125, align 8 %127 = getelementptr inbounds %struct.list_head, %struct.list_head* %126, i64 0, i32 1 store %struct.list_head* %124, %struct.list_head** %127, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %124, i64 0, i32 0 store volatile %struct.list_head* %126, %struct.list_head** %128, align 8 %129 = load %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* %120, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @gc_inflight_list, i64 0, i32 1), align 8 store %struct.list_head* @gc_inflight_list, %struct.list_head** %125, align 8 store %struct.list_head* %129, %struct.list_head** %123, align 8 %130 = getelementptr inbounds %struct.list_head, %struct.list_head* %129, i64 0, i32 0 store volatile %struct.list_head* %120, %struct.list_head** %130, align 8 %131 = load volatile %struct.list_head*, %struct.list_head** %7, align 8 %132 = icmp eq %struct.list_head* %131, %3 br i1 %132, label %133, label %119 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 store volatile i8 0, i8* bitcast (%struct.spinlock* @unix_gc_lock to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %134 = getelementptr inbounds %struct.sk_buff_head.756025, %struct.sk_buff_head.756025* %1, i64 0, i32 0 %135 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 %136 = bitcast %struct.sk_buff_head.756025* %1 to %struct.sk_buff.756266* %137 = icmp eq %struct.sk_buff.756266* %135, %136 br i1 %137, label %161, label %138 %139 = phi %struct.sk_buff.756266* [ %141, %157 ], [ %135, %133 ] %140 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 0, i32 0, i32 0 %141 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %140, align 8 %142 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %139, i64 0, i32 18 %143 = load i16, i16* %142, align 2 %144 = icmp sgt i16 %143, -1 br i1 %144, label %157, label %145 %158 = icmp eq %struct.sk_buff.756266* %141, %136 br i1 %158, label %159, label %138 %160 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %134, align 8 br label %161 %162 = phi %struct.sk_buff.756266* [ %160, %159 ], [ %135, %133 ] %163 = icmp eq %struct.sk_buff.756266* %162, %136 %164 = icmp eq %struct.sk_buff.756266* %162, null %165 = or i1 %163, %164 br i1 %165, label %181, label %166 %167 = phi %struct.sk_buff.756266* [ %177, %166 ], [ %162, %161 ] %168 = load i32, i32* %106, align 8 %169 = add i32 %168, -1 store volatile i32 %169, i32* %106, align 8 %170 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 0 %171 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %170, align 8 %172 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %167, i64 0, i32 0, i32 0, i32 1 %173 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %172, align 8 %174 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %171, i64 0, i32 0, i32 0, i32 1 %175 = bitcast %struct.sk_buff.756266* %167 to i8* store volatile %struct.sk_buff.756266* %173, %struct.sk_buff.756266** %174, align 8 %176 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %173, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff.756266* %171, %struct.sk_buff.756266** %176, align 8 call void @kfree_skb_reason(%struct.sk_buff.756266* nonnull %167, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 __pskb_pull_tail 4 packet_parse_headers 5 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket, %struct.socket* %0, i64 0, i32 4 %6 = load %struct.sock*, %struct.sock** %5, align 8 %7 = bitcast %struct.msghdr* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %246, label %11 %12 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %246, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = shl i64 %2, 32 %28 = ashr exact i64 %27, 32 %29 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 2 %30 = icmp slt i32 %26, 0 br label %31 %32 = phi %struct.sk_buff* [ null, %20 ], [ %82, %114 ] %33 = phi i32 [ 0, %20 ], [ %52, %114 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %34 = load %struct.net*, %struct.net** %23, align 8 %35 = tail call %struct.net_device* bitcast (%struct.net_device.763141* (%struct.net.762977*, i8*)* @dev_get_by_name_rcu to %struct.net_device* (%struct.net*, i8*)*)(%struct.net* %34, i8* %24) #78 %36 = icmp eq %struct.net_device* %35, null br i1 %36, label %241, label %37 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 14 %39 = load i32, i32* %38, align 64 %40 = and i32 %39, 1 %41 = icmp eq i32 %40, 0 br i1 %41, label %241, label %42 %43 = load volatile i64, i64* %25, align 8 %44 = and i64 %43, 1048576 %45 = icmp eq i64 %44, 0 br i1 %45, label %51, label %46, !prof !5, !misexpect !6 %47 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 15 %48 = load i32, i32* %47, align 4 %49 = and i32 %48, 16384 %50 = icmp eq i32 %49, 0 br i1 %50, label %241, label %51 %52 = phi i32 [ %33, %42 ], [ 4, %46 ] %53 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %54 = load i32, i32* %53, align 8 %55 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %56 = load i16, i16* %55, align 2 %57 = zext i16 %56 to i32 %58 = add i32 %52, 4 %59 = add i32 %58, %54 %60 = add i32 %59, %57 %61 = zext i32 %60 to i64 %62 = icmp ult i64 %61, %2 br i1 %62, label %241, label %63 %64 = icmp eq %struct.sk_buff* %32, null br i1 %64, label %65, label %118 %119 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 20 %120 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 19 %121 = zext i16 %56 to i32 %122 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 41 %123 = load i8*, i8** %122, align 8 %124 = icmp sgt i32 %121, %26 br i1 %124, label %125, label %149, !prof !8, !misexpect !10 %150 = load i32, i32* %119, align 8 %151 = load i16, i16* %120, align 2 %152 = zext i16 %151 to i32 %153 = add i32 %150, %52 %154 = add i32 %153, %152 %155 = zext i32 %154 to i64 %156 = icmp ult i64 %155, %2 br i1 %156, label %157, label %177 %158 = getelementptr inbounds %struct.net_device, %struct.net_device* %35, i64 0, i32 32 %159 = load i16, i16* %158, align 32 %160 = icmp eq i16 %159, 1 br i1 %160, label %161, label %241, !prof !5, !misexpect !6 %162 = bitcast i8** %122 to i64* %163 = load i64, i64* %162, align 8 %164 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %165 = bitcast i8** %164 to i64* %166 = load i64, i64* %165, align 8 %167 = sub i64 %163, %166 %168 = trunc i64 %167 to i16 %169 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 36 store i16 %168, i16* %169, align 2 %170 = inttoptr i64 %166 to i8* %171 = and i64 %167, 65535 %172 = getelementptr i8, i8* %170, i64 %171 %173 = getelementptr inbounds i8, i8* %172, i64 12 %174 = bitcast i8* %173 to i16* %175 = load i16, i16* %174, align 1 %176 = icmp eq i16 %175, 129 br i1 %176, label %177, label %241 %178 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 65 %179 = load i16, i16* %178, align 8 %180 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %180, align 8 %181 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %181, align 8 %182 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %179, i16* %182, align 4 %183 = getelementptr inbounds %struct.msghdr, %struct.msghdr* %1, i64 0, i32 5 %184 = load i64, i64* %183, align 8 %185 = icmp eq i64 %184, 0 br i1 %185, label %192, label %186 %187 = call i32 bitcast (i32 (%struct.sock.273622*, %struct.msghdr.273589*, %struct.sockcm_cookie*)* @sock_cmsg_send to i32 (%struct.sock*, %struct.msghdr*, %struct.sockcm_cookie*)*)(%struct.sock* %6, %struct.msghdr* %1, %struct.sockcm_cookie* nonnull %4) #78 %188 = icmp eq i32 %187, 0 br i1 %188, label %189, label %241, !prof !5, !misexpect !6 %190 = load i64, i64* %180, align 8 %191 = load i16, i16* %182, align 4 br label %192 %193 = phi i16 [ %191, %189 ], [ %179, %177 ] %194 = phi i64 [ %190, %189 ], [ 0, %177 ] %195 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 33 store i16 %21, i16* %195, align 8 %196 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device* %35, %struct.net_device** %196, align 8 %197 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 33 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 21 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sock, %struct.sock* %6, i64 0, i32 34 %201 = load i32, i32* %200, align 4 %202 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 28, i32 0 store i32 %201, i32* %202, align 4 %203 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 2, i32 0 store i64 %194, i64* %203, align 8 %204 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 1, i32 0 %205 = load %struct.sock*, %struct.sock** %204, align 8 %206 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 40 %207 = load i8*, i8** %206, align 8 %208 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 39 %209 = load i32, i32* %208, align 4 %210 = zext i32 %209 to i64 %211 = getelementptr i8, i8* %207, i64 %210 %212 = getelementptr inbounds i8, i8* %211, i64 3 %213 = getelementptr inbounds i8, i8* %211, i64 28 %214 = bitcast i8* %213 to i32* %215 = icmp eq i16 %193, 0 br i1 %215, label %225, label %216, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %193, i8* %212) #78 %217 = trunc i16 %193 to i8 %218 = icmp sgt i8 %217, -1 %219 = and i16 %193, 771 %220 = icmp eq i16 %219, 0 %221 = or i1 %220, %218 br i1 %221, label %225, label %222 %223 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 68, i32 0 %224 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %223, i32 1, i32* %223) #6, !srcloc !11 store i32 %224, i32* %214, align 4 br label %225 %226 = getelementptr inbounds %struct.sock, %struct.sock* %205, i64 0, i32 0, i32 13, i32 0 %227 = load volatile i64, i64* %226, align 8 %228 = and i64 %227, 524288 %229 = icmp eq i64 %228, 0 br i1 %229, label %233, label %230, !prof !5, !misexpect !6 %234 = icmp eq i32 %52, 4 br i1 %234, label %235, label %239, !prof !8, !misexpect !6 %236 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %32, i64 0, i32 16 %237 = load i16, i16* %236, align 8 %238 = or i16 %237, 4096 store i16 %238, i16* %236, align 8 br label %239 call fastcc void @packet_parse_headers(%struct.sk_buff* nonnull %32, %struct.socket* %0) #79 Function:packet_parse_headers %3 = alloca i32, align 4 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device*, %struct.net_device** %36, align 8 %38 = getelementptr inbounds %struct.net_device, %struct.net_device* %37, i64 0, i32 32 %39 = load i16, i16* %38, align 32 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast i32* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff* %0, null %59 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ %54, %53 ], [ %89, %90 ] %62 = phi i32 [ 8, %53 ], [ %82, %90 ] store i32 0, i32* %3, align 4 %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %61 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72, !prof !4, !misexpect !5 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.756266*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff*, i32, i8*, i32)*)(%struct.sk_buff* nonnull %0, i32 %61, i8* nonnull %55, i32 4) #78 %75 = icmp sgt i32 %74, -1 %76 = select i1 %75, i8* %55, i8* null, !prof !4 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %62, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %62, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %61, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 %105) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 %131 = icmp eq i8* %130, null br i1 %131, label %146, label %132 tail call void @kfree_skb_reason(%struct.sk_buff.756266* %118, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 __pskb_pull_tail 4 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.756266*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.836958*, i32)*)(%struct.sk_buff.836958* %0, i32 %26) #78 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.756266* %0, i32 0, i32 %27, i32 2592) #78 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %303 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.756266* %0, i32 %38, i8* %42, i32 %1) #78 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.756266** %53 = load %struct.sk_buff.756266*, %struct.sk_buff.756266** %52, align 8 %54 = icmp eq %struct.sk_buff.756266* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.756147]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.756147], [17 x %struct.page_frag.756147]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %70 = sub i32 %65, %67 %71 = add nuw nsw i64 %64, 1 %72 = icmp ult i64 %71, %62 br i1 %72, label %63, label %73 %74 = phi i32 [ %1, %55 ], [ %70, %69 ] %75 = icmp eq i32 %74, 0 br i1 %75, label %186, label %76 %77 = phi i32 [ %83, %82 ], [ %74, %73 ] %78 = phi %struct.sk_buff.756266* [ %85, %82 ], [ %53, %73 ] %79 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 6 %80 = load i32, i32* %79, align 8 %81 = icmp ult i32 %77, %80 br i1 %81, label %87, label %82 %88 = getelementptr inbounds i8, i8* %50, i64 4 %89 = bitcast i8* %88 to i16* %90 = load i16, i16* %89, align 4 %91 = icmp eq i16 %90, 0 br i1 %91, label %106, label %92 %107 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %78, i64 0, i32 43, i32 0, i32 0 %108 = load volatile i32, i32* %107, align 4 %109 = icmp eq i32 %108, 1 br i1 %109, label %116, label %110 %117 = phi %struct.sk_buff.756266* [ %111, %113 ], [ %78, %106 ] %118 = phi %struct.sk_buff.756266* [ %111, %113 ], [ null, %106 ] %119 = phi %struct.sk_buff.756266* [ %115, %113 ], [ %78, %106 ] %120 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 6 %121 = load i32, i32* %120, align 8 %122 = icmp ult i32 %121, %77 br i1 %122, label %146, label %123, !prof !7, !misexpect !5 %124 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %117, i64 0, i32 7 %125 = load i32, i32* %124, align 4 %126 = sub i32 %121, %125 %127 = icmp ugt i32 %77, %126 br i1 %127, label %128, label %134 %129 = sub i32 %77, %126 %130 = tail call i8* @__pskb_pull_tail(%struct.sk_buff.756266* %117, i32 %129) #79 %131 = icmp eq i8* %130, null br i1 %131, label %146, label %132 tail call void @kfree_skb_reason(%struct.sk_buff.756266* %118, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 cn_rx_skb ------------- Path:  Function:cn_rx_skb %2 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 6 %3 = load i32, i32* %2, align 8 %4 = icmp ugt i32 %3, 15 br i1 %4, label %5, label %87 %6 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.nlmsghdr** %8 = load %struct.nlmsghdr*, %struct.nlmsghdr** %7, align 8 %9 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 4 %11 = add i32 %10, -16 %12 = icmp slt i32 %11, 20 br i1 %12, label %87, label %13 %14 = icmp ult i32 %3, %10 %15 = icmp sgt i32 %11, 16384 %16 = or i1 %14, %15 br i1 %16, label %87, label %17 %18 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 43 %19 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %18, i64 0, i32 0, i32 0 %20 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 1, i32* %19) #6, !srcloc !4 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22, !prof !5, !misexpect !6 %23 = add i32 %20, 1 %24 = or i32 %23, %20 %25 = icmp sgt i32 %24, -1 br i1 %25, label %28, label %26, !prof !7, !misexpect !6 %27 = phi i32 [ 2, %17 ], [ 1, %22 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %18, i32 %27) #78 br label %28 %29 = load %struct.nlmsghdr*, %struct.nlmsghdr** %7, align 8 %30 = getelementptr %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 1 %31 = bitcast %struct.nlmsghdr* %30 to %struct.cn_msg* %32 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %0, i64 0, i32 3 %33 = bitcast [48 x i8]* %32 to %struct.netlink_skb_parms* %34 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 0, i32 0 %35 = load i32, i32* %34, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr %struct.nlmsghdr, %struct.nlmsghdr* %29, i64 2 %38 = bitcast %struct.nlmsghdr* %37 to i16* %39 = load i16, i16* %38, align 4 %40 = zext i16 %39 to i64 %41 = add nuw nsw i64 %40, 36 %42 = icmp ugt i64 %41, %36 br i1 %42, label %86, label %43 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* %0, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 __neigh_event_send 4 __ip_do_redirect 5 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.837070*, %struct.net_device.837070** %9, align 8 %11 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %10, i64 0, i32 17 %12 = load i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.836948* %1, null br i1 %20, label %49, label %21 %50 = phi i32 [ %24, %45 ], [ %12, %3 ] %51 = phi i8 [ %35, %45 ], [ %15, %3 ] %52 = phi i8 [ %46, %45 ], [ %17, %3 ] %53 = phi i32 [ %26, %45 ], [ %19, %3 ] %54 = phi i32 [ %48, %45 ], [ 0, %3 ] %55 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %56 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 1 %57 = load i32, i32* %56, align 4 %58 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8, i32 0, i32 0 %59 = load i32, i32* %58, align 4 %60 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %50, i32* %60, align 8 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %61, align 4 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %53, i32* %62, align 8 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %52, i8* %65, align 2 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %66, align 1 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %67, align 8 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %54, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %57, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %59, i32* %71, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %73 = bitcast %struct.kuid_t* %72 to %struct.raw_hdlc_proto* %74 = bitcast %struct.kuid_t* %72 to i16* store i16 0, i16* %74, align 8 %75 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %73, i64 0, i32 1 store i16 0, i16* %75, align 2 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %76, align 8 %77 = and i8 %51, 28 store i8 %77, i8* %63, align 4 %78 = and i8 %51, 1 %79 = icmp eq i8 %78, 0 %80 = select i1 %79, i8 0, i8 -3 store i8 %80, i8* %64, align 1 call fastcc void @__ip_do_redirect(%struct.rtable.836556* %55, %struct.sk_buff.836958* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #78 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.837080, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %11 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* store i32 0, i32* %6, align 4 %21 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.837070*, %struct.net_device.837070** %28, align 8 %30 = bitcast %struct.fib_result.837080* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %286 %36 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %286 %40 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %286 %44 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 67 %45 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %44, align 8 %46 = icmp eq %struct.in_device.837027* %45, null br i1 %46, label %286, label %47 %48 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %29, i64 0, i32 109, i32 0 %49 = load %struct.net.836644*, %struct.net.836644** %48, align 8 %50 = icmp eq i32 %19, %27 br i1 %50, label %256, label %51 %52 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 0 %53 = load i32, i32* %52, align 4 %54 = icmp eq i32 %53, 0 %55 = getelementptr inbounds %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 0 %56 = load %struct.net_device.837070*, %struct.net_device.837070** %55, align 8 %57 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %56, i64 0, i32 109, i32 0 %58 = load %struct.net.836644*, %struct.net.836644** %57, align 8 %59 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %58, i64 0, i32 34, i32 6 %60 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %59, align 8 %61 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 3 %62 = load i32, i32* %61, align 4 %63 = icmp eq i32 %62, 0 br i1 %54, label %69, label %64 br i1 %63, label %256, label %65 %66 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 3 %67 = load i32, i32* %66, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %256, label %74 %75 = and i32 %19, 240 %76 = icmp eq i32 %75, 224 %77 = add i32 %19, 1 %78 = icmp ult i32 %77, 2 %79 = or i1 %78, %76 br i1 %79, label %256, label %80 %81 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %60, i64 0, i32 1, i64 6 %82 = load i32, i32* %81, align 8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %107 %85 = getelementptr %struct.in_device.837027, %struct.in_device.837027* %45, i64 0, i32 20, i32 1, i64 6 %86 = load i32, i32* %85, align 4 %87 = icmp eq i32 %86, 0 br i1 %87, label %88, label %107 %108 = tail call i32 bitcast (i32 (%struct.net.767947*, i32)* @inet_addr_type to i32 (%struct.net.836644*, i32)*)(%struct.net.836644* %49, i32 %19) #78 %109 = icmp eq i32 %108, 1 br i1 %109, label %110, label %256 %111 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %112 = load %struct.net_device.837070*, %struct.net_device.837070** %111, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %113 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %112, i64 0, i32 14 %114 = load i32, i32* %113, align 64 %115 = and i32 %114, 24 %116 = icmp eq i32 %115, 0 %117 = select i1 %116, i32 %19, i32 0 %118 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %119 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 2, i64 0 %120 = ptrtoint %struct.net_device.837070* %112 to i64 %121 = lshr i64 %120, 32 %122 = xor i64 %121, %120 %123 = trunc i64 %122 to i32 %124 = xor i32 %117, %123 %125 = load i32, i32* %119, align 4 %126 = mul i32 %124, %125 %127 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 1 %128 = load i32, i32* %127, align 8 %129 = sub i32 32, %128 %130 = lshr i32 %126, %129 %131 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %118, i64 0, i32 0 %132 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %131, align 8 %133 = zext i32 %130 to i64 %134 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %132, i64 %133 %135 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %134, align 8 %136 = icmp eq %struct.neighbour.836545* %135, null br i1 %136, label %174, label %137 %138 = phi %struct.neighbour.836545* [ %149, %147 ], [ %135, %110 ] %139 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 25 %140 = load %struct.net_device.837070*, %struct.net_device.837070** %139, align 8 %141 = icmp eq %struct.net_device.837070* %140, %112 br i1 %141, label %142, label %147 %143 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 26, i64 0 %144 = bitcast i8* %143 to i32* %145 = load i32, i32* %144, align 8 %146 = icmp eq i32 %145, %117 br i1 %146, label %151, label %147 %152 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %138, i64 0, i32 6 %153 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %152, i64 0, i32 0, i32 0 %154 = load volatile i32, i32* %153, align 4 %155 = icmp eq i32 %154, 0 br i1 %155, label %166, label %156 %157 = phi i32 [ %164, %163 ], [ %154, %151 ] %158 = add i32 %157, 1 %159 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %153, i32 %158, i32* %153, i32 %157) #6, !srcloc !6 %160 = extractvalue { i8, i32 } %159, 0 %161 = and i8 %160, 1 %162 = icmp eq i8 %161, 0 br i1 %162, label %163, label %166, !prof !7, !misexpect !8 %164 = extractvalue { i8, i32 } %159, 1 %165 = icmp eq i32 %164, 0 br i1 %165, label %166, label %156 %167 = phi i32 [ 0, %151 ], [ %157, %156 ], [ 0, %163 ] %168 = add i32 %167, 1 %169 = or i32 %168, %167 %170 = icmp sgt i32 %169, -1 br i1 %170, label %172, label %171, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %152, i32 0) #78 br label %172 %173 = icmp eq i32 %167, 0 br i1 %173, label %174, label %175 tail call fastcc void @local_bh_enable.65589() #78 %176 = icmp eq %struct.neighbour.836545* %138, null br i1 %176, label %177, label %180 %181 = phi %struct.neighbour.836545* [ %138, %175 ], [ %179, %177 ] %182 = bitcast %struct.neighbour.836545* %181 to i8* %183 = icmp ugt %struct.neighbour.836545* %181, inttoptr (i64 -4096 to %struct.neighbour.836545*) br i1 %183, label %286, label %184 %185 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 13 %186 = load i8, i8* %185, align 1 %187 = and i8 %186, -34 %188 = icmp eq i8 %187, 0 br i1 %188, label %189, label %200 %190 = load volatile i64, i64* @jiffies, align 64 %191 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %181, i64 0, i32 10 %192 = load volatile i64, i64* %191, align 8 %193 = icmp eq i64 %192, %190 br i1 %193, label %195, label %194 store volatile i64 %190, i64* %191, align 8 br label %195 %196 = and i8 %186, -38 %197 = icmp eq i8 %196, 0 br i1 %197, label %198, label %245 %199 = call i32 bitcast (i32 (%struct.neighbour*, %struct.sk_buff*)* @__neigh_event_send to i32 (%struct.neighbour.836545*, %struct.sk_buff.836958*)*)(%struct.neighbour.836545* %181, %struct.sk_buff.836958* null) #78 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #78 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %249 %10 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %268 %269 = and i32 %6, 4 %270 = icmp eq i32 %269, 0 br i1 %270, label %271, label %249 tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %3) #78 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* %1, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 __neigh_update 4 neigh_update 5 ndisc_update 6 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.903079, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.903079* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %196, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %196, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.902664, %struct.sk_buff.902664* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %58 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %57, i64 0, i32 68 %59 = load volatile %struct.inet6_dev.902571*, %struct.inet6_dev.902571** %58, align 16 %60 = icmp eq %struct.inet6_dev.902571* %59, null br i1 %60, label %196, label %61 %62 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 0 %63 = load i32, i32* %62, align 8 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %196 %66 = getelementptr inbounds %struct.inet6_dev.902571, %struct.inet6_dev.902571* %59, i64 0, i32 31, i32 4 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %196, label %69 %70 = getelementptr inbounds i8, i8* %20, i64 40 %71 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.905443*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.902651*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.902651* %57, i8* %70, i32 %25, %struct.ndisc_options* nonnull %6) #78 %72 = icmp eq %struct.ndisc_options* %71, null br i1 %72, label %196, label %73 %74 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %75 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %74, align 8 %76 = icmp eq %struct.nd_opt_hdr* %75, null br i1 %76, label %99, label %77 %78 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %79 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 51 %80 = load i8, i8* %79, align 1 %81 = getelementptr inbounds %struct.net_device.902651, %struct.net_device.902651* %78, i64 0, i32 32 %82 = load i16, i16* %81, align 32 %83 = icmp eq i16 %82, 32 %84 = select i1 %83, i32 2, i32 0 %85 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 0, i32 1 %86 = load i8, i8* %85, align 1 %87 = zext i8 %86 to i32 %88 = shl nuw nsw i32 %87, 3 %89 = zext i8 %80 to i32 %90 = or i32 %84, 9 %91 = add nuw nsw i32 %90, %89 %92 = and i32 %91, 504 %93 = icmp ne i32 %88, %92 %94 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %75, i64 1, i32 0 %95 = zext i32 %84 to i64 %96 = getelementptr i8, i8* %94, i64 %95 %97 = icmp eq i8* %96, null %98 = or i1 %97, %93 br i1 %98, label %196, label %99 %100 = phi i8* [ %96, %77 ], [ null, %73 ] %101 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %102 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %103 = bitcast %struct.lwtunnel_state.902525** %102 to i32* %104 = load i32, i32* %103, align 8 %105 = and i32 %104, 512 %106 = icmp eq i32 %105, 0 br i1 %106, label %107, label %196 %108 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 1 %109 = load %struct.dst_ops.902527*, %struct.dst_ops.902527** %108, align 8 %110 = getelementptr inbounds %struct.dst_ops.902527, %struct.dst_ops.902527* %109, i64 0, i32 15 %111 = load void (%struct.dst_entry.902548*, i8*)*, void (%struct.dst_entry.902548*, i8*)** %110, align 16 %112 = icmp eq void (%struct.dst_entry.902548*, i8*)* %111, null br i1 %112, label %120, label %113 %121 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %122 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121) #78 %123 = icmp eq %struct.neighbour.902458* %122, null br i1 %123, label %124, label %129 %125 = call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %35, %struct.net_device.902651* %121, i1 zeroext true) #78 %126 = icmp ugt %struct.neighbour.902458* %125, inttoptr (i64 -4096 to %struct.neighbour.902458*) %127 = icmp eq %struct.neighbour.902458* %125, null %128 = or i1 %126, %127 br i1 %128, label %196, label %129 %130 = phi %struct.neighbour.902458* [ %122, %120 ], [ %125, %124 ] %131 = load %struct.net_device.902651*, %struct.net_device.902651** %56, align 8 %132 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.905443*, %struct.neighbour.904925*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.902651*, %struct.neighbour.902458*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.902651* %131, %struct.neighbour.902458* nonnull %130, i8* %100, i8 zeroext 4, i32 %132, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #78 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.904925*, i8*, i8, i32, i32)*)(%struct.neighbour.904925* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #78 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #78 Function:__neigh_update callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@__neigh_update, %7)) #6 to label %21 [label %7], !srcloc !4 %22 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %23 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %24 = load %struct.net_device*, %struct.net_device** %23, align 8 %25 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %26 = load i8, i8* %25, align 1 %27 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %28 = load i8, i8* %27, align 1 %29 = icmp eq i8 %28, 0 br i1 %29, label %34, label %30 %35 = icmp sgt i32 %3, -1 %36 = xor i1 %35, true %37 = icmp ult i8 %26, 64 %38 = or i1 %37, %36 br i1 %38, label %39, label %398 br i1 %35, label %53, label %40 %54 = phi i32 [ 0, %39 ], [ 0, %40 ], [ 1, %48 ] %55 = phi i1 [ false, %39 ], [ false, %40 ], [ true, %48 ] %56 = and i32 %3, 268435456 %57 = icmp eq i32 %56, 0 br i1 %57, label %60, label %58 %61 = zext i8 %2 to i32 %62 = and i32 %61, 222 %63 = icmp eq i32 %62, 0 br i1 %63, label %64, label %102 %103 = getelementptr inbounds %struct.net_device, %struct.net_device* %24, i64 0, i32 51 %104 = load i8, i8* %103, align 1 %105 = icmp eq i8 %104, 0 br i1 %105, label %106, label %108 %109 = icmp eq i8* %1, null %110 = and i8 %26, -34 %111 = icmp eq i8 %110, 0 br i1 %109, label %119, label %112 br i1 %111, label %126, label %113 %114 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %115 = zext i8 %104 to i64 %116 = tail call i32 @bcmp(i8* nonnull %1, i8* %114, i64 %115) %117 = icmp eq i32 %116, 0 %118 = select i1 %117, i8* %114, i8* %1 br label %126 %127 = phi i8* [ %1, %112 ], [ %125, %124 ], [ %107, %106 ], [ %118, %113 ] %128 = and i32 %61, 194 %129 = icmp eq i32 %128, 0 br i1 %129, label %133, label %130 %134 = and i32 %3, 4 %135 = zext i8 %26 to i32 %136 = and i32 %135, 222 %137 = icmp eq i32 %136, 0 br i1 %137, label %156, label %138 %139 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %140 = icmp ne i8* %127, %139 %141 = and i32 %3, 1 %142 = icmp eq i32 %141, 0 %143 = and i1 %142, %140 br i1 %143, label %144, label %150 %151 = icmp eq i8* %127, %139 %152 = icmp eq i8 %2, 4 %153 = and i1 %152, %151 %154 = and i1 %35, %153 %155 = select i1 %154, i8 %26, i8 %2 br label %156 %157 = phi i8 [ %2, %133 ], [ 4, %144 ], [ %155, %150 ] %158 = phi i8* [ %127, %133 ], [ %139, %144 ], [ %127, %150 ] %159 = phi i32 [ %134, %133 ], [ 0, %144 ], [ %134, %150 ] %160 = zext i8 %157 to i32 %161 = icmp eq i8 %157, %26 %162 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 19, i64 0 %163 = icmp eq i8* %158, %162 %164 = and i1 %161, %163 br i1 %164, label %168, label %165 br i1 %161, label %227, label %169 %228 = phi i32 [ %54, %168 ], [ 1, %226 ] br i1 %163, label %274, label %229 %230 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %230) #78 %231 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 0, i32 0, i32 0 %232 = load i32, i32* %231, align 4 %233 = add i32 %232, 1 store i32 %233, i32* %231, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %234 = load i8, i8* %103, align 1 %235 = zext i8 %234 to i64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %236 = load i32, i32* %231, align 4 %237 = add i32 %236, 1 store i32 %237, i32* %231, align 4 %238 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 17, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %239 = bitcast %struct.spinlock* %238 to i8* store volatile i8 0, i8* %239, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %240 = load %struct.net_device*, %struct.net_device** %23, align 8 %241 = getelementptr inbounds %struct.net_device, %struct.net_device* %240, i64 0, i32 44 %242 = load %struct.header_ops*, %struct.header_ops** %241, align 16 %243 = icmp eq %struct.header_ops* %242, null br i1 %243, label %261, label %244 %262 = and i32 %160, 194 %263 = icmp eq i32 %262, 0 br i1 %263, label %264, label %274 %265 = load volatile i64, i64* @jiffies, align 64 %266 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 2 %267 = load %struct.neigh_parms*, %struct.neigh_parms** %266, align 8 %268 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %267, i64 0, i32 10, i64 5 %269 = load i32, i32* %268, align 4 %270 = shl i32 %269, 1 %271 = sext i32 %270 to i64 %272 = sub i64 %265, %271 %273 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 3 store i64 %272, i64* %273, align 8 br label %274 %275 = phi i32 [ %228, %227 ], [ 1, %261 ], [ 1, %264 ] br i1 %161, label %385, label %276 %277 = and i32 %160, 194 %278 = icmp eq i32 %277, 0 %279 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 22 %280 = load %struct.neigh_ops*, %struct.neigh_ops** %279, align 8 %281 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %280, i64 0, i32 3 %282 = getelementptr inbounds %struct.neigh_ops, %struct.neigh_ops* %280, i64 0, i32 4 %283 = select i1 %278, i32 (%struct.neighbour*, %struct.sk_buff*)** %281, i32 (%struct.neighbour*, %struct.sk_buff*)** %282 %284 = bitcast i32 (%struct.neighbour*, %struct.sk_buff*)** %283 to i64* %285 = load i64, i64* %284, align 8 %286 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 21 %287 = bitcast i32 (%struct.neighbour*, %struct.sk_buff*)** %286 to i64* store i64 %285, i64* %287, align 8 br i1 %137, label %288, label %385 %289 = load i8, i8* %25, align 1 %290 = and i8 %289, -34 %291 = icmp eq i8 %290, 0 br i1 %291, label %358, label %292 %293 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %294 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %293, i64 0, i32 0 %295 = bitcast %struct.sk_buff_head* %293 to %struct.sk_buff* %296 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %297 %298 = load %struct.sk_buff*, %struct.sk_buff** %294, align 8 %299 = icmp eq %struct.sk_buff* %298, %295 %300 = icmp eq %struct.sk_buff* %298, null %301 = or i1 %299, %300 br i1 %301, label %358, label %302 %303 = load i32, i32* %296, align 8 %304 = add i32 %303, -1 store volatile i32 %304, i32* %296, align 8 %305 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 0, i32 0, i32 0 %306 = load %struct.sk_buff*, %struct.sk_buff** %305, align 8 %307 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 0, i32 0, i32 1 %308 = load %struct.sk_buff*, %struct.sk_buff** %307, align 8 %309 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %306, i64 0, i32 0, i32 0, i32 1 %310 = bitcast %struct.sk_buff* %298 to i8* store volatile %struct.sk_buff* %308, %struct.sk_buff** %309, align 8 %311 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %308, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %306, %struct.sk_buff** %311, align 8 %312 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %298, i64 0, i32 4, i32 0, i32 0 %313 = load i64, i64* %312, align 8 %314 = and i64 %313, -2 %315 = inttoptr i64 %314 to %struct.dst_entry* tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %22) #78 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %316 = icmp eq i64 %314, 0 br i1 %316, label %336, label %317 %318 = getelementptr inbounds %struct.dst_entry, %struct.dst_entry* %315, i64 0, i32 8 %319 = load i16, i16* %318, align 2 %320 = icmp eq i16 %319, 2 br i1 %320, label %336, label %321 %322 = getelementptr inbounds %struct.dst_entry, %struct.dst_entry* %315, i64 0, i32 1 %323 = load %struct.dst_ops*, %struct.dst_ops** %322, align 8 %324 = getelementptr inbounds %struct.dst_ops, %struct.dst_ops* %323, i64 0, i32 14 %325 = load %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)*, %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)** %324, align 8 %326 = icmp eq %struct.neighbour* (%struct.dst_entry*, %struct.sk_buff*, i8*)* %325, null br i1 %326, label %327, label %328, !prof !14, !misexpect !11 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.16.63751, i64 0, i64 0), i32 409, i32 2307, i64 12) #6, !srcloc !20 br label %332 %333 = phi %struct.neighbour* [ %331, %328 ], [ null, %327 ] %334 = icmp eq %struct.neighbour* %333, null %335 = select i1 %334, %struct.neighbour* %0, %struct.neighbour* %333 br label %336 %337 = phi %struct.neighbour* [ null, %317 ], [ null, %302 ], [ %333, %332 ] %338 = phi %struct.neighbour* [ %0, %317 ], [ %0, %302 ], [ %335, %332 ] %339 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %338, i64 0, i32 21 %340 = load i32 (%struct.neighbour*, %struct.sk_buff*)*, i32 (%struct.neighbour*, %struct.sk_buff*)** %339, align 8 %341 = tail call i32 %340(%struct.neighbour* %338, %struct.sk_buff* nonnull %298) #78 %342 = icmp eq %struct.neighbour* %337, null br i1 %342, label %354, label %343 %344 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %337, i64 0, i32 6 %345 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %344, i64 0, i32 0, i32 0 %346 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %345, i32 -1, i32* %345) #6, !srcloc !9 %347 = icmp eq i32 %346, 1 br i1 %347, label %353, label %348 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @neigh_destroy(%struct.neighbour* nonnull %337) #78 br label %354 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 tail call void @rcu_read_unlock_strict() #78 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %22) #78 %355 = load i8, i8* %25, align 1 %356 = and i8 %355, -34 %357 = icmp eq i8 %356, 0 br i1 %357, label %358, label %297 %359 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %360 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %359, i64 0, i32 0 %361 = load %struct.sk_buff*, %struct.sk_buff** %360, align 8 %362 = bitcast %struct.sk_buff_head* %359 to %struct.sk_buff* %363 = icmp eq %struct.sk_buff* %361, %362 %364 = icmp eq %struct.sk_buff* %361, null %365 = or i1 %363, %364 br i1 %365, label %383, label %366 %367 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %368 %369 = phi %struct.sk_buff* [ %361, %366 ], [ %379, %368 ] %370 = load i32, i32* %367, align 8 %371 = add i32 %370, -1 store volatile i32 %371, i32* %367, align 8 %372 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 0 %373 = load %struct.sk_buff*, %struct.sk_buff** %372, align 8 %374 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 1 %375 = load %struct.sk_buff*, %struct.sk_buff** %374, align 8 %376 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %373, i64 0, i32 0, i32 0, i32 1 %377 = bitcast %struct.sk_buff* %369 to i8* store volatile %struct.sk_buff* %375, %struct.sk_buff** %376, align 8 %378 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %375, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %373, %struct.sk_buff** %378, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %369, i32 0) #78 %369 = phi %struct.sk_buff* [ %361, %366 ], [ %379, %368 ] %370 = load i32, i32* %367, align 8 %371 = add i32 %370, -1 store volatile i32 %371, i32* %367, align 8 %372 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 0 %373 = load %struct.sk_buff*, %struct.sk_buff** %372, align 8 %374 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %369, i64 0, i32 0, i32 0, i32 1 %375 = load %struct.sk_buff*, %struct.sk_buff** %374, align 8 %376 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %373, i64 0, i32 0, i32 0, i32 1 %377 = bitcast %struct.sk_buff* %369 to i8* store volatile %struct.sk_buff* %375, %struct.sk_buff** %376, align 8 %378 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %375, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %373, %struct.sk_buff** %378, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %369, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 nf_queue 4 nf_hook_slow 5 __ip6_local_out ------------- Path:  Function:__ip6_local_out %4 = alloca %struct.nf_hook_state.762954, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = add i32 %6, -40 %8 = icmp sgt i32 %7, 65535 %9 = trunc i32 %7 to i16 %10 = select i1 %8, i16 0, i16 %9 %12 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds i8, i8* %17, i64 4 %19 = bitcast i8* %18 to i16* store i16 %11, i16* %19, align 4 %20 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 3, i64 14 %21 = bitcast i8* %20 to i16* store i16 6, i16* %21, align 2 %22 = icmp eq %struct.sk_buff.763154* %2, null br i1 %22, label %46, label %23, !prof !4, !misexpect !5 %24 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 33 store i16 -8826, i16* %24, align 8 %25 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %2, i64 0, i32 4, i32 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = and i64 %26, -2 %28 = inttoptr i64 %27 to i64* %29 = load i64, i64* %28, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds ([13 x [5 x %struct.static_key]], [13 x [5 x %struct.static_key]]* @nf_hooks_needed, i64 0, i64 10, i64 3), i32 2, i8* blockaddress(@__ip6_local_out, %30)) #6 to label %46 [label %30], !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %31 = getelementptr %struct.net.762977, %struct.net.762977* %0, i64 0, i32 36, i32 4, i64 3 %32 = load volatile %struct.nf_hook_entries.762956*, %struct.nf_hook_entries.762956** %31, align 8 %33 = icmp eq %struct.nf_hook_entries.762956* %32, null br i1 %33, label %44, label %34 %35 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 0 %36 = bitcast %struct.nf_hook_state.762954* %4 to i64* store i64 2563, i64* %36, align 8 %37 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 2 store %struct.net_device.763141* null, %struct.net_device.763141** %37, align 8 %38 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 3 %39 = bitcast %struct.net_device.763141** %38 to i64* store i64 %29, i64* %39, align 8 %40 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 4 store %struct.sock.762871* %1, %struct.sock.762871** %40, align 8 %41 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 5 store %struct.net.762977* %0, %struct.net.762977** %41, align 8 %42 = getelementptr inbounds %struct.nf_hook_state.762954, %struct.nf_hook_state.762954* %4, i64 0, i32 6 store i32 (%struct.net.762977*, %struct.sock.762871*, %struct.sk_buff.763154*)* @dst_output.68437, i32 (%struct.net.762977*, %struct.sock.762871*, %struct.sk_buff.763154*)** %42, align 8 %43 = call i32 bitcast (i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, %struct.nf_hook_entries.806847*, i32)* @nf_hook_slow to i32 (%struct.sk_buff.763154*, %struct.nf_hook_state.762954*, %struct.nf_hook_entries.762956*, i32)*)(%struct.sk_buff.763154* nonnull %2, %struct.nf_hook_state.762954* nonnull %4, %struct.nf_hook_entries.762956* nonnull %32, i32 0) #78 Function:nf_hook_slow %5 = getelementptr inbounds %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = zext i16 %6 to i32 %8 = icmp ugt i32 %7, %3 br i1 %8, label %9, label %33 %10 = zext i32 %3 to i64 br label %11 %12 = phi i64 [ %10, %9 ], [ %29, %28 ] %13 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 0 %14 = load i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)*, i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)** %13, align 8 %15 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 1 %16 = load i8*, i8** %15, align 8 %17 = tail call i32 %14(i8* %16, %struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1) #78 %18 = trunc i32 %17 to i8 switch i8 %18, label %33 [ i8 1, label %28 i8 0, label %19 i8 3, label %24 ] %25 = trunc i64 %12 to i32 %26 = tail call i32 bitcast (i32 (%struct.sk_buff.273360*, %struct.nf_hook_state*, i32, i32)* @nf_queue to i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, i32, i32)*)(%struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1, i32 %25, i32 %17) #78 Function:nf_queue %5 = alloca [6 x i8], align 2 %6 = lshr i32 %3, 16 %7 = getelementptr inbounds [6 x i8], [6 x i8]* %5, i64 0, i64 0 %8 = load volatile %struct.nf_queue_handler*, %struct.nf_queue_handler** @nf_queue_handler, align 8 %9 = icmp eq %struct.nf_queue_handler* %8, null br i1 %9, label %231, label %10 %11 = getelementptr inbounds %struct.nf_hook_state, %struct.nf_hook_state* %1, i64 0, i32 1 %12 = load i8, i8* %11, align 1 %13 = icmp eq i8 %12, 10 %14 = select i1 %13, i64 124, i64 88 %15 = icmp eq i8 %12, 2 %16 = select i1 %15, i64 104, i64 %14 %17 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 4, i32 0, i32 1 %18 = load void (%struct.sk_buff.273360*)*, void (%struct.sk_buff.273360*)** %17, align 8 %19 = icmp eq void (%struct.sk_buff.273360*)* %18, @sock_pfree br i1 %19, label %20, label %58 %21 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 1, i32 0 %22 = load %struct.sock.273622*, %struct.sock.273622** %21, align 8 %23 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 4 %24 = load volatile i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = shl nuw i32 1, %25 %27 = and i32 %26, -4161 %28 = icmp eq i32 %27, 0 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 13, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = and i64 %31, 8388608 %33 = icmp eq i64 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 19 %36 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %35, i64 0, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %49, label %39 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 %41, i32* %36, i32 %40) #6, !srcloc !4 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !5, !misexpect !6 %47 = extractvalue { i8, i32 } %42, 1 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %39 %50 = phi i32 [ 0, %34 ], [ %40, %39 ], [ 0, %46 ] %51 = add i32 %50, 1 %52 = or i32 %51, %50 %53 = icmp sgt i32 %52, -1 br i1 %53, label %55, label %54, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %35, i32 0) #78 br label %55 %56 = icmp eq i32 %50, 0 br i1 %56, label %230, label %57 br label %236 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.273360*, i32)*)(%struct.sk_buff.273360* %0, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 nf_queue 4 nf_hook_slow 5 __ip_local_out ------------- Path:  Function:__ip_local_out %4 = alloca %struct.nf_hook_state.841147, align 8 %5 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 40 %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 35 %8 = load i16, i16* %7, align 4 %9 = zext i16 %8 to i64 %10 = getelementptr i8, i8* %6, i64 %9 %11 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 6 %12 = load i32, i32* %11, align 8 %13 = trunc i32 %12 to i16 %15 = getelementptr inbounds i8, i8* %10, i64 2 %16 = bitcast i8* %15 to i16* store i16 %14, i16* %16, align 2 %17 = getelementptr inbounds i8, i8* %10, i64 10 %18 = bitcast i8* %17 to i16* store i16 0, i16* %18, align 2 %19 = load i8, i8* %10, align 4 %20 = and i8 %19, 15 %21 = zext i8 %20 to i32 %22 = tail call { i32, i8*, i32 } asm " movl ($1), $0\0A subl $$4, $2\0A jbe 2f\0A addl 4($1), $0\0A adcl 8($1), $0\0A adcl 12($1), $0\0A1: adcl 16($1), $0\0A lea 4($1), $1\0A decl $2\0A jne\091b\0A adcl $$0, $0\0A movl $0, $2\0A shrl $$16, $0\0A addw ${2:w}, ${0:w}\0A adcl $$0, $0\0A notl $0\0A2:", "=r,=r,=r,1,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %10, i32 %21) #6, !srcloc !4 %23 = extractvalue { i32, i8*, i32 } %22, 0 %24 = trunc i32 %23 to i16 store i16 %24, i16* %18, align 2 %25 = icmp eq %struct.sk_buff.841525* %2, null br i1 %25, label %50, label %26, !prof !5, !misexpect !6 %27 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 33 store i16 8, i16* %27, align 8 %28 = getelementptr inbounds %struct.sk_buff.841525, %struct.sk_buff.841525* %2, i64 0, i32 4, i32 0, i32 0 %29 = load i64, i64* %28, align 8 %30 = and i64 %29, -2 %31 = inttoptr i64 %30 to i64* %32 = load i64, i64* %31, align 8 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds ([13 x [5 x %struct.static_key]], [13 x [5 x %struct.static_key]]* @nf_hooks_needed, i64 0, i64 2, i64 3), i32 2, i8* blockaddress(@__ip_local_out, %33)) #6 to label %50 [label %33], !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %34 = getelementptr %struct.net.841211, %struct.net.841211* %0, i64 0, i32 36, i32 3, i64 3 %35 = load volatile %struct.nf_hook_entries.841149*, %struct.nf_hook_entries.841149** %34, align 8 %36 = icmp eq %struct.nf_hook_entries.841149* %35, null br i1 %36, label %48, label %37 %38 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 0 %39 = bitcast %struct.nf_hook_state.841147* %4 to i64* store i64 515, i64* %39, align 8 %40 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 2 store %struct.net_device.841632* null, %struct.net_device.841632** %40, align 8 %41 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 3 %42 = bitcast %struct.net_device.841632** %41 to i64* store i64 %32, i64* %42, align 8 %43 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 4 store %struct.sock.841515* %1, %struct.sock.841515** %43, align 8 %44 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 5 store %struct.net.841211* %0, %struct.net.841211** %44, align 8 %45 = getelementptr inbounds %struct.nf_hook_state.841147, %struct.nf_hook_state.841147* %4, i64 0, i32 6 %46 = bitcast {}** %45 to i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)** store i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)* @dst_output, i32 (%struct.net.841211*, %struct.sock.841515*, %struct.sk_buff.841525*)** %46, align 8 %47 = call i32 bitcast (i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, %struct.nf_hook_entries.806847*, i32)* @nf_hook_slow to i32 (%struct.sk_buff.841525*, %struct.nf_hook_state.841147*, %struct.nf_hook_entries.841149*, i32)*)(%struct.sk_buff.841525* nonnull %2, %struct.nf_hook_state.841147* nonnull %4, %struct.nf_hook_entries.841149* nonnull %35, i32 0) #78 Function:nf_hook_slow %5 = getelementptr inbounds %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 0 %6 = load i16, i16* %5, align 8 %7 = zext i16 %6 to i32 %8 = icmp ugt i32 %7, %3 br i1 %8, label %9, label %33 %10 = zext i32 %3 to i64 br label %11 %12 = phi i64 [ %10, %9 ], [ %29, %28 ] %13 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 0 %14 = load i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)*, i32 (i8*, %struct.sk_buff.806982*, %struct.nf_hook_state.806845*)** %13, align 8 %15 = getelementptr %struct.nf_hook_entries.806847, %struct.nf_hook_entries.806847* %2, i64 0, i32 1, i64 %12, i32 1 %16 = load i8*, i8** %15, align 8 %17 = tail call i32 %14(i8* %16, %struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1) #78 %18 = trunc i32 %17 to i8 switch i8 %18, label %33 [ i8 1, label %28 i8 0, label %19 i8 3, label %24 ] %25 = trunc i64 %12 to i32 %26 = tail call i32 bitcast (i32 (%struct.sk_buff.273360*, %struct.nf_hook_state*, i32, i32)* @nf_queue to i32 (%struct.sk_buff.806982*, %struct.nf_hook_state.806845*, i32, i32)*)(%struct.sk_buff.806982* %0, %struct.nf_hook_state.806845* %1, i32 %25, i32 %17) #78 Function:nf_queue %5 = alloca [6 x i8], align 2 %6 = lshr i32 %3, 16 %7 = getelementptr inbounds [6 x i8], [6 x i8]* %5, i64 0, i64 0 %8 = load volatile %struct.nf_queue_handler*, %struct.nf_queue_handler** @nf_queue_handler, align 8 %9 = icmp eq %struct.nf_queue_handler* %8, null br i1 %9, label %231, label %10 %11 = getelementptr inbounds %struct.nf_hook_state, %struct.nf_hook_state* %1, i64 0, i32 1 %12 = load i8, i8* %11, align 1 %13 = icmp eq i8 %12, 10 %14 = select i1 %13, i64 124, i64 88 %15 = icmp eq i8 %12, 2 %16 = select i1 %15, i64 104, i64 %14 %17 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 4, i32 0, i32 1 %18 = load void (%struct.sk_buff.273360*)*, void (%struct.sk_buff.273360*)** %17, align 8 %19 = icmp eq void (%struct.sk_buff.273360*)* %18, @sock_pfree br i1 %19, label %20, label %58 %21 = getelementptr inbounds %struct.sk_buff.273360, %struct.sk_buff.273360* %0, i64 0, i32 1, i32 0 %22 = load %struct.sock.273622*, %struct.sock.273622** %21, align 8 %23 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 4 %24 = load volatile i8, i8* %23, align 2 %25 = zext i8 %24 to i32 %26 = shl nuw i32 1, %25 %27 = and i32 %26, -4161 %28 = icmp eq i32 %27, 0 br i1 %28, label %58, label %29 %30 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 13, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = and i64 %31, 8388608 %33 = icmp eq i64 %32, 0 br i1 %33, label %58, label %34 %35 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %22, i64 0, i32 0, i32 19 %36 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %35, i64 0, i32 0, i32 0 %37 = load volatile i32, i32* %36, align 4 %38 = icmp eq i32 %37, 0 br i1 %38, label %49, label %39 %40 = phi i32 [ %47, %46 ], [ %37, %34 ] %41 = add i32 %40, 1 %42 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %36, i32 %41, i32* %36, i32 %40) #6, !srcloc !4 %43 = extractvalue { i8, i32 } %42, 0 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %46, label %49, !prof !5, !misexpect !6 %47 = extractvalue { i8, i32 } %42, 1 %48 = icmp eq i32 %47, 0 br i1 %48, label %49, label %39 %50 = phi i32 [ 0, %34 ], [ %40, %39 ], [ 0, %46 ] %51 = add i32 %50, 1 %52 = or i32 %51, %50 %53 = icmp sgt i32 %52, -1 br i1 %53, label %55, label %54, !prof !7, !misexpect !6 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %35, i32 0) #78 br label %55 %56 = icmp eq i32 %50, 0 br i1 %56, label %230, label %57 br label %236 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.273360*, i32)*)(%struct.sk_buff.273360* %0, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 ___neigh_create 5 __neigh_create 6 ip6_neigh_lookup 7 ip6_dst_neigh_lookup ------------- Path:  Function:ip6_dst_neigh_lookup %4 = bitcast %struct.dst_entry.902548* %0 to %struct.rt6_info.902561* %5 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 1, i32 14 %6 = bitcast %struct.lwtunnel_state.902525** %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 2 %9 = icmp eq i32 %8, 0 %10 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %4, i64 0, i32 5 %11 = and i32 %7, 16777216 %12 = icmp eq i32 %11, 0 %13 = getelementptr inbounds %struct.rt6_info.902561, %struct.rt6_info.902561* %4, i64 0, i32 3, i32 0 %14 = select i1 %12, %struct.in6_addr* bitcast ({ { [16 x i8] } }* @in6addr_any to %struct.in6_addr*), %struct.in6_addr* %13 %15 = select i1 %9, %struct.in6_addr* %14, %struct.in6_addr* %10 %16 = getelementptr inbounds %struct.dst_entry.902548, %struct.dst_entry.902548* %0, i64 0, i32 0 %17 = load %struct.net_device.902651*, %struct.net_device.902651** %16, align 8 %18 = tail call %struct.neighbour.902458* @ip6_neigh_lookup(%struct.in6_addr* %15, %struct.net_device.902651* %17, %struct.sk_buff.902664* %1, i8* %2) #78 Function:ip6_neigh_lookup %5 = bitcast %struct.in6_addr* %0 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.in6_addr, %struct.in6_addr* %0, i64 0, i32 0, i32 0, i64 2 %8 = bitcast i32* %7 to i64* %9 = load i64, i64* %8, align 8 %10 = or i64 %9, %6 %11 = icmp eq i64 %10, 0 br i1 %11, label %14, label %12 %13 = bitcast %struct.in6_addr* %0 to i8* br label %24 %25 = phi i8* [ %23, %16 ], [ %13, %12 ], [ %3, %14 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = load volatile %struct.neigh_hash_table.902453*, %struct.neigh_hash_table.902453** getelementptr inbounds (%struct.neigh_table.902454, %struct.neigh_table.902454* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i64 0, i32 29), align 8 %27 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 0 %28 = bitcast i8* %25 to i32* %29 = load i32, i32* %28, align 4 %30 = ptrtoint %struct.net_device.902651* %1 to i64 %31 = lshr i64 %30, 32 %32 = xor i64 %31, %30 %33 = trunc i64 %32 to i32 %34 = xor i32 %29, %33 %35 = load i32, i32* %27, align 4 %36 = mul i32 %34, %35 %37 = getelementptr i8, i8* %25, i64 4 %38 = bitcast i8* %37 to i32* %39 = load i32, i32* %38, align 4 %40 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 1 %41 = load i32, i32* %40, align 4 %42 = mul i32 %41, %39 %43 = add i32 %42, %36 %44 = getelementptr i8, i8* %25, i64 8 %45 = bitcast i8* %44 to i32* %46 = load i32, i32* %45, align 4 %47 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 2 %48 = load i32, i32* %47, align 4 %49 = mul i32 %48, %46 %50 = add i32 %43, %49 %51 = getelementptr i8, i8* %25, i64 12 %52 = bitcast i8* %51 to i32* %53 = load i32, i32* %52, align 4 %54 = getelementptr %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 2, i64 3 %55 = load i32, i32* %54, align 4 %56 = mul i32 %55, %53 %57 = add i32 %50, %56 %58 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 1 %59 = load i32, i32* %58, align 8 %60 = sub i32 32, %59 %61 = lshr i32 %57, %60 %62 = getelementptr inbounds %struct.neigh_hash_table.902453, %struct.neigh_hash_table.902453* %26, i64 0, i32 0 %63 = load %struct.neighbour.902458**, %struct.neighbour.902458*** %62, align 8 %64 = zext i32 %61 to i64 %65 = getelementptr %struct.neighbour.902458*, %struct.neighbour.902458** %63, i64 %64 %66 = load volatile %struct.neighbour.902458*, %struct.neighbour.902458** %65, align 8 %67 = icmp eq %struct.neighbour.902458* %66, null br i1 %67, label %121, label %68 %69 = phi %struct.neighbour.902458* [ %96, %94 ], [ %66, %24 ] %70 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 25 %71 = load %struct.net_device.902651*, %struct.net_device.902651** %70, align 8 %72 = icmp eq %struct.net_device.902651* %71, %1 br i1 %72, label %73, label %94 %74 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 0 %75 = bitcast i8* %74 to i32* %76 = load i32, i32* %75, align 4 %77 = xor i32 %76, %29 %78 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 4 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 4 %81 = xor i32 %80, %39 %82 = or i32 %81, %77 %83 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 8 %84 = bitcast i8* %83 to i32* %85 = load i32, i32* %84, align 4 %86 = xor i32 %85, %46 %87 = or i32 %82, %86 %88 = getelementptr %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 26, i64 12 %89 = bitcast i8* %88 to i32* %90 = load i32, i32* %89, align 4 %91 = xor i32 %90, %53 %92 = or i32 %87, %91 %93 = icmp eq i32 %92, 0 br i1 %93, label %98, label %94 %95 = getelementptr inbounds %struct.neighbour.902458, %struct.neighbour.902458* %69, i64 0, i32 0 %96 = load volatile %struct.neighbour.902458*, %struct.neighbour.902458** %95, align 8 %97 = icmp eq %struct.neighbour.902458* %96, null br i1 %97, label %121, label %68 tail call fastcc void @local_bh_enable.67548() #78 br label %124 %125 = tail call %struct.neighbour.902458* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.902458* (%struct.neigh_table.902454*, i8*, %struct.net_device.902651*, i1)*)(%struct.neigh_table.902454* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.905443*, i32*)*, i1 (%struct.neighbour.904925*, i8*)*, i32 (%struct.neighbour.904925*)*, i32 (%struct.pneigh_entry.904912*)*, void (%struct.pneigh_entry.904912*)*, void (%struct.sk_buff.905336*)*, i32 (i8*)*, i1 (%struct.net_device.905443*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.904913, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.904916, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.904921*, %struct.pneigh_entry.904912** }* @nd_tbl to %struct.neigh_table.902454*), i8* %25, %struct.net_device.902651* %1, i1 zeroext true) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) %331 = icmp eq i32 %330, 0 br i1 %331, label %332, label %344 br i1 %5, label %333, label %382 %334 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 6 %335 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %334, i64 0, i32 0, i32 0 %336 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %335, i32 1, i32* %335) #6, !srcloc !9 %337 = icmp eq i32 %336, 0 br i1 %337, label %338, label %339, !prof !10, !misexpect !11 %340 = add i32 %336, 1 %341 = or i32 %340, %336 %342 = icmp sgt i32 %341, -1 br i1 %342, label %382, label %343, !prof !12, !misexpect !11 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %334, i32 1) #78 br label %382 %383 = phi %struct.neighbour* [ %324, %332 ], [ inttoptr (i64 -22 to %struct.neighbour*), %302 ], [ %324, %338 ], [ %324, %339 ], [ %324, %343 ] tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %243) #78 br label %384 %385 = phi %struct.neighbour* [ %207, %205 ], [ %219, %217 ], [ %233, %231 ], [ %383, %382 ] br i1 %4, label %388, label %386 %387 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 24, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %387, i32* %387) #6, !srcloc !15 br label %388 %389 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 6 %390 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %389, i64 0, i32 0, i32 0 %391 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %390, i32 -1, i32* %390) #6, !srcloc !28 %392 = icmp eq i32 %391, 1 br i1 %392, label %398, label %393 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !29 tail call void @neigh_destroy(%struct.neighbour* nonnull %173) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 ___neigh_create 5 __neigh_create 6 ipv4_neigh_lookup ------------- Path:  Function:ipv4_neigh_lookup %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* %7 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 0, i32 0 %8 = load %struct.net_device.837070*, %struct.net_device.837070** %7, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.dst_entry.836531, %struct.dst_entry.836531* %0, i64 1, i32 2 %10 = bitcast i64* %9 to i8* %11 = load i8, i8* %10, align 8 switch i8 %11, label %138 [ i8 2, label %12 i8 10, label %58 ], !prof !6 %13 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %6, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %14 = load i32, i32* %13, align 4 %15 = bitcast i32* %5 to i8* store i32 %14, i32* %5, align 4 %16 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %8, i64 0, i32 14 %17 = load i32, i32* %16, align 64 %18 = and i32 %17, 24 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 %14, i32 0 %21 = load volatile %struct.neigh_hash_table.836541*, %struct.neigh_hash_table.836541** getelementptr inbounds (%struct.neigh_table.836542, %struct.neigh_table.836542* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i64 0, i32 29), align 8 %22 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 2, i64 0 %23 = ptrtoint %struct.net_device.837070* %8 to i64 %24 = lshr i64 %23, 32 %25 = xor i64 %24, %23 %26 = trunc i64 %25 to i32 %27 = xor i32 %20, %26 %28 = load i32, i32* %22, align 4 %29 = mul i32 %27, %28 %30 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = sub i32 32, %31 %33 = lshr i32 %29, %32 %34 = getelementptr inbounds %struct.neigh_hash_table.836541, %struct.neigh_hash_table.836541* %21, i64 0, i32 0 %35 = load %struct.neighbour.836545**, %struct.neighbour.836545*** %34, align 8 %36 = zext i32 %33 to i64 %37 = getelementptr %struct.neighbour.836545*, %struct.neighbour.836545** %35, i64 %36 %38 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %37, align 8 %39 = icmp eq %struct.neighbour.836545* %38, null br i1 %39, label %54, label %40 %41 = phi %struct.neighbour.836545* [ %52, %50 ], [ %38, %12 ] %42 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 25 %43 = load %struct.net_device.837070*, %struct.net_device.837070** %42, align 8 %44 = icmp eq %struct.net_device.837070* %43, %8 br i1 %44, label %45, label %50 %46 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 26, i64 0 %47 = bitcast i8* %46 to i32* %48 = load i32, i32* %47, align 8 %49 = icmp eq i32 %48, %20 br i1 %49, label %56, label %50 %51 = getelementptr inbounds %struct.neighbour.836545, %struct.neighbour.836545* %41, i64 0, i32 0 %52 = load volatile %struct.neighbour.836545*, %struct.neighbour.836545** %51, align 8 %53 = icmp eq %struct.neighbour.836545* %52, null br i1 %53, label %54, label %40 %55 = call %struct.neighbour.836545* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*, i1)* @__neigh_create to %struct.neighbour.836545* (%struct.neigh_table.836542*, i8*, %struct.net_device.837070*, i1)*)(%struct.neigh_table.836542* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.859631*, i32*)*, i1 (%struct.neighbour.859104*, i8*)*, i32 (%struct.neighbour.859104*)*, i32 (%struct.pneigh_entry.859091*)*, void (%struct.pneigh_entry.859091*)*, void (%struct.sk_buff.859519*)*, i32 (i8*)*, i1 (%struct.net_device.859631*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.859092, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.859095, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.859100*, %struct.pneigh_entry.859091** }* @arp_tbl to %struct.neigh_table.836542*), i8* nonnull %15, %struct.net_device.837070* %8, i1 zeroext false) #78 Function:__neigh_create %5 = tail call fastcc %struct.neighbour* @___neigh_create(%struct.neigh_table* %0, i8* %1, %struct.net_device* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #78 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 54 %105 = load i16, i16* %104, align 64 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #78 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = getelementptr inbounds i8, i8* %109, i64 144 %125 = bitcast i8* %124 to i32* store i32 0, i32* %125, align 8 %126 = bitcast i8* %123 to i32* store i32 0, i32* %126, align 4 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour*, %struct.sk_buff*)** store i32 (%struct.neighbour*, %struct.sk_buff*)* @neigh_blackhole, i32 (%struct.neighbour*, %struct.sk_buff*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = getelementptr inbounds i8, i8* %109, i64 192 %137 = bitcast i8* %136 to i32* store i32 0, i32* %137, align 8 %138 = bitcast i8* %135 to i32* store i32 0, i32* %138, align 4 %139 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %140, i32 %149) #78 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms** store %struct.neigh_parms* %139, %struct.neigh_parms** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #78 %155 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table** store %struct.neigh_table* %0, %struct.neigh_table** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = bitcast i8* %163 to %struct.list_head* %165 = bitcast i8* %163 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to %struct.list_head** store volatile %struct.list_head* %164, %struct.list_head** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@___neigh_create, %174)) #6 to label %188 [label %174], !srcloc !16 %189 = icmp eq %struct.neighbour* %173, null br i1 %189, label %380, label %190 %191 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 26, i64 0 %192 = zext i32 %8 to i64 %193 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 25 store %struct.net_device* %2, %struct.net_device** %193, align 8 %194 = icmp eq %struct.net_device* %2, null br i1 %194, label %198, label %195 %199 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 6 %200 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %199, align 8 %201 = icmp eq i32 (%struct.neighbour*)* %200, null br i1 %201, label %208, label %202 %209 = getelementptr inbounds %struct.net_device, %struct.net_device* %2, i64 0, i32 16 %210 = load %struct.net_device_ops*, %struct.net_device_ops** %209, align 8 %211 = getelementptr inbounds %struct.net_device_ops, %struct.net_device_ops* %210, i64 0, i32 50 %212 = load i32 (%struct.net_device*, %struct.neighbour*)*, i32 (%struct.net_device*, %struct.neighbour*)** %211, align 8 %213 = icmp eq i32 (%struct.net_device*, %struct.neighbour*)* %212, null br i1 %213, label %220, label %214 %221 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 2 %222 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %223 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %222, i64 0, i32 3 %224 = load i32 (%struct.neighbour*)*, i32 (%struct.neighbour*)** %223, align 8 %225 = icmp eq i32 (%struct.neighbour*)* %224, null br i1 %225, label %234, label %226 %227 = tail call i32 %224(%struct.neighbour* nonnull %173) #78 %228 = icmp slt i32 %227, 0 br i1 %228, label %231, label %229 %230 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 br label %234 %235 = phi %struct.neigh_parms* [ %230, %229 ], [ %222, %220 ] %236 = load volatile i64, i64* @jiffies, align 64 %237 = getelementptr %struct.neigh_parms, %struct.neigh_parms* %235, i64 0, i32 10, i64 5 %238 = load i32, i32* %237, align 4 %239 = shl i32 %238, 1 %240 = sext i32 %239 to i64 %241 = sub i64 %236, %240 %242 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 3 store i64 %241, i64* %242, align 8 %243 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %243) #78 %244 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 29 %245 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %246 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 23, i32 0 %247 = load volatile i32, i32* %246, align 4 %248 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %245, i64 0, i32 1 %249 = load i32, i32* %248, align 8 %250 = shl nuw i32 1, %249 %251 = icmp sgt i32 %247, %250 br i1 %251, label %252, label %302 %253 = add i32 %249, 1 %254 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 28 %255 = load %struct.neigh_statistics*, %struct.neigh_statistics** %254, align 8 %256 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %255, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %256, i64* %256) #6, !srcloc !22 %257 = load %struct.neigh_hash_table*, %struct.neigh_hash_table** %244, align 8 %258 = tail call fastcc %struct.neigh_hash_table* @neigh_hash_alloc(i32 %253) #78 %259 = icmp eq %struct.neigh_hash_table* %258, null br i1 %259, label %302, label %260 %261 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 1 %262 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 0 %263 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %264 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 2, i64 0 %265 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 1 %266 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %258, i64 0, i32 0 br label %267 %268 = phi i32 [ 0, %260 ], [ %296, %295 ] %269 = load %struct.neighbour**, %struct.neighbour*** %262, align 8 %270 = zext i32 %268 to i64 %271 = getelementptr %struct.neighbour*, %struct.neighbour** %269, i64 %270 %272 = load %struct.neighbour*, %struct.neighbour** %271, align 8 %273 = icmp eq %struct.neighbour* %272, null br i1 %273, label %295, label %274 %275 = phi %struct.neighbour* [ %285, %274 ], [ %272, %267 ] %276 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %263, align 8 %277 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 26, i64 0 %278 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 25 %279 = load %struct.net_device*, %struct.net_device** %278, align 8 %280 = tail call i32 %276(i8* %277, %struct.net_device* %279, i32* %264) #78 %281 = load i32, i32* %265, align 8 %282 = sub i32 32, %281 %283 = lshr i32 %280, %282 %284 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %275, i64 0, i32 0 %285 = load %struct.neighbour*, %struct.neighbour** %284, align 8 %286 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %287 = zext i32 %283 to i64 %288 = getelementptr %struct.neighbour*, %struct.neighbour** %286, i64 %287 %289 = bitcast %struct.neighbour** %288 to i64* %290 = load i64, i64* %289, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %291 = bitcast %struct.neighbour* %275 to i64* store volatile i64 %290, i64* %291, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %292 = load %struct.neighbour**, %struct.neighbour*** %266, align 8 %293 = getelementptr %struct.neighbour*, %struct.neighbour** %292, i64 %287 store volatile %struct.neighbour* %275, %struct.neighbour** %293, align 8 %294 = icmp eq %struct.neighbour* %285, null br i1 %294, label %295, label %274 %296 = add i32 %268, 1 %297 = load i32, i32* %261, align 8 %298 = lshr i32 %296, %297 %299 = icmp eq i32 %298, 0 br i1 %299, label %267, label %300 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 store volatile %struct.neigh_hash_table* %258, %struct.neigh_hash_table** %244, align 8 %301 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %257, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %301, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #78 br label %302 %303 = phi %struct.neigh_hash_table* [ %245, %234 ], [ %258, %300 ], [ %257, %252 ] %304 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 4 %305 = load i32 (i8*, %struct.net_device*, i32*)*, i32 (i8*, %struct.net_device*, i32*)** %304, align 8 %306 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 2, i64 0 %307 = tail call i32 %305(i8* %191, %struct.net_device* %2, i32* %306) #78 %308 = load %struct.neigh_parms*, %struct.neigh_parms** %221, align 8 %309 = getelementptr inbounds %struct.neigh_parms, %struct.neigh_parms* %308, i64 0, i32 6 %310 = load i32, i32* %309, align 8 %311 = icmp eq i32 %310, 0 br i1 %311, label %312, label %382 %313 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 1 %314 = load i32, i32* %313, align 8 %315 = sub i32 32, %314 %316 = lshr i32 %307, %315 %317 = getelementptr inbounds %struct.neigh_hash_table, %struct.neigh_hash_table* %303, i64 0, i32 0 %318 = load %struct.neighbour**, %struct.neighbour*** %317, align 8 %319 = zext i32 %316 to i64 %320 = getelementptr %struct.neighbour*, %struct.neighbour** %318, i64 %319 %321 = load %struct.neighbour*, %struct.neighbour** %320, align 8 %322 = icmp eq %struct.neighbour* %321, null br i1 %322, label %348, label %323 %324 = phi %struct.neighbour* [ %346, %344 ], [ %321, %312 ] %325 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 25 %326 = load %struct.net_device*, %struct.net_device** %325, align 8 %327 = icmp eq %struct.net_device* %326, %2 br i1 %327, label %328, label %344 %329 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 26, i64 0 %330 = tail call i32 @bcmp(i8* %329, i8* %191, i64 %192) %331 = icmp eq i32 %330, 0 br i1 %331, label %332, label %344 br i1 %5, label %333, label %382 %334 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %324, i64 0, i32 6 %335 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %334, i64 0, i32 0, i32 0 %336 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %335, i32 1, i32* %335) #6, !srcloc !9 %337 = icmp eq i32 %336, 0 br i1 %337, label %338, label %339, !prof !10, !misexpect !11 %340 = add i32 %336, 1 %341 = or i32 %340, %336 %342 = icmp sgt i32 %341, -1 br i1 %342, label %382, label %343, !prof !12, !misexpect !11 tail call void @refcount_warn_saturate(%struct.seqcount_spinlock* %334, i32 1) #78 br label %382 %383 = phi %struct.neighbour* [ %324, %332 ], [ inttoptr (i64 -22 to %struct.neighbour*), %302 ], [ %324, %338 ], [ %324, %339 ], [ %324, %343 ] tail call void @_raw_write_unlock_bh(%struct.rwlock_t* %243) #78 br label %384 %385 = phi %struct.neighbour* [ %207, %205 ], [ %219, %217 ], [ %233, %231 ], [ %383, %382 ] br i1 %4, label %388, label %386 %387 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %0, i64 0, i32 24, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %387, i32* %387) #6, !srcloc !15 br label %388 %389 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %173, i64 0, i32 6 %390 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %389, i64 0, i32 0, i32 0 %391 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %390, i32 -1, i32* %390) #6, !srcloc !28 %392 = icmp eq i32 %391, 1 br i1 %392, label %398, label %393 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !29 tail call void @neigh_destroy(%struct.neighbour* nonnull %173) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 fib_detect_death 5 fib_select_path 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 ipip6_tunnel_bind_dev 9 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2264 %3 = bitcast i8* %2 to %struct.net_device.868104** store %struct.net_device.868104* %0, %struct.net_device.868104** %3, align 8 %4 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 109, i32 0 %5 = bitcast %struct.net.867996** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2328 %10 = getelementptr inbounds %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #78 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.868104* %0) #78 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2376 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2372 %10 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2272 %11 = bitcast i8* %10 to %struct.net.867996** %12 = load %struct.net.867996*, %struct.net.867996** %11, align 8 %13 = bitcast i8* %9 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2361 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.868104, %struct.net_device.868104* %0, i64 0, i32 0, i64 2344 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.raw_hdlc_proto* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.867947* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.867947* (%struct.net.867996*, %struct.flowi4*, %struct.sock.867890*)*)(%struct.net.867996* %12, %struct.flowi4* nonnull %2, %struct.sock.867890* null) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 fib_detect_death 5 fib_select_path 6 ip_route_output_key_hash_rcu 7 ip_route_output_flow 8 ip4_datagram_release_cb ------------- Path:  Function:ip4_datagram_release_cb %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.sock.855719* %0 to %struct.inet_sock.855742* %4 = bitcast %struct.sock.855719* %0 to i32* %5 = load i32, i32* %4, align 8 %6 = bitcast %struct.flowi4* %2 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 18 %8 = load volatile %struct.dst_entry.855421*, %struct.dst_entry.855421** %7, align 8 %9 = icmp eq %struct.dst_entry.855421* %8, null br i1 %9, label %21, label %10 %11 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 8 %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %21, label %14 %15 = getelementptr inbounds %struct.dst_entry.855421, %struct.dst_entry.855421* %8, i64 0, i32 1 %16 = load %struct.dst_ops.855422*, %struct.dst_ops.855422** %15, align 8 %17 = getelementptr inbounds %struct.dst_ops.855422, %struct.dst_ops.855422* %16, i64 0, i32 3 %18 = load %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)*, %struct.dst_entry.855421* (%struct.dst_entry.855421*, i32)** %17, align 16 %19 = tail call %struct.dst_entry.855421* %18(%struct.dst_entry.855421* nonnull %8, i32 0) #78 %20 = icmp eq %struct.dst_entry.855421* %19, null br i1 %20, label %22, label %21 %23 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 3 %24 = bitcast i16* %23 to %struct.ip_options_rcu** %25 = load volatile %struct.ip_options_rcu*, %struct.ip_options_rcu** %24, align 8 %26 = icmp eq %struct.ip_options_rcu* %25, null br i1 %26, label %34, label %27 %28 = getelementptr inbounds %struct.ip_options_rcu, %struct.ip_options_rcu* %25, i64 0, i32 1, i32 3 %29 = load i8, i8* %28, align 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %34, label %31 %35 = phi i32 [ %33, %31 ], [ %5, %27 ], [ %5, %22 ] %36 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 9, i32 0 %37 = load %struct.net.855450*, %struct.net.855450** %36, align 8 %38 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 1, i32 0 %39 = load i32, i32* %38, align 8 %40 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 2 %41 = bitcast %struct.kuid_t* %40 to i16* %42 = load i16, i16* %41, align 4 %43 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7 %44 = bitcast %union.anon.48* %43 to i16* %45 = load i16, i16* %44, align 8 %46 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 48 %47 = load i16, i16* %46, align 4 %48 = trunc i16 %47 to i8 %49 = getelementptr inbounds %struct.inet_sock.855742, %struct.inet_sock.855742* %3, i64 0, i32 8 %50 = load i8, i8* %49, align 4 %51 = and i8 %50, 30 %52 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 13, i32 0 %53 = load volatile i64, i64* %52, align 8 %54 = lshr i64 %53, 13 %55 = trunc i64 %54 to i8 %56 = and i8 %55, 1 %57 = or i8 %56, %51 %58 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 0, i32 6 %59 = load i32, i32* %58, align 4 %60 = icmp eq %struct.sock.855719* %0, null br i1 %60, label %90, label %61 %62 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 34 %63 = load i32, i32* %62, align 4 %64 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 1, i32 0, i32 7, i32 0, i32 1 %65 = bitcast %struct.hlist_node*** %64 to i16* %66 = load i16, i16* %65, align 8 %67 = and i16 %66, 40 %68 = icmp ne i16 %67, 0 %69 = zext i1 %68 to i8 %70 = getelementptr inbounds %struct.sock.855719, %struct.sock.855719* %0, i64 0, i32 57, i32 0 %71 = load i32, i32* %70, align 8 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %59, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %73, align 4 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 %63, i32* %74, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %57, i8* %75, align 4 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %76, align 1 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 %48, i8* %77, align 2 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 store i8 %69, i8* %78, align 1 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 7 store i32 0, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %80, align 8 %81 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 8, i32 0 store i32 %71, i32* %81, align 4 %82 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %35, i32* %82, align 4 %83 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %39, i32* %83, align 8 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %85 = bitcast %struct.kuid_t* %84 to %struct.raw_hdlc_proto* %86 = bitcast %struct.kuid_t* %84 to i16* store i16 %42, i16* %86, align 8 %87 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %85, i64 0, i32 1 store i16 %45, i16* %87, align 2 %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %88, align 8 %89 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0 call void bitcast (void (%struct.sock*, %struct.flowi_common*)* @security_sk_classify_flow to void (%struct.sock.855719*, %struct.flowi_common*)*)(%struct.sock.855719* nonnull %0, %struct.flowi_common* nonnull %89) #78 br label %105 %106 = call %struct.rtable.855722* bitcast (%struct.rtable.836556* (%struct.net.836644*, %struct.flowi4*, %struct.sock.836948*)* @ip_route_output_flow to %struct.rtable.855722* (%struct.net.855450*, %struct.flowi4*, %struct.sock.855719*)*)(%struct.net.855450* %37, %struct.flowi4* nonnull %2, %struct.sock.855719* %0) #78 Function:ip_route_output_flow %4 = alloca %struct.fib_result.837080, align 8 %5 = bitcast %struct.fib_result.837080* %4 to i8* %6 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %6, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %8 = load i8, i8* %7, align 4 %9 = and i8 %8, 28 store i8 %9, i8* %7, align 4 %10 = and i8 %8, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.836556* @ip_route_output_key_hash_rcu(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, %struct.sk_buff.836958* null) #78 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %180, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %86, label %43 %44 = tail call %struct.net_device.837070* bitcast (%struct.net_device.763141* (%struct.net.762977*, i32)* @dev_get_by_index_rcu to %struct.net_device.837070* (%struct.net.836644*, i32)*)(%struct.net.836644* %0, i32 %41) #78 %45 = icmp eq %struct.net_device.837070* %44, null br i1 %45, label %180, label %46 %47 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 14 %48 = load i32, i32* %47, align 64 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %180, label %51 %52 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %44, i64 0, i32 67 %53 = load volatile %struct.in_device.837027*, %struct.in_device.837027** %52, align 8 %54 = icmp eq %struct.in_device.837027* %53, null br i1 %54, label %180, label %55 %56 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %57 = load i32, i32* %56, align 4 %58 = and i32 %57, 16777215 %59 = icmp eq i32 %58, 224 %60 = icmp eq i32 %57, -1 %61 = or i1 %60, %59 br i1 %61, label %66, label %62 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %64 = load i8, i8* %63, align 2 %65 = icmp eq i8 %64, 2 br i1 %65, label %66, label %71 %72 = load i32, i32* %7, align 8 %73 = icmp eq i32 %72, 0 br i1 %73, label %74, label %86 %75 = and i32 %57, 240 %76 = icmp eq i32 %75, 224 br i1 %76, label %77, label %82 %83 = icmp eq i32 %57, 0 br i1 %83, label %84, label %86 %87 = phi %struct.net_device.837070* [ %44, %71 ], [ %44, %77 ], [ %44, %82 ], [ %44, %84 ], [ null, %40 ] %88 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %89 = load i32, i32* %88, align 4 %90 = icmp eq i32 %89, 0 br i1 %90, label %91, label %99 %100 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %0, i64 0, i32 34, i32 14 %101 = load i8, i8* %100, align 4, !range !4 %102 = icmp eq i8 %101, 0 br i1 %102, label %105, label %103 %104 = tail call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %0, %struct.flowi4* %1, %struct.fib_result.837080* %2, i32 1) #78 br label %126 %127 = phi i32 [ %104, %103 ], [ %125, %124 ] %128 = icmp eq i32 %127, 0 br i1 %128, label %144, label %129 %145 = getelementptr inbounds %struct.fib_result.837080, %struct.fib_result.837080* %2, i64 0, i32 3 %146 = load i8, i8* %145, align 2 %147 = icmp eq i8 %146, 2 br i1 %147, label %148, label %170 tail call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %0, %struct.fib_result.837080* %2, %struct.flowi4* %1, %struct.sk_buff.836958* %3) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 neigh_destroy 4 fib_detect_death 5 fib_select_path 6 __ip_rt_update_pmtu 7 ip_rt_update_pmtu ------------- Path:  Function:ip_rt_update_pmtu %6 = alloca %struct.flowi4, align 8 %7 = bitcast %struct.flowi4* %6 to i8* %8 = icmp eq %struct.sk_buff.836958* %2, null br i1 %8, label %85, label %9 %10 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %11 = load %struct.net_device.837070*, %struct.net_device.837070** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 40 %13 = load i8*, i8** %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 35 %15 = load i16, i16* %14, align 4 %16 = zext i16 %15 to i64 %17 = getelementptr i8, i8* %13, i64 %16 %18 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %11, i64 0, i32 17 %19 = load i32, i32* %18, align 16 %20 = getelementptr inbounds i8, i8* %17, i64 1 %21 = load i8, i8* %20, align 1 %22 = and i8 %21, 30 %23 = getelementptr inbounds i8, i8* %17, i64 9 %24 = load i8, i8* %23, align 1 %25 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 28, i32 0 %26 = load i32, i32* %25, align 4 %27 = icmp eq %struct.sock.836948* %1, null br i1 %27, label %56, label %28 %29 = bitcast %struct.sock.836948* %1 to %struct.inet_sock.837117* %30 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 6 %31 = load i32, i32* %30, align 4 %32 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 34 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.inet_sock.837117, %struct.inet_sock.837117* %29, i64 0, i32 8 %35 = load i8, i8* %34, align 4 %36 = and i8 %35, 30 %37 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 0, i32 13, i32 0 %38 = load volatile i64, i64* %37, align 8 %39 = lshr i64 %38, 13 %40 = trunc i64 %39 to i8 %41 = and i8 %40, 1 %42 = or i8 %41, %36 %43 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 1, i32 0, i32 7, i32 0, i32 1 %44 = bitcast %struct.hlist_node*** %43 to i16* %45 = load i16, i16* %44, align 8 %46 = and i16 %45, 8 %47 = icmp eq i16 %46, 0 br i1 %47, label %48, label %52 %49 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 48 %50 = load i16, i16* %49, align 4 %51 = trunc i16 %50 to i8 br label %52 %53 = phi i8 [ -1, %28 ], [ %51, %48 ] %54 = getelementptr inbounds %struct.sock.836948, %struct.sock.836948* %1, i64 0, i32 57, i32 0 %55 = load i32, i32* %54, align 8 br label %56 %57 = phi i32 [ %31, %52 ], [ %19, %9 ] %58 = phi i8 [ %42, %52 ], [ %22, %9 ] %59 = phi i8 [ %53, %52 ], [ %24, %9 ] %60 = phi i32 [ %33, %52 ], [ %26, %9 ] %61 = phi i32 [ %55, %52 ], [ 0, %9 ] %62 = getelementptr inbounds i8, i8* %17, i64 16 %63 = bitcast i8* %62 to i32* %64 = load i32, i32* %63, align 4 %65 = getelementptr inbounds i8, i8* %17, i64 12 %66 = bitcast i8* %65 to i32* %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 0 store i32 %57, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 1 store i32 1, i32* %69, align 4 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 2 store i32 %60, i32* %70, align 8 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 store i8 %58, i8* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 0, i8* %72, align 1 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 5 store i8 %59, i8* %73, align 2 %74 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 6 store i8 0, i8* %74, align 1 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 7 store i32 0, i32* %75, align 8 %76 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %76, align 8 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 8, i32 0 store i32 %61, i32* %77, align 4 %78 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 2 store i32 %64, i32* %78, align 4 %79 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 1 store i32 %67, i32* %79, align 8 %80 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 3 %81 = bitcast %struct.kuid_t* %80 to %struct.raw_hdlc_proto* %82 = bitcast %struct.kuid_t* %80 to i16* store i16 0, i16* %82, align 8 %83 = getelementptr inbounds %struct.raw_hdlc_proto, %struct.raw_hdlc_proto* %81, i64 0, i32 1 store i16 0, i16* %83, align 2 %84 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 10 store i32 0, i32* %84, align 8 br label %150 %151 = phi i8 [ %58, %56 ], [ %125, %119 ] %152 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 3 %153 = and i8 %151, 28 store i8 %153, i8* %152, align 4 %154 = and i8 %151, 1 %155 = icmp eq i8 %154, 0 %156 = select i1 %155, i8 0, i8 -3 %157 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %6, i64 0, i32 0, i32 4 store i8 %156, i8* %157, align 1 br i1 %8, label %167, label %158 %159 = getelementptr inbounds %struct.sk_buff.836958, %struct.sk_buff.836958* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %160 = load %struct.net_device.837070*, %struct.net_device.837070** %159, align 8 %161 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %160, i64 0, i32 15 %162 = load i32, i32* %161, align 4 %163 = and i32 %162, 1536 %164 = icmp eq i32 %163, 0 br i1 %164, label %167, label %165 %168 = bitcast %struct.dst_entry.836531* %0 to %struct.rtable.836556* call fastcc void @__ip_rt_update_pmtu(%struct.rtable.836556* %168, %struct.flowi4* nonnull %6, i32 %3) #79 Function:__ip_rt_update_pmtu %4 = alloca %struct.fib_result.837080, align 8 %5 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 0 %6 = load %struct.net_device.837070*, %struct.net_device.837070** %5, align 8 %7 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 109, i32 0 %8 = load %struct.net.836644*, %struct.net.836644** %7, align 8 %9 = bitcast %struct.fib_result.837080* %4 to i8* %10 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 9 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %103 %15 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to i32* %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %103 %23 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 35 %24 = load volatile i8, i8* %23, align 8 %25 = lshr i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %33, label %27 %28 = load volatile i64, i64* @jiffies, align 64 %29 = getelementptr inbounds %struct.rtable.836556, %struct.rtable.836556* %0, i64 0, i32 0, i32 3 %30 = load i64, i64* %29, align 8 %31 = sub i64 %28, %30 %32 = icmp slt i64 %31, 0 br i1 %32, label %40, label %33 %34 = getelementptr i32, i32* %18, i64 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %40 %38 = getelementptr inbounds %struct.net_device.837070, %struct.net_device.837070* %6, i64 0, i32 20 %39 = load volatile i32, i32* %38, align 8 br label %40 %41 = phi i32 [ %25, %27 ], [ %35, %33 ], [ %39, %37 ] %42 = icmp ult i32 %41, 65535 %43 = select i1 %42, i32 %41, i32 65535 %44 = icmp ult i32 %43, %2 br i1 %44, label %103, label %45 %46 = load i32, i32* @ip_rt_min_pmtu, align 4 %47 = icmp ugt i32 %46, %2 %48 = icmp ult i32 %43, %46 %49 = select i1 %48, i32 %43, i32 %46 %50 = select i1 %47, i32 %49, i32 %2 %51 = icmp ne i32 %25, %50 %52 = or i1 %47, %51 br i1 %52, label %63, label %53 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %64 = getelementptr inbounds %struct.net.836644, %struct.net.836644* %8, i64 0, i32 34, i32 14 %65 = load i8, i8* %64, align 4, !range !5 %66 = icmp eq i8 %65, 0 br i1 %66, label %69, label %67 %68 = call i32 bitcast (i32 (%struct.net.767947*, %struct.flowi4*, %struct.fib_result*, i32)* @__fib_lookup to i32 (%struct.net.836644*, %struct.flowi4*, %struct.fib_result.837080*, i32)*)(%struct.net.836644* %8, %struct.flowi4* %1, %struct.fib_result.837080* nonnull %4, i32 1) #78 br label %90 %91 = phi i32 [ %68, %67 ], [ %89, %88 ] %92 = icmp eq i32 %91, 0 br i1 %92, label %93, label %102 call void bitcast (void (%struct.net.767947*, %struct.fib_result*, %struct.flowi4*, %struct.sk_buff.767837*)* @fib_select_path to void (%struct.net.836644*, %struct.fib_result.837080*, %struct.flowi4*, %struct.sk_buff.836958*)*)(%struct.net.836644* %8, %struct.fib_result.837080* nonnull %4, %struct.flowi4* %1, %struct.sk_buff.836958* null) #78 Function:fib_select_path %5 = alloca %struct.fib_info.767725*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %15, label %10 %11 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %12 = load i8, i8* %11, align 1 %13 = and i8 %12, 4 %14 = icmp eq i8 %13, 0 br i1 %14, label %317, label %15 %16 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 7 %17 = load %struct.fib_info.767725*, %struct.fib_info.767725** %16, align 8 %18 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 18 %19 = load %struct.nexthop.767730*, %struct.nexthop.767730** %18, align 8 %20 = icmp eq %struct.nexthop.767730* %19, null br i1 %20, label %36, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 9 %23 = load i8, i8* %22, align 2, !range !6 %24 = icmp eq i8 %23, 0 br i1 %24, label %44, label %25 %26 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %19, i64 0, i32 12 %27 = bitcast %union.anon.65.767729* %26 to %struct.nh_group** %28 = load volatile %struct.nh_group*, %struct.nh_group** %27, align 8 %29 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %28, i64 0, i32 2 %30 = load i8, i8* %29, align 2, !range !6 %31 = icmp eq i8 %30, 0 br i1 %31, label %44, label %32 %45 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 1 %46 = load i8, i8* %45, align 4 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %317 %49 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 8 %50 = load %struct.fib_table*, %struct.fib_table** %49, align 8 %51 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 2 %52 = load i32, i32* %51, align 4 %53 = icmp sgt i32 %52, 1 br i1 %53, label %54, label %317 %55 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 3 %56 = load i8, i8* %55, align 2 %57 = icmp eq i8 %56, 1 br i1 %57, label %58, label %317 %59 = bitcast %struct.fib_info.767725** %5 to i8* store %struct.fib_info.767725* null, %struct.fib_info.767725** %5, align 8 %60 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 9 %61 = load %struct.hlist_head*, %struct.hlist_head** %60, align 8 %62 = bitcast i32* %6 to i8* store i32 -1, i32* %6, align 4 %63 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %17, i64 0, i32 13 %64 = load i32, i32* %63, align 8 %65 = getelementptr inbounds %struct.hlist_head, %struct.hlist_head* %61, i64 0, i32 0 %66 = load volatile %struct.hlist_node*, %struct.hlist_node** %65, align 8 %67 = icmp eq %struct.hlist_node* %66, null br i1 %67, label %316, label %68 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 %70 = getelementptr inbounds %struct.fib_table, %struct.fib_table* %50, i64 0, i32 1 %71 = getelementptr inbounds %struct.fib_result, %struct.fib_result* %1, i64 0, i32 4 br label %72 %73 = phi %struct.hlist_node* [ %66, %68 ], [ %223, %216 ] %74 = phi %struct.fib_info.767725* [ null, %68 ], [ %221, %216 ] %75 = phi i32 [ -1, %68 ], [ %220, %216 ] %76 = phi %struct.fib_alias.864341* [ null, %68 ], [ %219, %216 ] %77 = phi i32 [ %64, %68 ], [ %218, %216 ] %78 = phi i8 [ 0, %68 ], [ %217, %216 ] %79 = bitcast %struct.hlist_node* %73 to %struct.fib_alias.864341* %80 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1 %81 = bitcast %struct.hlist_node* %80 to %struct.fib_info.767725** %82 = load %struct.fib_info.767725*, %struct.fib_info.767725** %81, align 8 %83 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 5 %84 = load i8, i8* %83, align 1 %85 = icmp eq i8 %84, 32 br i1 %85, label %86, label %216 %87 = getelementptr inbounds %struct.hlist_node, %struct.hlist_node* %73, i64 1, i32 1 %88 = bitcast %struct.hlist_node*** %87 to i8* %89 = load i8, i8* %88, align 8 %90 = icmp eq i8 %89, 0 br i1 %90, label %94, label %91 %92 = load i8, i8* %69, align 4 %93 = icmp eq i8 %89, %92 br i1 %93, label %94, label %216 %95 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 6 %96 = load i32, i32* %95, align 4 %97 = load i32, i32* %70, align 8 %98 = icmp eq i32 %96, %97 br i1 %98, label %99, label %216 %100 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 13 %101 = load i32, i32* %100, align 8 %102 = icmp ugt i32 %101, %77 %103 = icmp eq i8 %89, %78 %104 = and i1 %103, %102 br i1 %104, label %105, label %107 %108 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 6 %109 = load i32, i32* %108, align 8 %110 = and i32 %109, 1 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %216 %113 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 9 %114 = load i8, i8* %113, align 2 %115 = load i8, i8* %71, align 1 %116 = icmp eq i8 %114, %115 br i1 %116, label %117, label %216 %118 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 3 %119 = load i8, i8* %118, align 1 %120 = icmp eq i8 %119, 1 br i1 %120, label %121, label %216 %122 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 18 %123 = load %struct.nexthop.767730*, %struct.nexthop.767730** %122, align 8 %124 = icmp eq %struct.nexthop.767730* %123, null br i1 %124, label %149, label %125, !prof !4, !misexpect !5 %150 = getelementptr %struct.fib_info.767725, %struct.fib_info.767725* %82, i64 0, i32 20, i64 0, i32 0 br label %151 %152 = phi %struct.fib_nh_common.767724* [ %150, %149 ], [ %148, %144 ], [ null, %140 ], [ null, %136 ] %153 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 4 %154 = load i8, i8* %153, align 2 %155 = icmp eq i8 %154, 0 br i1 %155, label %216, label %156 %157 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %152, i64 0, i32 2 %158 = load i8, i8* %157, align 4 %159 = icmp eq i8 %158, -3 br i1 %159, label %160, label %216 %161 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %79, i64 0, i32 4 %162 = load i8, i8* %161, align 2 %163 = and i8 %162, 1 %164 = icmp eq i8 %163, 0 br i1 %164, label %165, label %167 %166 = or i8 %162, 1 store i8 %166, i8* %161, align 2 br label %167 %168 = icmp eq %struct.fib_info.767725* %74, null br i1 %168, label %169, label %172 %173 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %76, i64 0, i32 7 %174 = load i16, i16* %173, align 8 %175 = sext i16 %174 to i32 %176 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %74, i32 %75, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %175) #78 %177 = icmp eq i32 %176, 0 br i1 %177, label %178, label %209 %210 = phi %struct.fib_alias.864341* [ %76, %172 ], [ %79, %169 ] %211 = add i32 %75, 1 br label %216 %217 = phi i8 [ %89, %151 ], [ %89, %156 ], [ %89, %112 ], [ %89, %117 ], [ %78, %107 ], [ %78, %105 ], [ %78, %94 ], [ %78, %91 ], [ %78, %72 ], [ %89, %209 ] %218 = phi i32 [ %101, %151 ], [ %101, %156 ], [ %101, %112 ], [ %101, %117 ], [ %77, %107 ], [ %77, %105 ], [ %77, %94 ], [ %77, %91 ], [ %77, %72 ], [ %101, %209 ] %219 = phi %struct.fib_alias.864341* [ %76, %151 ], [ %76, %156 ], [ %76, %112 ], [ %76, %117 ], [ %76, %107 ], [ %76, %105 ], [ %76, %94 ], [ %76, %91 ], [ %76, %72 ], [ %210, %209 ] %220 = phi i32 [ %75, %151 ], [ %75, %156 ], [ %75, %112 ], [ %75, %117 ], [ %75, %107 ], [ %75, %105 ], [ %75, %94 ], [ %75, %91 ], [ %75, %72 ], [ %211, %209 ] %221 = phi %struct.fib_info.767725* [ %74, %151 ], [ %74, %156 ], [ %74, %112 ], [ %74, %117 ], [ %74, %107 ], [ %74, %105 ], [ %74, %94 ], [ %74, %91 ], [ %74, %72 ], [ %82, %209 ] %222 = getelementptr %struct.hlist_node, %struct.hlist_node* %73, i64 0, i32 0 %223 = load volatile %struct.hlist_node*, %struct.hlist_node** %222, align 8 %224 = icmp eq %struct.hlist_node* %223, null br i1 %224, label %225, label %72 %226 = phi %struct.fib_alias.864341* [ %219, %216 ], [ %76, %105 ] %227 = phi i32 [ %220, %216 ], [ %75, %105 ] %228 = phi %struct.fib_info.767725* [ %221, %216 ], [ %74, %105 ] %229 = icmp sgt i32 %227, 0 %230 = icmp ne %struct.fib_info.767725* %228, null %231 = and i1 %229, %230 br i1 %231, label %237, label %232 %238 = getelementptr inbounds %struct.fib_alias.864341, %struct.fib_alias.864341* %226, i64 0, i32 7 %239 = load i16, i16* %238, align 8 %240 = sext i16 %239 to i32 %241 = call fastcc i32 @fib_detect_death(%struct.fib_info.767725* nonnull %228, i32 %227, %struct.fib_info.767725** nonnull %5, i32* nonnull %6, i32 %240) #78 Function:fib_detect_death %6 = getelementptr inbounds %struct.fib_info.767725, %struct.fib_info.767725* %0, i64 0, i32 18 %7 = load %struct.nexthop.767730*, %struct.nexthop.767730** %6, align 8 %8 = icmp eq %struct.nexthop.767730* %7, null br i1 %8, label %33, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 9 %11 = load i8, i8* %10, align 2, !range !6 %12 = icmp eq i8 %11, 0 br i1 %12, label %28, label %13 %14 = getelementptr inbounds %struct.nexthop.767730, %struct.nexthop.767730* %7, i64 0, i32 12 %15 = bitcast %union.anon.65.767729* %14 to %struct.nh_group** %16 = load volatile %struct.nh_group*, %struct.nh_group** %15, align 8 %17 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 2 %18 = load i8, i8* %17, align 2, !range !6 %19 = icmp eq i8 %18, 0 br i1 %19, label %28, label %20 %21 = getelementptr inbounds %struct.nh_group, %struct.nh_group* %16, i64 0, i32 1 %22 = load i16, i16* %21, align 8 %23 = icmp eq i16 %22, 0 br i1 %23, label %35, label %24 %36 = phi %struct.fib_nh_common.767724* [ %34, %33 ], [ %32, %28 ], [ null, %24 ], [ null, %20 ] %37 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 4 %38 = load i8, i8* %37, align 2 switch i8 %38, label %86 [ i8 2, label %39 i8 10, label %45 ], !prof !7 %46 = load %struct.ipv6_stub*, %struct.ipv6_stub** bitcast (%struct.ipv6_stub.934474** @ipv6_stub to %struct.ipv6_stub**), align 8 %47 = getelementptr inbounds %struct.ipv6_stub, %struct.ipv6_stub* %46, i64 0, i32 20 %48 = load %struct.neigh_table.767594*, %struct.neigh_table.767594** %47, align 8 %49 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 7, i32 0 %50 = bitcast %struct.in6_addr* %49 to i8* %51 = getelementptr inbounds %struct.fib_nh_common.767724, %struct.fib_nh_common.767724* %36, i64 0, i32 0 %52 = load %struct.net_device.767824*, %struct.net_device.767824** %51, align 8 %53 = tail call %struct.neighbour.767598* bitcast (%struct.neighbour* (%struct.neigh_table*, i8*, %struct.net_device*)* @neigh_lookup to %struct.neighbour.767598* (%struct.neigh_table.767594*, i8*, %struct.net_device.767824*)*)(%struct.neigh_table.767594* %48, i8* %50, %struct.net_device.767824* %52) #78 br label %54 %55 = phi %struct.neighbour.767598* [ %44, %39 ], [ %53, %45 ] %56 = icmp eq %struct.neighbour.767598* %55, null br i1 %56, label %86, label %57 %58 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 13 %59 = load i8, i8* %58, align 1 %60 = getelementptr inbounds %struct.neighbour.767598, %struct.neighbour.767598* %55, i64 0, i32 6 %61 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %60, i64 0, i32 0, i32 0 %62 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %61, i32 -1, i32* %61) #6, !srcloc !8 %63 = icmp eq i32 %62, 1 br i1 %63, label %69, label %64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour*)* @neigh_destroy to void (%struct.neighbour.767598*)*)(%struct.neighbour.767598* nonnull %55) #78 Function:neigh_destroy %2 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 25 %3 = load %struct.net_device*, %struct.net_device** %2, align 8 %4 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 1 %5 = load %struct.neigh_table*, %struct.neigh_table** %4, align 8 %6 = getelementptr inbounds %struct.neigh_table, %struct.neigh_table* %5, i64 0, i32 28 %7 = load %struct.neigh_statistics*, %struct.neigh_statistics** %6, align 8 %8 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %7, i64 0, i32 1 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 %9 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 15 %10 = load i8, i8* %9, align 1 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %14 %15 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 13 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 27 %18 = icmp eq i8 %17, 0 br i1 %18, label %36, label %19 %37 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %37) #79 %38 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8 %39 = getelementptr inbounds %struct.sk_buff_head, %struct.sk_buff_head* %38, i64 0, i32 0 %40 = load %struct.sk_buff*, %struct.sk_buff** %39, align 8 %41 = bitcast %struct.sk_buff_head* %38 to %struct.sk_buff* %42 = icmp eq %struct.sk_buff* %40, %41 %43 = icmp eq %struct.sk_buff* %40, null %44 = or i1 %42, %43 br i1 %44, label %62, label %45 %46 = getelementptr inbounds %struct.neighbour, %struct.neighbour* %0, i64 0, i32 8, i32 2 br label %47 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 %48 = phi %struct.sk_buff* [ %40, %45 ], [ %58, %47 ] %49 = load i32, i32* %46, align 8 %50 = add i32 %49, -1 store volatile i32 %50, i32* %46, align 8 %51 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 0 %52 = load %struct.sk_buff*, %struct.sk_buff** %51, align 8 %53 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %48, i64 0, i32 0, i32 0, i32 1 %54 = load %struct.sk_buff*, %struct.sk_buff** %53, align 8 %55 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %52, i64 0, i32 0, i32 0, i32 1 %56 = bitcast %struct.sk_buff* %48 to i8* store volatile %struct.sk_buff* %54, %struct.sk_buff** %55, align 8 %57 = getelementptr inbounds %struct.sk_buff, %struct.sk_buff* %54, i64 0, i32 0, i32 0, i32 0 store volatile %struct.sk_buff* %52, %struct.sk_buff** %57, align 8 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff*, i32)*)(%struct.sk_buff* nonnull %48, i32 0) #79 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 napi_gro_complete 4 busy_poll_stop 5 napi_busy_loop 6 tcp_recvmsg 7 inet6_recvmsg 8 sock_read_iter ------------- Path:  Function:sock_read_iter %3 = alloca %struct.msghdr.273589, align 8 %4 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 0 %5 = load %struct.file.273585*, %struct.file.273585** %4, align 8 %6 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.273619** %8 = load %struct.socket.273619*, %struct.socket.273619** %7, align 8 %9 = bitcast %struct.msghdr.273589* %3 to i8* %10 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 0 %11 = getelementptr %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = bitcast %struct.msghdr.273589* %3 to i8* %13 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 3 %14 = bitcast %union.anon.87* %13 to i64* store i64 0, i64* %14, align 8 %15 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 4 store i8 0, i8* %15, align 8 %16 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 5 store i64 0, i64* %16, align 8 %17 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 6 store i32 0, i32* %17, align 8 %18 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 7 store %struct.kiocb.273588* %0, %struct.kiocb.273588** %18, align 8 %19 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %5, i64 0, i32 7 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 2048 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 4 %25 = load i32, i32* %24, align 8 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %29, label %28 %30 = phi i32 [ 0, %23 ], [ 64, %28 ] %31 = getelementptr inbounds %struct.kiocb.273588, %struct.kiocb.273588* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %63 %35 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 4 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 0 br i1 %37, label %63, label %38 %39 = getelementptr inbounds %struct.msghdr.273589, %struct.msghdr.273589* %3, i64 0, i32 2, i32 4 %40 = load i64, i64* %39, align 8 %41 = trunc i64 %40 to i32 %42 = call i32 bitcast (i32 (%struct.socket*, %struct.msghdr*, i32, i32)* @security_socket_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i32, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i32 %41, i32 %30) #78 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %60 %45 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %8, i64 0, i32 5 %46 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %45, align 32 %47 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %46, i64 0, i32 18 %48 = load i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*, i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)** %47, align 8 %49 = icmp eq i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)* %48, bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*) br i1 %49, label %50, label %53, !prof !4, !misexpect !5 %51 = load i64, i64* %39, align 8 %52 = call i32 bitcast (i32 (%struct.socket.898026*, %struct.msghdr.897714*, i64, i32)* @inet6_recvmsg to i32 (%struct.socket.273619*, %struct.msghdr.273589*, i64, i32)*)(%struct.socket.273619* %8, %struct.msghdr.273589* nonnull %3, i64 %51, i32 %30) #78 Function:inet6_recvmsg %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.socket.898026, %struct.socket.898026* %0, i64 0, i32 4 %7 = load %struct.sock.898029*, %struct.sock.898029** %6, align 8 %8 = bitcast i32* %5 to i8* store i32 0, i32* %5, align 4 %9 = and i32 %3, 8192 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %38, !prof !4, !misexpect !5 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* @rfs_needed, i64 0, i32 0), i32 2, i8* blockaddress(@inet6_recvmsg, %12)) #6 to label %38 [label %12], !srcloc !6 %13 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 4 %14 = load volatile i8, i8* %13, align 2 %15 = icmp eq i8 %14, 1 br i1 %15, label %16, label %38 %17 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 21, i32 0 %18 = load i32, i32* %17, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = load volatile %struct.rps_sock_flow_table*, %struct.rps_sock_flow_table** @rps_sock_flow_table, align 8 %20 = icmp ne %struct.rps_sock_flow_table* %19, null %21 = icmp ne i32 %18, 0 %22 = and i1 %21, %20 br i1 %22, label %23, label %37 %24 = getelementptr inbounds %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 0 %25 = load i32, i32* %24, align 64 %26 = and i32 %25, %18 %27 = load i32, i32* @rps_cpu_mask, align 4 %28 = xor i32 %27, -1 %29 = and i32 %18, %28 %30 = tail call i32 asm sideeffect "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !8 %31 = or i32 %29, %30 %32 = zext i32 %26 to i64 %33 = getelementptr %struct.rps_sock_flow_table, %struct.rps_sock_flow_table* %19, i64 0, i32 2, i64 %32 %34 = load i32, i32* %33, align 4 %35 = icmp eq i32 %34, %31 br i1 %35, label %37, label %36 store i32 %31, i32* %33, align 4 br label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @rcu_read_unlock_strict() #78 br label %38 %39 = getelementptr inbounds %struct.sock.898029, %struct.sock.898029* %7, i64 0, i32 0, i32 8 %40 = load %struct.proto.898004*, %struct.proto.898004** %39, align 8 %41 = getelementptr inbounds %struct.proto.898004, %struct.proto.898004* %40, i64 0, i32 14 %42 = load i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*, i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)** %41, align 8 %43 = icmp eq i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)* %42, bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*) br i1 %43, label %44, label %48, !prof !4, !misexpect !5 %45 = and i32 %3, 64 %46 = and i32 %3, -65 %47 = call i32 bitcast (i32 (%struct.sock.845464*, %struct.msghdr.844936*, i64, i32, i32, i32*)* @tcp_recvmsg to i32 (%struct.sock.898029*, %struct.msghdr.897714*, i64, i32, i32, i32*)*)(%struct.sock.898029* %7, %struct.msghdr.897714* %1, i64 %2, i32 %45, i32 %46, i32* nonnull %5) #78 Function:tcp_recvmsg %7 = alloca i32, align 4 %8 = alloca i32, align 4 %9 = alloca %struct.scm_timestamping_internal, align 8 %10 = bitcast i32* %7 to i8* store i32 0, i32* %7, align 4 %11 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %12 = bitcast %struct.scm_timestamping_internal* %9 to i8* %13 = and i32 %4, 8192 %14 = icmp eq i32 %13, 0 br i1 %14, label %18, label %15, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 9 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %58, label %22 %23 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.845453** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.845453**)) #11, !srcloc !6 %24 = inttoptr i64 %23 to %struct.task_struct.845453* %25 = getelementptr inbounds %struct.task_struct.845453, %struct.task_struct.845453* %24, i64 0, i32 0, i32 0 %26 = load volatile i64, i64* %25, align 8 %27 = and i64 %26, 131072 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %58, !prof !4, !misexpect !5 %30 = load volatile i64, i64* %25, align 8 %31 = and i64 %30, 4 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %58 %34 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 6 %35 = getelementptr inbounds %struct.sk_buff_head.845036, %struct.sk_buff_head.845036* %34, i64 0, i32 0 %36 = load volatile %struct.sk_buff.845254*, %struct.sk_buff.845254** %35, align 8 %37 = bitcast %struct.sk_buff_head.845036* %34 to %struct.sk_buff.845254* %38 = icmp eq %struct.sk_buff.845254* %36, %37 br i1 %38, label %39, label %58 %40 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 0, i32 4 %41 = load volatile i8, i8* %40, align 2 %42 = icmp eq i8 %41, 1 br i1 %42, label %43, label %58 %44 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 10 %45 = load volatile i32, i32* %44, align 8 %46 = icmp ugt i32 %45, 64 br i1 %46, label %47, label %58 %48 = icmp eq i32 %3, 0 %49 = select i1 %48, i1 (i8*, i64)* @sk_busy_loop_end, i1 (i8*, i64)* null %50 = bitcast %struct.sock.845464* %0 to i8* %51 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 58 %52 = load volatile i8, i8* %51, align 4 %53 = icmp ne i8 %52, 0 %54 = getelementptr inbounds %struct.sock.845464, %struct.sock.845464* %0, i64 0, i32 59 %55 = load volatile i16, i16* %54, align 2 %56 = icmp eq i16 %55, 0 %57 = select i1 %56, i16 8, i16 %55 tail call void @napi_busy_loop(i32 %45, i1 (i8*, i64)* %49, i8* %50, i1 zeroext %53, i16 zeroext %57) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %125 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head* %126 = bitcast %struct.sk_buff.763154* %116 to %struct.list_head** %127 = load %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 0, i32 1 %129 = bitcast %struct.list_head** %128 to %struct.sk_buff.763154** store %struct.sk_buff.763154* %118, %struct.sk_buff.763154** %129, align 8 %130 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head** store volatile %struct.list_head* %127, %struct.list_head** %130, align 8 %131 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 0 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %131, align 8 tail call fastcc void @napi_gro_complete(%struct.napi_struct.763158* %0, %struct.sk_buff.763154* %116) #78 Function:napi_gro_complete %3 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 33 %4 = load i16, i16* %3, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 3, i64 20 %6 = bitcast i8* %5 to i16* %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 1 br i1 %8, label %9, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @offload_base, i64 0, i32 0), align 8 %20 = icmp eq %struct.list_head* %19, @offload_base br i1 %20, label %46, label %21 %22 = phi %struct.list_head* [ %44, %42 ], [ %19, %18 ] %23 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %24 = bitcast %struct.list_head* %23 to i16* %25 = load i16, i16* %24, align 8 %26 = icmp eq i16 %25, %4 br i1 %26, label %27, label %42 %28 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -1, i32 1 %29 = bitcast %struct.list_head** %28 to i32 (%struct.sk_buff.763154*, i32)** %30 = load i32 (%struct.sk_buff.763154*, i32)*, i32 (%struct.sk_buff.763154*, i32)** %29, align 8 %31 = icmp eq i32 (%struct.sk_buff.763154*, i32)* %30, null br i1 %31, label %42, label %32 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, @offload_base br i1 %45, label %46, label %21 %47 = phi i1 [ false, %34 ], [ false, %38 ], [ false, %40 ], [ true, %18 ], [ true, %42 ] %48 = phi i32 [ %35, %34 ], [ %39, %38 ], [ %41, %40 ], [ -2, %18 ], [ -2, %42 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 %49 = icmp eq i32 %48, 0 br i1 %49, label %53, label %50 br i1 %47, label %51, label %52, !prof !8, !misexpect !9 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.1.63505, i64 0, i64 0), i32 5887, i32 2305, i64 12) #6, !srcloc !10 br label %52 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %1, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 kfree_skb_reason 3 napi_gro_complete 4 busy_poll_stop 5 napi_busy_loop 6 sock_poll ------------- Path:  Function:sock_poll %3 = getelementptr inbounds %struct.file.273585, %struct.file.273585* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.socket.273619** %5 = load %struct.socket.273619*, %struct.socket.273619** %4, align 8 %6 = icmp eq %struct.poll_table_struct.273126* %1, null br i1 %6, label %11, label %7 %12 = phi i16 [ %10, %7 ], [ -1, %2 ] %13 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 5 %14 = load %struct.proto_ops.273618*, %struct.proto_ops.273618** %13, align 32 %15 = getelementptr inbounds %struct.proto_ops.273618, %struct.proto_ops.273618* %14, i64 0, i32 8 %16 = load i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)*, i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)** %15, align 8 %17 = icmp eq i32 (%struct.file.273585*, %struct.socket.273619*, %struct.poll_table_struct.273126*)* %16, null br i1 %17, label %58, label %18 %19 = getelementptr inbounds %struct.socket.273619, %struct.socket.273619* %5, i64 0, i32 4 %20 = load %struct.sock.273622*, %struct.sock.273622** %19, align 8 %21 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 9 %22 = load volatile i32, i32* %21, align 4 %23 = icmp eq i32 %22, 0 br i1 %23, label %53, label %24 %25 = tail call i64 asm "movq %gs:${1:P}, $0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273544** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273544**)) #11, !srcloc !4 %26 = inttoptr i64 %25 to %struct.task_struct.273544* %27 = getelementptr inbounds %struct.task_struct.273544, %struct.task_struct.273544* %26, i64 0, i32 0, i32 0 %28 = load volatile i64, i64* %27, align 8 %29 = and i64 %28, 131072 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %53, !prof !5, !misexpect !6 %32 = load volatile i64, i64* %27, align 8 %33 = and i64 %32, 4 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %53 %36 = icmp sgt i16 %12, -1 br i1 %36, label %53, label %37 %38 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 10 %39 = load volatile i32, i32* %38, align 8 %40 = icmp ugt i32 %39, 64 br i1 %40, label %41, label %53 %42 = bitcast %struct.sock.273622* %20 to i8* %43 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 58 %44 = load volatile i8, i8* %43, align 4 %45 = icmp ne i8 %44, 0 %46 = getelementptr inbounds %struct.sock.273622, %struct.sock.273622* %20, i64 0, i32 59 %47 = load volatile i16, i16* %46, align 2 %48 = icmp eq i16 %47, 0 %49 = select i1 %48, i16 8, i16 %47 tail call void @napi_busy_loop(i32 %39, i1 (i8*, i64)* null, i8* %42, i1 zeroext %45, i16 zeroext %49) #78 Function:napi_busy_loop %6 = icmp eq i1 (i8*, i64)* %1, null br i1 %6, label %11, label %7 %12 = phi i64 [ %10, %7 ], [ 0, %5 ] %13 = and i32 %0, 255 %14 = zext i32 %13 to i64 %15 = getelementptr [256 x %struct.hlist_head], [256 x %struct.hlist_head]* @napi_hash, i64 0, i64 %14, i32 0 %16 = zext i16 %4 to i32 br label %17 %18 = phi i8* [ null, %11 ], [ %119, %132 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load volatile %struct.hlist_node*, %struct.hlist_node** %15, align 8 %20 = icmp eq %struct.hlist_node* %19, null %21 = getelementptr %struct.hlist_node, %struct.hlist_node* %19, i64 -23 %22 = icmp eq %struct.hlist_node* %21, null %23 = or i1 %20, %22 br i1 %23, label %140, label %24 %25 = bitcast %struct.hlist_node* %21 to %struct.napi_struct.763158* br label %26 %27 = phi %struct.napi_struct.763158* [ %37, %31 ], [ %25, %24 ] %28 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 15 %29 = load i32, i32* %28, align 8 %30 = icmp eq i32 %29, %0 br i1 %30, label %39, label %31 %40 = icmp eq %struct.napi_struct.763158* %27, null br i1 %40, label %140, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %42 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 1 %43 = bitcast i64* %42 to i8* %44 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 7 %45 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 6 %46 = bitcast %struct.napi_struct.763158* %27 to i8* %47 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 5 %48 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 11 %49 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %49, i64 0, i32 0 %51 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %27, i64 0, i32 10, i32 1 br label %52 %53 = phi i8* [ %18, %41 ], [ %119, %135 ] %54 = phi i32 (%struct.napi_struct.763158*, i32)* [ null, %41 ], [ %118, %135 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %55 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %54, null br i1 %55, label %56, label %85 %57 = load volatile i64, i64* %42, align 8 %58 = and i64 %57, 69 %59 = icmp eq i64 %58, 0 br i1 %59, label %62, label %60 br i1 %3, label %61, label %117 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb ${1:b},$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %43, i32 128, i8* %43) #6, !srcloc !9 br label %117 %118 = phi i32 (%struct.napi_struct.763158*, i32)* [ %87, %109 ], [ %87, %107 ], [ null, %66 ], [ null, %67 ], [ null, %60 ], [ null, %61 ] %119 = phi i8* [ %86, %109 ], [ %86, %107 ], [ %53, %66 ], [ %53, %67 ], [ %53, %60 ], [ %53, %61 ] tail call fastcc void @local_bh_enable.63576() #79 br i1 %6, label %136, label %120 %121 = tail call zeroext i1 %1(i8* %2, i64 %12) #78 br i1 %121, label %136, label %122 %137 = icmp eq i32 (%struct.napi_struct.763158*, i32)* %118, null br i1 %137, label %139, label %138 tail call fastcc void @busy_poll_stop(%struct.napi_struct.763158* nonnull %27, i8* %119, i1 zeroext %3, i16 zeroext %4) #79 Function:busy_poll_stop %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 1 %7 = bitcast i64* %6 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -3, i8* %7) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb ${1:b},$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i32 -65, i8* %7) #6, !srcloc !4 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %2, label %8, label %21 %9 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 7 %10 = load %struct.net_device.763141*, %struct.net_device.763141** %9, align 8 %11 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 77 %12 = load volatile i32, i32* %11, align 16 %13 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 3 store i32 %12, i32* %13, align 4 %14 = getelementptr inbounds %struct.net_device.763141, %struct.net_device.763141* %10, i64 0, i32 76 %15 = load volatile i64, i64* %14, align 8 %16 = icmp ne i32 %12, 0 %17 = icmp ne i64 %15, 0 %18 = and i1 %16, %17 br i1 %18, label %19, label %21 %22 = phi i1 [ true, %19 ], [ false, %8 ], [ false, %4 ] %23 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 5 %24 = load i32 (%struct.napi_struct.763158*, i32)*, i32 (%struct.napi_struct.763158*, i32)** %23, align 8 %25 = zext i16 %3 to i32 %26 = tail call i32 %24(%struct.napi_struct.763158* %0, i32 %25) #78 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_napi_poll to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@busy_poll_stop, %27)) #6 to label %41 [label %27], !srcloc !7 %42 = icmp eq i8* %1, null br i1 %42, label %46, label %43 %47 = icmp eq i32 %26, %25 br i1 %47, label %48, label %153 br i1 %22, label %89, label %49 %90 = getelementptr inbounds %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 4 %91 = load i64, i64* %90, align 8 %92 = icmp eq i64 %91, 0 br i1 %92, label %144, label %93 %94 = trunc i64 %91 to i32 %95 = tail call i32 asm "bsfl $1,$0", "=r,rm,0,~{dirflag},~{fpsr},~{flags}"(i32 %94, i32 -1) #4, !srcloc !18 %96 = add i32 %95, 1 %97 = icmp eq i32 %96, 0 br i1 %97, label %144, label %98 %99 = phi i32 [ %142, %139 ], [ %96, %93 ] %100 = phi i32 [ %104, %139 ], [ -1, %93 ] %101 = phi i64 [ %103, %139 ], [ %91, %93 ] %102 = zext i32 %99 to i64 %103 = lshr i64 %101, %102 %104 = add i32 %100, %99 %105 = zext i32 %104 to i64 %106 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0 %107 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 0, i32 1 %108 = bitcast %struct.list_head** %107 to %struct.sk_buff.763154** %109 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %108, align 8 %110 = bitcast %struct.sk_buff.763154* %109 to %struct.list_head* %111 = icmp eq %struct.list_head* %106, %110 %112 = getelementptr %struct.napi_struct.763158, %struct.napi_struct.763158* %0, i64 0, i32 8, i64 %105, i32 1 br i1 %111, label %113, label %115 %116 = phi %struct.sk_buff.763154* [ %118, %124 ], [ %109, %98 ] %117 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 1 %118 = load %struct.sk_buff.763154*, %struct.sk_buff.763154** %117, align 8 %119 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 3, i64 24 %120 = bitcast i8* %119 to i64* %121 = load i64, i64* %120, align 8 %122 = load volatile i64, i64* @jiffies, align 64 %123 = icmp eq i64 %121, %122 br i1 %123, label %139, label %124 %125 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head* %126 = bitcast %struct.sk_buff.763154* %116 to %struct.list_head** %127 = load %struct.list_head*, %struct.list_head** %126, align 8 %128 = getelementptr inbounds %struct.list_head, %struct.list_head* %127, i64 0, i32 1 %129 = bitcast %struct.list_head** %128 to %struct.sk_buff.763154** store %struct.sk_buff.763154* %118, %struct.sk_buff.763154** %129, align 8 %130 = bitcast %struct.sk_buff.763154* %118 to %struct.list_head** store volatile %struct.list_head* %127, %struct.list_head** %130, align 8 %131 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %116, i64 0, i32 0, i32 0, i32 0 store %struct.sk_buff.763154* null, %struct.sk_buff.763154** %131, align 8 tail call fastcc void @napi_gro_complete(%struct.napi_struct.763158* %0, %struct.sk_buff.763154* %116) #78 Function:napi_gro_complete %3 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 33 %4 = load i16, i16* %3, align 8 %5 = getelementptr inbounds %struct.sk_buff.763154, %struct.sk_buff.763154* %1, i64 0, i32 3, i64 20 %6 = bitcast i8* %5 to i16* %7 = load i16, i16* %6, align 4 %8 = icmp eq i16 %7, 1 br i1 %8, label %9, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = load volatile %struct.list_head*, %struct.list_head** getelementptr inbounds (%struct.list_head, %struct.list_head* @offload_base, i64 0, i32 0), align 8 %20 = icmp eq %struct.list_head* %19, @offload_base br i1 %20, label %46, label %21 %22 = phi %struct.list_head* [ %44, %42 ], [ %19, %18 ] %23 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -2 %24 = bitcast %struct.list_head* %23 to i16* %25 = load i16, i16* %24, align 8 %26 = icmp eq i16 %25, %4 br i1 %26, label %27, label %42 %28 = getelementptr %struct.list_head, %struct.list_head* %22, i64 -1, i32 1 %29 = bitcast %struct.list_head** %28 to i32 (%struct.sk_buff.763154*, i32)** %30 = load i32 (%struct.sk_buff.763154*, i32)*, i32 (%struct.sk_buff.763154*, i32)** %29, align 8 %31 = icmp eq i32 (%struct.sk_buff.763154*, i32)* %30, null br i1 %31, label %42, label %32 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 %44 = load volatile %struct.list_head*, %struct.list_head** %43, align 8 %45 = icmp eq %struct.list_head* %44, @offload_base br i1 %45, label %46, label %21 %47 = phi i1 [ false, %34 ], [ false, %38 ], [ false, %40 ], [ true, %18 ], [ true, %42 ] %48 = phi i32 [ %35, %34 ], [ %39, %38 ], [ %41, %40 ], [ -2, %18 ], [ -2, %42 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @rcu_read_unlock_strict() #78 %49 = icmp eq i32 %48, 0 br i1 %49, label %53, label %50 br i1 %47, label %51, label %52, !prof !8, !misexpect !9 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection\0A998:\0A\09.pushsection .discard.reachable\0A\09.long 998b - .\0A\09.popsection\0A\09", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([15 x i8], [15 x i8]* @.str.1.63505, i64 0, i64 0), i32 5887, i32 2305, i64 12) #6, !srcloc !10 br label %52 tail call void bitcast (void (%struct.sk_buff.756266*, i32)* @kfree_skb_reason to void (%struct.sk_buff.763154*, i32)*)(%struct.sk_buff.763154* %1, i32 0) #78 Function:kfree_skb_reason %3 = icmp eq %struct.sk_buff.756266* %0, null br i1 %3, label %36, label %4, !prof !4, !misexpect !5 %5 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 43 %6 = getelementptr inbounds %struct.seqcount_spinlock, %struct.seqcount_spinlock* %5, i64 0, i32 0, i32 0 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %10, !prof !6, !misexpect !7 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 -1, i32* %6) #6, !srcloc !9 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %19 callbr void asm sideeffect "1:jmp ${2:l} # objtool NOPs this \0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - . \0A\09.long ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.device_dma_parameters* } }, %struct.static_call_key*, i8*, i8*, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_kfree_skb to %struct.tracepoint*), i64 0, i32 1), i32 2, i8* blockaddress(@kfree_skb_reason, %21)) #6 to label %35 [label %21], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.756266* nonnull %0) #79 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.756266* %0) #78 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %13 = getelementptr inbounds %struct.sk_buff.756266, %struct.sk_buff.756266* %0, i64 0, i32 4, i32 0, i32 1 %14 = load void (%struct.sk_buff.756266*)*, void (%struct.sk_buff.756266*)** %13, align 8 %15 = icmp eq void (%struct.sk_buff.756266*)* %14, null br i1 %15, label %24, label %16 %17 = tail call i32 asm "movl %gs:$1, $0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !4 %18 = and i32 %17, 983040 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20, !prof !5, !misexpect !6 %23 = phi void (%struct.sk_buff.756266*)* [ %14, %16 ], [ %21, %20 ] tail call void %23(%struct.sk_buff.756266* %0) #78 ------------- Check callee group: sock_wfree Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: sock_wfree Check callee group: sock_wfree Check callee group: tg3_read_indirect_reg32 Check callee group: sock_wfree Check callee group: dm_pr_reserve sd_pr_reserve Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_reserve sd_pr_reserve Check callee group: dm_pr_clear sd_pr_clear Check callee group: tg3_read_indirect_reg32 Check callee group: dm_pr_clear sd_pr_clear Check callee group: tg3_read_indirect_reg32 Check callee group: i915_driver_lastclose Check callee group: serial8250_config_port Check callee group: sr_reset Check callee group: serial8250_config_port Check callee group: serial8250_config_port Check callee group: tg3_write_indirect_reg32 Check callee group: dm_pr_register sd_pr_register Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: dm_pr_preempt sd_pr_preempt Check callee group: drm_atomic_helper_set_config Check callee group: dm_pr_preempt sd_pr_preempt Check callee group: dm_pr_preempt sd_pr_preempt Check callee group: tg3_write_indirect_reg32 Check callee group: sock_wfree Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_verify_port Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: nfs_unlink mqueue_unlink shmem_unlink msdos_unlink ext4_unlink vfat_unlink autofs_dir_unlink bad_inode_unlink simple_unlink Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: serial8250_pm Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: e1000_update_phy_info_task Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: md_ioctl sd_ioctl dm_blk_ioctl lo_ioctl sr_block_ioctl Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: mdio_ctrl_hw Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: nfs4_have_delegation Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read32 tg3_read_indirect_mbox tg3_read32_mbox_5906 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_read_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Check callee group: tg3_write_indirect_reg32 Good: 5697 Bad: 76 Ignored: 5400 Thread 0 Done! STOP WATCH[0]: 1739187.369000 ms =NON-Kernel Init Functions= i915_gem_execbuffer2_ioctl __ia32_sys_seccomp prctl_set_seccomp lwt_in_func_proto lwt_seg6local_func_proto tty_open sg_io scsi_bsg_sg_io_fn sg_new_write __x64_sys_mlock __ia32_sys_mlock2 __ia32_sys_reboot __x64_sys_chroot __ia32_sys_chroot tcp_congestion_default __ia32_sys_fsconfig __x64_sys_setregid16 __ia32_sys_setregid16 perf_trace_init __x64_sys_setgid __ia32_sys_setgid16 __x64_sys_setreuid16 __ia32_sys_setreuid16 __x64_sys_kexec_load __ia32_sys_kexec_load ext4_remount __x64_sys_setdomainname __x64_sys_syslog __ia32_compat_sys_msgctl ext4_ioctl __ia32_sys_delete_module adl_hw_config __se_sys_adjtimex_time32 posix_clock_realtime_adj __ia32_sys_open_by_handle_at __x64_sys_quotactl __se_sys_quotactl __ia32_sys_quotactl __x64_sys_quotactl_fd __se_sys_quotactl_fd __ia32_sys_quotactl_fd oom_score_adj_write oom_adj_write aio_prep_rw io_prep_rw sel_write_avc_cache_threshold scsi_bsg_register_queue sel_write_member sel_write_user sel_write_relabel sel_write_create sel_write_load sel_write_bool unshare_nsproxy_namespaces __ia32_sys_setns __x64_sys_prctl __ia32_sys_prctl vvar_fault ttm_bo_vm_fault_reserved ttm_bo_vm_fault vmf_insert_mixed_prot dma_common_mmap sel_mmap_handle_status pci_mmap_page_range pci_mmap_resource_range pci_mmap_resource_uc iommu_dma_mmap usbdev_mmap remap_pfn_range_notrack remap_pfn_range sched_setattr_nocheck sched_set_normal sched_set_fifo_low devm_request_any_context_irq hpet_cpuhp_online setup_default_timer_irq hpet_time_init ata_pci_bmdma_init_one ahci_host_activate ahci_init_one smbalert_probe pcc_mbox_request_channel pci_request_irq pcie_pme_probe acpi_bus_init acpi_init acpi_ec_setup acpi_ec_add univ8250_setup_irq hpet_compat_ioctl hpet_ioctl_common state_next iommu_go_to_state amd_iommu_init dmar_hp_add_drhd dmar_device_add dmar_set_interrupt intel_iommu_init phy_request_interrupt tg3_set_channels tg3_request_irq e100_resume e100_io_resume e100_diag_test e1000_resume e1000_request_irq sky2_probe nv_open nv_resume yenta_probe_cb_irq ti12xx_override xhci_run xhci_pci_resume cmos_pnp_probe cmos_platform_probe cmos_init azx_acquire_irq setup_percpu_irq request_percpu_nmi rcu_spawn_gp_kthread mqueue_create_attr __x64_sys_sched_setparam normalize_rt_tasks genl_rcv tcp_setsockopt pin_user_pages_unlocked get_user_pages_unlocked __ia32_sys_process_vm_readv pin_user_pages_remote __ia32_sys_process_vm_writev unapply_uprobe uprobe_notify_resume uprobe_unregister __uprobe_unregister uprobe_register_refctr uprobe_register register_for_each_vma uprobe_apply vm_mmap_pgoff aio_setup_ring __ia32_compat_sys_io_setup __audit_syscall_exit dma_mmap_pages ptrace_access_vm compat_ptrace_request access_remote_vm call_usermodehelper_exec_async copy_string_kernel __ia32_sys_execve __ia32_compat_sys_execve pin_user_pages_fast_only pin_user_pages_fast i915_gem_object_userptr_validate snd_pcm_lib_mmap_iomem iov_iter_get_pages_alloc __gup_longterm_unlocked pin_user_pages io_sqe_buffer_register lookup_node do_get_mempolicy __se_sys_get_mempolicy fault_in_iov_iter_writeable __x64_sys_madvise __ia32_sys_madvise __x64_sys_process_madvise __se_sys_process_madvise __ia32_sys_process_madvise expand_stack setup_arg_pages __ia32_compat_sys_sched_setaffinity find_active_uprobe __x64_sys_timerfd_settime32 __ia32_sys_umount __x64_sys_oldumount __ia32_sys_oldumount init_umount selinux_capable __x64_sys_swapon __ia32_compat_sys_mq_open __ia32_sys_swapon security_inode_removexattr md_compat_ioctl nfs4_proc_setlease __ia32_sys_acct nfs4_setlease ip_rcv ipv4_link_failure ip_options_get cipso_v4_error __x64_sys_mlockall __ia32_sys_mlockall unix_compat_ioctl set_one_prio security_inode_setxattr genl_notify nfnetlink_send proc_exec_connector proc_id_connector proc_sid_connector i801_probe proc_ptrace_connector proc_comm_connector proc_coredump_connector __ia32_sys_msgctl proc_exit_connector __acpi_processor_start store_uevent uevent_store uevent_store.46944 report_normal_detected pci_uevent_ers acpi_video_switch_brightness eeepc_acpi_notify backlight_device_set_brightness tg3_test_interrupt brightness_store acpi_hotplug_work_fn undock_store drm_sysfs_connector_status_event drm_release_noglobal drm_release drm_open drm_client_release drm_client_dev_unregister intel_overlay_put_image_ioctl drm_mode_object_find drm_mode_getfb2_ioctl drm_mode_getfb drm_mode_setplane drm_framebuffer_lookup drm_client_framebuffer_create e1000_diag_test drm_mode_getblob_ioctl drm_mode_destroyblob_ioctl drm_property_change_valid_get drm_wait_vblank_ioctl __ia32_sys_get_mempolicy drm_mode_getresources __x64_sys_reboot drm_mode_page_flip_ioctl drm_mode_cursor_ioctl drm_mode_cursor_common drm_mode_cursor2_ioctl drm_mode_list_lessees_ioctl drm_sysfs_lease_event __ia32_sys_io_uring_register drm_lease_destroy ivb_parity_work i915_driver_postclose context_close i915_gem_context_destroy_ioctl scsi_evt_thread ata_acpi_ap_uevent ata_acpi_bind_port hpet_ioctl ata_acpi_dev_uevent ata_acpi_bind_dev uevent_net_rcv sel_write_enforce selnl_notify_policyload dquot_free_inode quota_send_warning __ia32_sys_swapoff kauditd_thread acpi_button_notify reg_process_self_managed_hints nl80211_common_reg_change_event regdb_fw_cb set_regdom genlmsg_multicast_allns nl80211_send_beacon_hint_event handle_reg_beacon wiphy_update_regulatory ioam6_exit genl_unregister_family cfg80211_exit genl_init netlbl_unlabel_genl_init netlbl_cipsov4_genl_init genl_ctrl_event genl_register_family netlbl_calipso_genl_init netlbl_netlink_init drm_mode_rmfb cfg80211_update_owe_info_event __cfg80211_stop_sched_scan nl80211_stop_sched_scan cfg80211_sched_scan_stopped ieee80211_sched_scan_stopped_work cfg80211_register_netdevice cfg80211_register_wdev nl80211_notify_iface ieee80211_vht_handle_opmode cfg80211_sta_opmode_change_notify nl80211_send_rx_assoc nl80211_send_deauth cfg80211_process_deauth cfg80211_tx_mlme_mgmt cfg80211_probe_status cfg80211_nan_func_terminated __ia32_sys_remap_file_pages ieee80211_nan_func_terminated ieee80211_tx_status_irqsafe sta_info_init purge_old_ps_buffers invoke_tx_handlers_early ieee80211_tx_dequeue report_resume ieee80211_txq_remove_vlan sta_info_insert ieee80211_ibss_add_sta ieee80211_ibss_finish_sta sta_info_insert_rcu ieee80211_txq_purge ieee80211_txq_teardown_flows remap_p4d_range ieee80211_send_eosp_nullfunc ieee80211_s1g_status_twt_action ieee80211_s1g_rx_twt_action ieee80211_tx_ba_session_handle_start ieee80211_request_smps_mgd_work ioctx_alloc ieee80211_remove_key ieee80211_del_key ieee80211_key_link ieee80211_add_key dmar_device_hotplug ieee80211_uninit ieee80211_key_replace __ieee80211_stop_rx_ba_session ___ieee80211_stop_rx_ba_session ieee80211_mgmt_tx ieee80211_handle_roc_started ieee80211_scan_state_send_probe ieee80211_send_action_csa ieee80211_send_pspoll ieee80211_scan __ieee80211_start_scan ieee80211_scan_work ieee80211_abort_scan ieee80211_prep_connection ieee80211_start_next_roc ieee80211_mgmt_tx_cancel_wait _ieee80211_start_next_roc ieee80211_hw_roc_done ieee80211_change_station ieee80211_do_open ieee80211_start_p2p_device ieee80211_mgd_probe_ap_send ieee80211_xmit __ieee80211_tx_skb_tid_band ieee80211_send_assoc ieee80211_tx ieee80211_handle_filtered_frame ieee80211_sta_ps_deliver_poll_response ieee80211_sta_uapsd_trigger ieee80211_free_txskb ieee80211_sta_ps_deliver_response ieee80211_subif_start_xmit ieee80211_subif_start_xmit_8023 __ia32_sys_sched_setaffinity ieee80211_probe_mesh_link __x64_sys_get_mempolicy ieee80211_gtk_rekey_notify __sta_info_destroy ieee80211_sta_join_ibss ieee80211_sta_create_ibss drm_mode_getplane ieee80211_ibss_work ieee80211_csa_connection_drop_work ieee80211_ibss_leave ieee80211_leave_ibss ieee80211_del_station ieee80211_mgd_quiesce ieee80211_mgd_deauth ieee80211_send_deauth_disassoc ieee80211_deauth ieee80211_resume ieee80211_sta_restart ieee80211_mgd_auth ieee80211_auth ieee80211_mgd_assoc ieee80211_send_auth ieee80211_assoc ieee80211_mgd_disassoc ieee80211_disassoc __sta_info_destroy_part2 cfg80211_cqm_txe_notify cfg80211_cqm_rssi_notify ieee80211_handle_beacon_sig ieee80211_beacon_connection_loss_work ieee80211_sta_monitor_work cfg80211_conn_failed cfg80211_ch_switch_started_notify ieee80211_csa_finalize_work nl80211_ch_switch_notify ieee80211_color_change ieee80211_color_change_finalize_work cfg80211_bss_color_notify __cfg80211_send_event_skb cfg80211_dev_rename set_orig_insn wiphy_register nl80211_notify_wiphy cfg80211_rfkill_set_block ieee80211_restart_work cfg80211_shutdown_all_interfaces nl80211_send_scan_msg nl80211_send_auth_timeout ieee80211_sta_work cfg80211_assoc_timeout ieee80211_mgd_stop nl80211_send_roamed nl80211_send_port_authorized nl80211_send_disconnected nl80211_send_ibss_bssid ieee80211_mark_rx_ba_filtered_frames ieee80211_ba_session_work nl80211_michael_mic_failure sta_rx_agg_reorder_timer_expired ___ieee80211_start_rx_ba_session ieee80211_process_addba_request cfg80211_propagate_radar_detect_wk ieee80211_ibss_rx_queued_mgmt ieee80211_iface_work ieee80211_stop ieee80211_if_change_type ieee80211_change_iface ieee80211_stop_nan ieee80211_sta_ps_deliver_uapsd ieee80211_start_nan ieee80211_sdata_stop ieee80211_stop_p2p_device __ieee80211_suspend __do_sys_prctl ieee80211_suspend ieee80211_dfs_radar_detected_work ieee80211_dfs_cac_timer_work drm_mode_getencoder nl80211_radar_notify ip_sublist_rcv nl80211_new_interface __ia32_sys_timerfd_settime cfg80211_leave reg_check_chans_work ieee80211_del_iface ieee80211_add_iface ieee80211_ibss_disconnect ieee80211_register_hw ieee80211_remove_interfaces cfg80211_process_rdev_events cfg80211_event_work backlight_force_update cfg80211_process_wdev_events nl80211_stop_ap __cfg80211_stop_ap cfg80211_change_iface __x64_sys_lsetxattr __ia32_sys_lsetxattr __x64_sys_lremovexattr __ia32_sys_lremovexattr cfg80211_init __x64_sys_fremovexattr __vfs_removexattr_locked __se_sys_fremovexattr __ia32_sys_fremovexattr __x64_sys_lgetxattr __ia32_sys_lgetxattr __x64_sys_fgetxattr __ia32_sys_fgetxattr vfs_getxattr_alloc tc_filter_init cfg80211_rfkill_block_work bprintf __trace_bprintk compat_ksys_old_msgctl trace_vbprintk shmem_listxattr __dquot_transfer dquot_transfer dquot_alloc_inode file_modified __x64_sys_fcntl __se_sys_fcntl do_fcntl fifo_open do_pipe_flags disconnect_work __x64_sys_pipe2 __ia32_sys_pipe2 create_pipe_files ieee80211_monitor_start_xmit __do_pipe_flags __ia32_sys_pipe cfg80211_netdev_notifier_call __ia32_sys_epoll_ctl selinux_inode_getsecctx load_elf_library vm_brk ip_list_rcv nl80211_set_interface load_elf_library.17893 load_elf_binary __x64_sys_brk __ia32_sys_brk shm_exit_ns free_ipc shm_close shm_try_destroy_orphaned proc_ipc_dointvec_minmax_orphans __x64_sys_unshare exit_shm __ia32_sys_unshare shmctl_down __x64_sys_shmat __ia32_sys_shmat shm_destroy do_shmat __se_sys_shmctl __ia32_sys_shmctl __ia32_compat_sys_shmctl shmem_lock shmctl_do_lock __ia32_compat_sys_old_shmctl __ia32_compat_sys_ia32_mmap ip_options_compile ksys_mmap_pgoff hugetlb_file_setup compat_blkdev_ioctl vfs_unlink vfs_rmdir vfs_rename __x64_sys_sethostname __ia32_compat_sys_setrlimit __x64_sys_setgroups __se_sys_prlimit64 __ia32_sys_prlimit64 rtnl_setlink __ia32_sys_setgroups __x64_sys_setrlimit rtnl_newlink __ia32_sys_setrlimit __x64_sys_setfsuid16 do_compat_fcntl64 __ia32_sys_setfsuid16 ieee80211_sta_process_chanswitch __x64_sys_setresuid __x64_sys_setresuid16 __ia32_sys_setresuid16 __ia32_sys_setuid ieee80211_probe_client __x64_sys_setuid16 __ia32_sys_setuid16 kill_pid kill_pgrp disassociate_ctty __x64_sys_pidfd_send_signal ieee80211_tx_prepare_skb __se_sys_pidfd_send_signal ieee80211_tx_prepare __ia32_sys_pidfd_send_signal __x64_sys_rt_sigqueueinfo __se_sys_rt_sigqueueinfo __ia32_sys_rt_sigqueueinfo group_send_sig_info do_rt_sigqueueinfo __x64_sys_tgkill __ia32_sys_tgkill mmap_mem drm_property_lookup_blob hw_breakpoint_event_init __ia32_sys_tkill __x64_sys_rt_tgsigqueueinfo __se_sys_rt_tgsigqueueinfo __x64_sys_init_module cfg80211_propagate_cac_done_wk do_task_stat proc_tgid_stat __x64_sys_ptrace __se_sys_ptrace __ia32_sys_ptrace __x64_sys_mount __se_sys_mount __ia32_sys_mount __x64_sys_setfsgid __ia32_sys_setfsgid timerslack_ns_open __x64_sys_keyctl __se_sys_keyctl acpi_soft_cpu_online __ia32_sys_keyctl __ia32_compat_sys_keyctl lo_ioctl lo_compat_ioctl vfs_path_lookup snd_dma_continuous_mmap user_path_at_empty kern_path cmos_do_probe ieee80211_rx_mgmt_auth filename_lookup ieee80211_rx_mgmt_assoc_resp path_lookupat __x64_sys_mkdirat __x64_sys_mkdir do_mkdirat nv_request_irq do_symlinkat __x64_sys_linkat __x64_sys_link ieee80211_free_sta_keys filename_create kern_path_locked __ia32_sys_rmdir __x64_sys_unlinkat __ia32_sys_unlinkat acpi_video_bus_add __x64_sys_unlink acpi_video_bus_remove __ia32_sys_unlink __se_sys_kill clean_path maybe_link do_name i915_gem_mmap_ioctl syscall_exit_to_user_mode_work secretmem_mmap do_int80_syscall_32 syscall_exit_to_user_mode noist_exc_machine_check ieee80211_tx_status_8023 exc_page_fault sysvec_spurious_apic_interrupt spurious_interrupt sysvec_reboot sysvec_threshold cfg80211_gtk_rekey_notify sysvec_deferred_error sysvec_thermal sysvec_kvm_posted_intr_ipi exc_device_not_available ged_probe exc_spurious_interrupt_bug exc_simd_coprocessor_error exc_invalid_tss arch_do_signal_or_restart irqentry_exit_to_user_mode irqentry_exit io_drain_req ieee80211_process_delba get_signal i915_gem_context_close io_wqe_worker create_worker_cb do_unlinkat __ia32_sys_rename ieee80211_sta_rx_queued_mgmt io_req_task_submit ieee80211_ocb_work common_interrupt __x64_sys_io_uring_enter __ia32_sys_io_uring_enter __io_queue_sqe io_submit_sqe __ia32_sys_io_submit filename_parentat io_issue_sqe sky2_set_ringparam do_filp_open link_path_walk devm_request_threaded_irq ieee80211_destroy_auth_data try_lookup_one_len lookup_one_positive_unlocked __x64_sys_setresgid create_setparam __x64_sys_setresgid16 __ia32_sys_setresgid16 __x64_sys_ioperm msg_zerocopy_alloc msg_zerocopy_realloc __x64_sys_migrate_pages __ia32_sys_migrate_pages io_uring_create __ia32_compat_sys_ia32_clone call_usermodehelper_exec_work __x64_sys_clone __ia32_sys_clone __x64_sys_clone3 __se_sys_clone3 __ia32_sys_clone3 sta_deliver_ps_frames __do_sys_fork __ia32_sys_kill xfrm_netlink_rcv ata_scsi_ioctl __se_sys_mbind netlink_sendmsg unix_stream_sendmsg proc_loginuid_write uart_set_info_user __x64_sys_setpriority __se_sys_setpriority __ia32_sys_setpriority ieee80211_cancel_roc pps_cdev_compat_ioctl dm_compat_ctl_ioctl rtnetlink_rcv compat_sock_ioctl __x64_sys_setsockopt __x64_sys_socketcall __ia32_sys_socketcall sock_setsockopt skb_tstamp_tx cfg80211_stop_ap netlink_proto_init dev_ioctl ext4_tmpfile ext4_ind_truncate ext4_free_data ext4_free_branches ext4_ind_truncate_ensure_credits __x64_sys_removexattr ext4_ind_remove_space sel_commit_bools_write ext4_ext_replay_shrink_inode ext4_ext_rm_leaf ext4_ext_truncate ext4_collapse_range ext4_ext_convert_to_initialized ext4_ext_handle_unwritten_extents ext4_swap_extents ieee80211_sta_connection_lost ext4_split_extent_at ext4_ext_replay_update_ex ext4_iomap_begin ext4_iomap_overwrite_begin ext4_ext_replay_set_iblocks iov_iter_get_pages ext4_end_io_rsv_work __x64_sys_prlimit64 rtnetlink_init ext4_convert_unwritten_io_end_vec dmar_device_remove ext4_iomap_begin_report ext4_process_orphan ext4_orphan_cleanup _ext4_get_block ext4_empty_dir ext4_quota_read ext4_init_orphan_info ext4_mount __ext4_find_entry ext4_get_parent ieee80211_rx_h_michael_mic_verify __ia32_compat_sys_ioctl ext4_xattr_ibody_get mpage_map_one_extent ext4_readpage ext4_readahead __ia32_sys_setgid ext4_map_blocks ext4_ext_map_blocks regulatory_hint_disconnect ext4_page_mkwrite ext4_ext_tree_init ext4_write_end ext4_da_write_end ext4_writepages drm_master_open ext4_journalled_write_end ext4_zero_range ext4_update_disksize_before_punch ext4_fallocate ext4_setattr ext4_dirty_inode autofs_root_ioctl ext4_change_inode_journal_flag acpi_bus_generate_netlink_event do_split ext4_init_new_dir ext4_add_entry ext4_rename2 exc_overflow ext4_create ext4_mkdir __ext4_unlink ext4_unlink __ext4_mark_inode_dirty __ext4_expand_extra_isize ext4_expand_extra_isize vt_compat_ioctl set_default_qdisc phys_pte_init blk_mq_sched_mark_restart_hctx track_pfn_copy __next_mem_range put_and_wait_on_page_locked ieee80211_recalc_sw_work __next_mem_range_rev copy_user_gigantic_page copy_hugetlb_page_range kcalloc.31309 ieee80211_sta_expire populate_pmd pcie_do_recovery uprobe_start_dup_mmap regulatory_propagate_dfs_state copy_page_range follow_huge_pud date_str __x64_sys_io_uring_setup wp_page_copy adjust_zone_range_for_zone_movable acpi_os_physical_table_override _cfg80211_unregister_wdev shm_mmap reset_vma_resv_huge_pages ext4_xattr_get __absent_pages_in_range __x64_sys_getxattr fw_devlink_relax_cycle ip4_string quiet_vmstat smca_set_misc_banks_map n_tty_ioctl_helper amd_iommu_detect ieee80211_remain_on_channel __memblock_find_range_bottom_up ___pud_free_tlb ieee80211_ocb_leave pcpu_block_refresh_hint ieee80211_csa_connection_drop_work.73067 mempolicy_slab_node io_wq_submit_work move_freepages_block ip_cmsg_send __migration_entry_wait kmem_cache_flags compaction_defer_reset ldt_dup_context cfg80211_stop_p2p_device cfg80211_michael_mic_failure time_str calculate_sizes data_alloc data_push_tail ip6_compressed_string disable_msi_reset_irq acpi_tb_parse_fadt ia32_classify_syscall inherit_event blk_mq_delay_run_hw_queue copy_user_huge_page huge_pmd_share acpi_bios_warning blk_mq_flush_busy_ctxs blk_mq_do_dispatch_sched blk_mq_try_issue_list_directly acpi_gsi_to_irq acpi_irq_stats_init pmd_set_huge pud_set_huge pud_free_pmd_page __sta_info_flush populate_pgd ip6_string reuse_swap_page get_shadow_from_swap_cache __swap_count lruvec_init blk_mq_try_issue_directly blk_insert_flush __rq_qos_cleanup sbitmap_get_shallow __blk_mq_sched_bio_merge blk_attempt_plug_merge tty_ldisc_hangup prot_none_hugetlb_entry acpi_find_root_pointer update_cache_mode_entry try_grab_page pti_user_pagetable_walk_p4d pm_wakeup_source_sysfs_add fwnode_get_next_available_child_node __ia32_sys_fspick fwnode_is_ancestor_of fw_devlink_create_devlink __se_sys_setns pm_runtime_remove prepare_threshold_block deferred_error_interrupt_enable dup_mmap __mmu_notifier_release follow_p4d_mask ptrace_attach init_currently_empty_zone free_pud_range ___p4d_free_tlb drm_mode_obj_get_properties_ioctl rtc_str do_anonymous_page fault_dirty_shared_page do_swap_page do_wp_page sk_filter_uncharge sched_setscheduler efi_memmap_install __init_cache_modes acpi_tb_get_next_table_descriptor prb_reserve_in_last do_mount acpi_tb_validate_temp_table e820__range_update phys_pud_init plist_requeue current_save_fsgs tick_nohz_get_next_hrtimer cpuidle_enter_state compaction_zonelist_suitable ip6_addr_string_sa tick_freeze node_reclaim finish_fault fwnode_get_next_parent_dev driver_deferred_probe_add pfn_range_is_mapped __static_call_transform using_native_sched_clock vmemmap_p4d_range ip6_addr_string cap_inode_getsecurity setup_net __ia32_compat_sys_shmat acpi_ut_set_integer_width ip4_addr_string security_kernfs_init_security nl80211_init ieee80211_release_reorder_timeout sprint_backtrace_build_id do_linkat sched_idle_set_state flush_tlb_all fwnode_count_parents get_io_context show_swap_cache_info acpi_os_get_root_pointer allocate_slab steal_suitable_fallback node_dirty_ok get_partial_node tick_resume_broadcast ttm_bo_vm_dummy_page lru_note_cost fpu__init_cpu_xstate special_hex_number alloc_debug_processing smca_configure get_any_partial tick_nohz_stop_tick pcmcia_request_irq try_to_free_pages sched_setattr efi_memmap_split_count ieee80211_request_ibss_scan dump_unreclaimable_slab hugetlb_show_meminfo ieee80211_request_scan kmalloc_fix_flags clear_asid_other kmem_cache_open pmd_free_pte_page text_poke_finish __x64_sys_process_vm_readv group_balance_cpu pcpu_chunk_refresh_hint __node_reclaim tick_unfreeze sysvec_kvm_posted_intr_wakeup_ipi pcpu_next_fit_region p4d_clear_huge intel_ppin_init aio_read put_links __ia32_sys_pivot_root memblock_find_in_range reserve_highatomic_pageblock get_links prb_reserve yenta_probe prb_commit ieee80211_sched_scan_end prb_final_commit cyc2ns_read_begin crda_timeout_work pud_clear_huge cyc2ns_read_end vt_ioctl calc_load_nohz_start event_sched_in acpi_ev_gpe_initialize acpi_processor_notify ldt_arch_exit_mmap acpi_ec_dsdt_probe slab_out_of_memory drm_new_set_master should_reclaim_retry lru_note_cost_page path_removexattr tracing_start_sched_switch audit_serial io_bitmap_share timens_on_fork __drm_mode_object_find shm_init_ns intel_irq_install audit_tree_match audit_watch_compare audit_gid_comparator hugetlb_cow hugepage_add_new_anon_rmap huge_pte_alloc pgdat_init_internals wake_up_idle_cpu sb_clear_inode_writeback acpi_tb_verify_checksum migration_entry_wait_huge time64_str __pte_alloc_kernel blk_mq_sched_insert_requests exc_invalid_op ext4_link __blk_mq_sched_dispatch_requests drm_client_framebuffer_delete local_touch_nmi __unmap_hugepage_range_final acpi_os_install_interrupt_handler perf_kprobe_init dev_queue_xmit_nit validate_xmit_skb_list _set_memory_wb _set_memory_wt _set_memory_wc _set_memory_uc unreserve_highatomic_pageblock ieee80211_channel_switch static_protections sta_info_cleanup __cpa_process_fault submit_bio_checks restore_regulatory_settings pmd_clear_huge ext4_alloc_file_blocks audit_match_class pgd_page_get_mm blk_mq_submit_bio __sbitmap_queue_get_shallow __x64_sys_sched_setscheduler efi_memmap_insert alloc_mnt_ns cfg80211_cqm_pktloss_notify msg_init_ns acpi_device_hotplug rtnl_fill_vfinfo vmf_insert_mixed_mkwrite acpi_ns_local drm_mode_gamma_get_ioctl acpi_ns_create_node find_mergeable __ia32_sys_setresgid ioc_lookup_icq dev_pm_qos_constraints_destroy fwnode_remove_software_node acpi_ut_create_update_state e1000e_pm_suspend widen_string inat_get_last_prefix_id vma_interval_tree_insert_after clear_shadow_from_swap_cache laptop_io_completion slab_unmergeable ttwu_do_activate acpi_install_table sched_set_stop_task device_pm_sleep_init pm_runtime_init dpm_sysfs_add dmar_hp_remove_drhd device_links_driver_bound swake_up_all_locked tsk_fork_get_node __x64_sys_timerfd_settime wakeup_source_destroy __efi_memmap_alloc_late check_irq_resend scan_swap_map_try_ssd_cluster cyc2ns_init_boot_cpu clocksource_suspend alloc_uevent_skb peernet_has_id security_sock_rcv_skb integrity_inode_free acpi_device_notify __sk_destruct vzalloc_node mce_gen_pool_init __queue_delayed_work numa_add_cpu timerfd_resume acpi_install_gpe_block free_area_init_core follow_phys vmalloc_to_pfn intel_get_pipe_from_crtc_id_ioctl uprobe_clear_state exit_aio path_getxattr device_is_dependent workingset_activation follow_page_mask fw_devlink_purge_absent_suppliers load_current_idt page_mlock vma_interval_tree_remove unlink_file_vma kernfs_create_empty_dir nl80211_start_sched_scan print_worker_info free_p4d_range ieee80211_nan_func_match exit_mmap free_debug_processing init_scattered_cpuid_features phys_pmd_init __purge_vmap_area_lazy acpi_hw_validate_io_request workingset_refault acpi_hw_get_access_bit_width trace_find_tgid dev_pm_enable_wake_irq_check bitmap_string posix_acl_permission acpi_initialize_tables propagate_mount_unlock mnt_release_group_id __blk_mq_insert_request __ia32_sys_mbind ext4_block_zero_page_range try_ram_remap __efi_memmap_free get_swap_pages pm_suspended_storage __mmu_notifier_change_pte add_swap_count_continuation ops_free_list netlink_trim __kmem_cache_free_bulk trace_print_bprintk_msg_only cpu_detect update_queue nohz_run_idle_balance console_flush_on_panic trace_printk_control trace_print_context irq_setup_affinity current_cpuset_is_being_rebound kobject_synth_uevent linkwatch_run_queue __setparam_dl __se_sys_ioprio_set __checkparam_dl __early_ioremap file_dentry_name find_mergeable_anon_vma acpi_tb_acquire_temp_table escaped_string do_SYSENTER_32 __fw_devlink_link_to_suppliers phys_p4d_init pgd_populate_init ip_addr_string trace_rpm_return_int_rcuidle __x64_sys_mbind tty_audit_fork __sys_setsockopt check_flush_dependency acpi_os_allocate_zeroed e820_print_type xas_nomem acpi_tb_install_table_with_override wake_up_and_wait_for_irq_thread_ready mp_register_ioapic_irq __kill_pgrp_info acpi_tb_get_table __x64_sys_perf_event_open pick_next_task_fair __down_timeout init_entity_runnable_average seq_buf_putc fpu__init_cpu kill_pid_info acpi_tb_put_table blk_queue_flag_test_and_set acpi_ut_get_mutex_name vsprintf nohz_balance_enter_idle console_unblank register_handler_proc acpi_ev_install_xrupt_handlers calculate_node_totalpages sysvec_irq_work get_cached_acl dev_xdp_prog_id skip_atoi ieee80211_if_remove vmap_pages_range_noflush tick_nohz_idle_exit __radix_tree_lookup vfs_getxattr rcu_sync_enter audit_classify_syscall io_wq_worker_sleeping arch_cpu_idle kernel_map_pages_in_pgd acpi_tb_verify_temp_table nl80211_set_wiphy kernfs_new_node device_remove_attrs zone_watermark_ok __se_compat_sys_sched_setaffinity __ia32_sys_timerfd_settime32 purge_fragmented_blocks_allcpus io_wqe_enqueue audit_mark_compare drain_zone_pages init_worker_pool __radix_tree_replace try_to_migrate e1000e_pm_thaw ieee80211_start_tx_ba_cb cpuhp_report_idle_dead fourcc_string memcmp_pages io_wq_worker_running mmap_region should_failslab blk_stat_add compact_finished destroy_compound_gigantic_page lru_add_drain_cpu_zone __x64_sys_setgroups16 shrink_zones ieee80211_report_used_skb rcu_note_context_switch show_pwq init_dl_task_timer _parse_integer_limit clocksource_arch_init ip_rcv_finish cpuhp_issue_call __kernfs_new_node pte_alloc_one number unix_dgram_sendmsg rb_buffer_peek __load_ucode_intel __ring_buffer_alloc __ia32_sys_mremap dev_pm_disable_wake_irq_check acpi_ev_get_gpe_xrupt_block pcpu_get_vm_areas cpuset_mems_allowed_intersects __ext4_read_dirblock __sprint_symbol do_vfs_ioctl blk_mq_handle_zone_resource need_active_balance shmem_add_to_page_cache put_task_struct_rcu_user __efi_memmap_init move_hugetlb_state pnp_check_irq sysctl_err ext4_expand_extra_isize_ea down_timeout memblock_insert_region insert_header optimize_nops alloc_fdtable __do_sys_brk acpi_tb_acquire_table address_val sg_ioctl ieee80211_send_bar trace_print_printk_msg_only rt_mutex_adjust_pi __ia32_compat_sys_ipc schedule_idle __ia32_sys_mkdir ext4_punch_hole kobj_ns_ops security_cred_free dentry_name balance_dirty_pages delete_from_swap_cache cpuset_nodemask_valid_mems_allowed exit_creds __kobject_del fragmentation_index rmqueue wait_on_page_bit __se_sys_io_uring_enter pcpu_find_block_fit __alloc_pages_slowpath clockevents_suspend security_perf_event_alloc move_pages_to_lru remove_hrtimer choose_new_asid seq_buf_putmem_hex timer_clear_idle cgroup_update_populated __x64_sys_pivot_root memblock_double_array audit_uid_comparator errname ext4_claim_free_clusters anon_vma_interval_tree_iter_next tick_broadcast_oneshot_active sysfs_slab_unlink _vm_unmap_aliases __up vfs_setlease __x64_sys_symlink arch_cpu_idle_exit init_kernel_text string sysfs_remove_dir acpi_thermal_zone_device_hot sysvec_reschedule_ipi seq_vprintf _get_random_bytes netlbl_mgmt_genl_init vprintk_deferred print_tainted ieee80211_set_power_mgmt __clockevents_switch_state page_add_new_anon_rmap early_memremap_pgprot_adjust try_to_unmap cgroup_propagate_frozen ext4_zero_partial_blocks cond_mitigation hrtimer_get_next_event trace_console_rcuidle tg3_self_test text_poke_queue __blk_mq_delay_run_hw_queue ___slab_alloc kobj_kset_leave ext4_put_super start_creating.24099 blk_mq_add_to_requeue_list dma_direct_mmap cgroup_free mtrr_type_lookup cpuidle_reflect __hrtimer_start_range_ns exp_funnel_lock cpuset_cpus_allowed_fallback free_pages_and_swap_cache cpuset_print_current_mems_allowed dl_param_changed zerocopy_sg_from_iter __zone_watermark_ok cfg80211_notify_new_peer_candidate pat_bp_init detect_ht do_smart_wakeup_zero __alloc_pages_direct_compact pcpu_alloc_area e1000e_pm_resume __vm_enough_memory restricted_pointer __se_sys_io_submit count_subheaders unmask_irq anon_vma_interval_tree_remove __schedule_bug tk_debug_account_sleep_time lockref_put_or_lock show_free_areas cfg80211_ft_event trace_rpm_idle_rcuidle switch_ldt dump_stack_lvl selnl_notify pick_next_task_idle sched_ttwu_pending arch_get_random_long sched_numa_find_closest __perf_event_task_sched_in vprintk_default tick_get_wakeup_device security_inode_free wb_stat_error get_nohz_timer_target azx_resume interval_tree_iter_next trace_rpm_resume_rcuidle mod_zone_page_state in_entry_stack get_stack_info ieee80211_build_data_template __x64_sys_setuid swake_up_locked flags_string cpuidle_enter ioc_create_icq rcu_dynticks_eqs_exit wait_iff_congested show_stack nl80211_wiphy_netns get_cached_acl_rcu device_pm_add oom_kill_process blk_mq_sched_dispatch_requests __rpm_callback radix_tree_extend __x64_sys_execve send_call_function_single_ipi crng_reseed kmalloc_slab get_data acpi_tb_initialize_facs page_get_anon_vma tick_get_tick_sched uuid_string nl80211_send_connect_result __kernel_text_address account_page_cleaned pm_qos_update_flags nl80211_frame_tx_status tick_nohz_restart_sched_tick __jump_label_patch do_mknodat account_idle_ticks kzalloc.28788 __is_insn_slot_addr clockevents_program_min_delta pm_runtime_new_link __unmap_pmd_range irq_pm_install_action crash_smp_send_stop free_pgtables create_io_thread rcu_init_geometry cfg80211_nan_match ops_init update_cpu_capacity __mnt_want_write_file dev_printk_emit update_vsyscall dup_mm ttwu_stat sr_block_ioctl ttwu_queue_wakelist clocksource_stop_suspend_timing ttwu_do_wakeup do_execveat_common process_random_ready_list defer_console_output rcu_dynticks_eqs_enter bus_remove_device __cpuset_node_allowed srcu_funnel_exp_start ieee80211_sta_ps_deliver_wakeup __do_sys_vfork rcu_needs_cpu fsnotify_compare_groups drm_crtc_get_sequence_ioctl cpuidle_find_deepest_state stop_machine_unpark do_clear_cpu_cap cpa_flush workqueue_sysfs_register __kmem_cache_create __delayacct_blkio_end lru_cache_add_inactive_or_unevictable xas_create panic_smp_self_stop write_inode efi_arch_mem_reserve xas_create_range trace_print_lat_context get_callchain_buffers rotate_reclaimable_page i915_driver_remove leave_mm memblock_alloc_range_nid free_time_ns lookup_one_len_unlocked bad_page synchronize_rcu_expedited_wait lookup_one free_pcp_prepare kmalloc_large_node pcpu_free_area mn_itree_inv_end print_stop_info __swap_entry_free_locked text_poke_loc_init reciprocal_value rcu_segcblist_init release_pages kernfs_add_one __cpuhp_state_add_instance_cpuslocked wake_up_klogd vmemmap_remap_free alloc_low_pages ieee80211_add_pending_skb get_next_timer_interrupt start_poll_synchronize_srcu trace_find_next_entry acpi_ut_update_ref_count __finish_swait trace_print_bputs_msg_only rb_advance_iter drm_crtc_queue_sequence_ioctl cpuidle_enter_s2idle ring_buffer_iter_empty symbol_string hex_string io_apoll_task_func register_leaf_sysctl_tables i8042_probe vprintk_store kmsg_poll slab_err isolate_lru_pages ieee80211_if_add iounmap adjust_managed_page_count unwind_next_frame ring_buffer_peek fwnode_get_name sel_write_checkreqprot kobject_put kvfree ___skb_get_hash rtnl_fill_ifinfo rcu_nmi_enter sync_rcu_exp_select_cpus evict migrate_enable kfree_skb_list flush_work dec_zone_page_state restore_reserve_on_error calibrate_delay down_read idr_replace ieee80211_set_disassoc dump_stack ___ratelimit kernel_text_address ioremap_cache ieee80211_send_addba_with_timeout d_find_any_alias on_each_cpu_cond_mask vbin_printf anon_inode_getfile io_schedule __ia32_sys_fsetxattr _dev_info __node_distance clear_page_mlock __lock_page rtmsg_ifinfo copy_from_kernel_nofault_allowed key_user_lookup perf_output_end check_vma_flags __ia32_compat_sys_ptrace kernfs_find_ns cr4_update_irqsoff set_next_entity acpi_parse_entries_array pcpu_populate_chunk ieee80211_open congestion_wait __x64_sys_sched_setaffinity ieee80211_tx_control_port dump_stack_print_info xa_load add_taint signalfd_cleanup tick_nohz_tick_stopped __srcu_read_lock rcuwait_wake_up prandom_u32 memchr __dev_pm_qos_remove_request machine_emergency_restart static_key_enable rb_insert_color balance_dirty_pages_ratelimited lockref_put_return show_trace_log_lvl mm_trace_rss_stat bitmap_fold load_ucode_ap check_slab mce_intel_feature_init __module_get __fw_devlink_link_to_consumers do_trace_read_msr check_tsc_unstable move_queued_task free_pages ext4_initxattrs blk_flush_plug_list __p4d_alloc enqueue_timer ieee80211_offchannel_return blk_start_plug tick_nohz_next_event sbitmap_prepare_to_wait amd_iommu_resume nl80211_stop_p2p_device sysrq_timer_list_show __mmu_notifier_invalidate_range_start cfg80211_auth_timeout cpumask_weight.7069 sscanf security_task_setscheduler kprobe_flush_task kernfs_get tick_nohz_idle_restart_tick peernet2id_alloc mpol_shared_policy_lookup __ia32_sys_sched_setattr __ieee80211_subif_start_xmit __kthread_create_on_node alloc_pages device_initial_probe __key_link_end microcode_sanity_check create_worker_cont rcu_segcblist_accelerate tick_get_device drm_file_free follow_invalidate_pte __irq_domain_alloc_fwnode __find_next_entry rb_prev acpi_os_write_memory acpi_ns_search_one_scope wake_up_q dx_probe sprint_symbol_no_offset proc_create_seq_private tracing_start_cmdline_record list_lru_del kill_fasync xas_find_conflict synchronize_rcu_expedited __pm_runtime_disable dump_header blk_mq_sched_restart mod_node_page_state acpi_processor_start map_ldt_struct poll_state_synchronize_srcu page_add_file_rmap audit_log_format acpi_tb_create_local_fadt acpi_penalize_sci_irq mp_find_ioapic jiffies_to_msecs e100_tx_timeout_task io_workqueue_create ext4_quota_off kfree ieee80211_mgd_probe_ap ida_free __ia32_sys_init_module osq_lock find_microcode_in_initrd ieee80211_reconfig show_opcodes free_pgd_range load_balance housekeeping_any_cpu acpi_install_fixed_event_handler acpi_battery_notify __proc_create assoc_array_cancel_edit rb_set_head_page put_pid software_node_notify_remove complement_pos finish_wait ___pte_free_tlb trace_event_enable_cmd_record key_instantiate_and_link skb_checksum_help qdisc_alloc blk_attempt_bio_merge acpi_enable_subsystem vm_brk_flags __module_address acpi_os_allocate_zeroed.32253 vscnprintf vt_event_post sysvec_call_function_single cgroup_enter_frozen get_builtin_firmware prb_read_valid __delete_from_page_cache cpus_read_unlock __mmap_lock_do_trace_acquire_returned ieee80211_dfs_cac_cancel kern_mount copy_huge_page move_to_new_page set_page_dirty cpudl_cleanup cgroup_freezer_migrate_task clocksource_start_suspend_timing page_mapped __ieee80211_sta_join_ibss call_rcu strchr __do_sys_mremap __qdisc_calculate_pkt_len io_schedule_timeout vm_mmap __schedule ext4_get_block_unwritten __fprop_inc_percpu_max drm_ioctl mutex_unlock blocking_notifier_chain_register cpumask_next_and acpi_hw_register_write proc_fork_connector vprintk kvmalloc_node _raw_spin_lock_bh trace_handle_return cn_proc_mcast_ctl kmsg_dump ieee80211_start_roc_work __memblock_find_range_top_down _raw_spin_lock_irq enter_lazy_tlb tick_get_broadcast_mask inet_bind __send_signal __update_ref_ctr tsc_store_and_check_tsc_adjust __vmalloc_node_range acpi_device_notify_remove device_get_devnode tick_check_broadcast_expired qdisc_create_dflt cpuhp_online_idle skb_crc32c_csum_help strlcpy ieee80211_roc_work numa_nodemask_from_meminfo notify_user_space __cfg80211_scan_done mutex_spin_on_owner drm_mode_obj_set_property_ioctl rmap_walk_anon ext4_quota_write __kmalloc drm_vblank_init vma_dup_policy trace_seq_printf wakeup_source_sysfs_remove wb_wakeup_delayed generic_ptrace_pokedata cpuhp_invoke_callback io_uring_mmap get_next_ino add_timer_on vmcoreinfo_append_str sysfs_remove_file_ns intel_modeset_init_noirq stop_one_cpu_nowait cpu_stop_queue_work set_task_cpu __x64_sys_ioctl update_sd_lb_stats perf_event_namespaces shmem_getpage_gfp perf_pmu_register sysvec_irq_move_cleanup update_group_capacity cfg80211_destroy_ifaces prepare_to_wait_exclusive file_path update_rt_rq_load_avg __msecs_to_jiffies node_page_state_pages fput raw_spin_rq_unlock trace_buffered_event_enable cfg80211_pmksa_candidate_notify __printk_safe_enter __delayacct_blkio_start hugetlb_basepage_index rebalance_domains pm_qos_sysfs_remove_resume_latency propagate_entity_load_avg __se_sys_fsetxattr try_to_unmap_flush_dirty device_link_add cgroup_migrate_execute register_console ieee80211_tx_8023 irq_chip_retrigger_hierarchy swake_up_one mcheck_cpu_init proc_entry_rundown devtmpfs_create_node allocate_trace_buffers ext4_bread security_file_alloc __register_sysctl_paths wb_dirty_limits clock rcu_gp_is_normal next_online_pgdat __do_munmap down audit_alloc get_random_bytes ext4_xattr_inode_get shmem_read_mapping_page_gfp ieee80211_auth_challenge ext4_ext_remove_space __udelay ida_alloc_range calibrate_delay_is_known init_dl_inactive_task_timer put_cred_rcu acpi_tb_checksum xas_clear_mark xas_store refcount_dec_and_lock get_task_policy cfg80211_new_sta register_pernet_subsys find_kallsyms_symbol ieee80211_roc_purge exit_to_user_mode_prepare free_pid __mpol_put syscall_exit_work __ieee80211_roc_work __task_pid_nr_ns cfg80211_sched_scan_results_wk __blk_mq_issue_directly set_memory_nx xhci_resume cpu_bugs_smt_update __srcu_read_unlock selnl_notify_setenforce __update_load_avg_blocked_se drm_mode_get_lease_ioctl on_freelist update_page_count timekeeping_suspend ip_setsockopt find_task_by_pid_ns nl80211_send_mlme_timeout do_coredump put_dec_trunc8 freezing_slow_path ieee80211_ibss_process_chanswitch xas_find_marked disable_irq_nosync ioremap_change_attr __uprobe_register __ia32_compat_sys_execveat mix_pool_bytes acpi_ev_initialize_events nla_reserve PageHuge restore_boot_irq_mode __ia32_sys_removexattr netif_schedule_queue __x64_sys_sched_setattr alloc_pages_vma do_mq_open __rq_qos_throttle vfs_parse_fs_string cpus_read_lock user_enable_block_step ieee80211_scan_cancel kmem_cache_alloc __ia32_sys_execveat page_move_anon_rmap device_pm_move_last wq_worker_running fsnotify_grab_connector console_sysfs_notify __cpuhp_setup_state __skb_checksum rtnl_fill_stats rcu_irq_enter_irqson __reset_isolation_pfn trace_seq_putmem d_path file_update_time alloc_large_system_hash down_read_killable ieee80211_dynamic_ps_enable_work vzalloc exc_general_protection memblock_alloc_try_nid_raw exc_bounds sbitmap_queue_wake_up memblock_alloc_internal pde_put __free_pages_ok __ieee80211_request_smps_mgd __ia32_sys_open_tree local_bh_enable.64552 memblock_remove_range dev_reset_queue panic perf_lock_task_context __kmem_cache_shutdown strrchr clear_page_dirty_for_io migrate_page_copy _raw_read_lock __x64_sys_move_pages trace_print_lat_fmt queued_read_lock_slowpath inode_cgwb_move_to_attached hrtimer_sleeper_start_expires __x64_sys_fsopen perf_log_throttle __delayacct_thrashing_start dev_set_name compat_ksys_ipc sk_destruct unwind_get_return_address bdev_name early_memremap ieee80211_stop_ap __update_load_avg_se get_user_pages_fast_only __tasklet_schedule_common __ia32_compat_sys_fcntl64 putback_lru_page uart_parse_earlycon idr_get_next sysfs_add_file_mode_ns finish_task_switch ns_to_timespec64 uprobe_write_opcode acpi_ged_request_interrupt ext4_add_nondir __sbitmap_queue_get free_percpu mntput __x64_sys_io_submit unregister_sysctl_table __lookup_slow kstrdup_const node_page_state percpu_ref_init do_fast_syscall_32 __mod_zone_page_state kobject_del path_openat kobject_init_and_add del_timer_sync update_dl_rq_load_avg kobject_add_internal acpi_os_table_override nla_put ieee80211_leave_ocb netlink_broadcast __fsnotify_vfsmount_delete tick_resume_oneshot kernfs_create_dir_ns __ia32_sys_setsockopt tick_set_periodic_handler debug_locks_off pcpu_block_update page_frag_free perf_event__output_id_sample nl80211_send_rx_auth security_task_getsecid_subj do_madvise update_rq_clock __kernfs_setattr idr_preload skb_copy_ubufs drm_master_put pcpu_mem_zalloc __add_to_page_cache_locked bio_endio __synchronize_srcu irq_work_queue cpudl_init mntput_no_expire node_random create_io_worker drain_local_pages sysfs_slab_add register_earlycon simple_release_fs page_mapping cgroup_leave_frozen linkwatch_forget_dev kobject_uevent print_trace_line dump_page acpi_ut_allocate_object_desc_dbg vmf_insert_pfn copy_from_user_nmi has_capability_noaudit kill_rules invoke_rcu_core _swap_info_get _raw_write_lock_irq blk_mq_do_dispatch_ctx memchr_inv trace_seq_bprintf munlock_vma_pages_range seq_buf_vprintf proc_invalidate_siblings_dcache ring_buffer_event_data crash_setup_regs blk_mq_get_tag ieee80211_tx_status_ext __ia32_sys_setfsuid exit_io_context __x64_sys_setregid device_links_read_lock mce_gen_pool_add queue_delayed_work_on ieee80211_send_nullfunc xa_erase static_key_slow_inc intel_sprite_set_colorkey_ioctl audit_put_chunk ieee80211_tx_status ring_buffer_iter_dropped acpi_ut_delete_generic_state __io_register_rsrc_update mm_init.4919 ring_buffer_iter_peek audit_log_key tg3_open ring_buffer_empty_cpu kobject_set_name_vargs __x64_sys_mknodat kobject_get_path add_timer ring_buffer_record_off set_page_dirty_lock page_anon_vma migrate_pages exar_pci_probe prb_first_valid_seq hub_event acpi_ut_push_generic_state load_mm_ldt __next_zones_zonelist lookup_one_unlocked ext4_xattr_security_get dev_addr_flush hrtimer_try_to_cancel nfnetlink_broadcast ext4_da_reserve_space irq_chip_pm_put trace_rpm_usage_rcuidle setup_APIC_eilvt delete_from_page_cache del_timer kobject_init __irq_domain_add ctx_sched_in cfg80211_pernet_exit proc_remove ctx_sched_out ext4_ext_shift_extents event_sched_out subtract_range efi_memmap_unmap sock_queue_err_skb arch_perf_update_userpage irq_work_needs_cpu __x64_sys_process_vm_writev klist_next memblock_search_pfn_nid tag_pages_for_writeback sched_clock_stable try_to_free_buffers ext4_split_extent rcu_barrier_func kmem_cache_create_usercopy intel_init_cmci show_workqueue_state __rb_insert_augmented acpi_match_platform_list dev_deactivate timekeeping_resume do_idle key_remove_domain invoke_tx_handlers_late do_send_specific __set_task_comm register_tracer tty_name rcu_segcblist_pend_cbs __ia32_sys_mknodat kobject_get dmar_iommu_hotplug reg_regdb_apply cpuidle_get_cpu_driver e100_set_ringparam lockref_get list_slab_objects tick_do_update_jiffies64 timekeeping_advance e820__mapped_all arch_cpu_idle_enter atomic_dec_and_mutex_lock __x64_sys_execveat rmap_walk fsnotify_put_group free_buffer_head delete_node inode_has_buffers PageMovable down_write_trylock drm_client_init apply_wqattrs_prepare check_bytes_and_report shrink_node rt_mutex_adjust_prio_chain __unfreeze_partials capable_wrt_inode_uidgid __wait_on_bit simple_strntoull cfg80211_rx_assoc_resp __cfg80211_leave ext4_put_io_end size_to_hstate resched_curr alloc_workqueue inc_node_page_state early_pci_allowed __blk_mq_tag_busy ieee80211_free_keys_iface get_task_mm acpi_thermal_notify __kmem_cache_alias ftrace_dump rtnl_set_sk_err chacha_permute tick_get_broadcast_device _free_event inode_update_time trace_clock_local xas_find cfg80211_rx_mlme_mgmt cfg80211_switch_netns __x64_sys_epoll_ctl proc_mkdir_mode visit_groups_merge perf_output_begin ptrace_may_access perf_event_header__init_id acpi_ec_ecdt_probe sort_r drm_dev_unplug __printk_wait_on_cpu_lock blocking_notifier_call_chain arch_stack_walk vunmap_range_noflush free_init_pages pcpu_create_chunk migrate_page_move_mapping handle_eject_request wb_start_background_writeback pr_cont_kernfs_name __cond_resched is_vmalloc_addr scsi_ioctl tick_clock_notify assoc_array_insert_set_object do_send_sig_info __linkwatch_run_queue kobject_uevent_env drm_master_release drain_pages task_active_pid_ns wakeup_flusher_threads assoc_array_insert rb_check_pages compat_ksys_shmctl acpi_hw_validate_register find_lock_entries dock_notify inode_io_list_del get_unused_fd_flags ptr_to_id early_memunmap audit_log_n_untrustedstring do_writepages flush_signal_handlers strcpy kernel_fpu_begin_mask __cgroup_account_cputime list_lru_add __mark_inode_dirty determine_cpu_tsc_frequencies slab_is_available audit_filter vma_interval_tree_iter_first d_invalidate sysfs_create_mount_point ring_buffer_set_clock is_bad_inode d_find_alias __cpuhp_remove_state percpu_counter_destroy __cpuhp_remove_state_cpuslocked ring_buffer_free __cpuhp_state_remove_instance set_rq_online workingset_age_nonresident _atomic_dec_and_lock trace_set_options ieee80211_sta_pspoll create_new_namespaces strim rq_attach_root ext4_convert_unwritten_extents ___pmd_free_tlb group_sched_out rcu_qs __x64_sys_acct atomic_notifier_chain_register swapin_readahead drm_dropmaster_ioctl warn_alloc __rb_allocate_pages inode_add_lru ring_buffer_normalize_time_stamp put_io_context ptep_set_access_flags crash_save_vmcoreinfo d_delete acpi_ut_acquire_mutex perf_compat_ioctl copy_cgroup_ns memtype_free task_will_free_mem drm_put_dev mutex_lock_killable flush_all_cpus_locked acpi_ns_internalize_name sg_write page_rmapping next_demotion_node submit_bio_noacct unmap_region __acpi_osi_setup_darwin kthread_probe_data __init_swait_queue_head inat_get_escape_attribute ring_buffer_consume bio_put blk_mq_sched_insert_request cgroup_fork __ieee80211_vht_handle_opmode vmacache_find security_secid_to_secctx idle_cpu region_del dev_vprintk_emit write_cache_pages account_kernel_stack klist_node_attached blk_mq_put_tag prepend_path kthread_is_per_cpu __sigqueue_alloc set_swbp load_ucode_intel_ap rb_allocate_cpu_buffer cgroup_attach_permissions ext4_insert_range tcp_get_timestamping_opt_stats acpi_get_override_irq clock_was_set_delayed acpi_hw_gpe_write __x64_sys_fsconfig refcount_dec_and_lock_irqsave tsx_clear_cpuid rcu_barrier arch_irq_work_raise __ia32_sys_fsmount __percpu_init_rwsem __page_file_index do_dma_probe pmu_dev_alloc __se_sys_ioctl detach_tasks shmem_swapin_page rtl8139_open downgrade_write dev_activate ext4_mknod irq_to_desc bio_will_gap __flush_tlb_all timekeeping_update zap_page_range hrtimer_start_range_ns msr_clear_bit ext4_da_get_block_prep irq_chip_pm_get ext4_rmdir d_set_d_op do_user_addr_fault __ia32_sys_setresuid local_bh_enable.63576 __pagevec_lru_add_fn __xas_next migrate_page_states percpu_ref_exit __do_fast_syscall_32 __mod_node_page_state sysvec_kvm_posted_intr_nested_ipi cgroup_propagate_control unmap_mapping_pages alloc_fresh_huge_page unlock_page up_write skb_dump __skb_gso_segment __x64_sys_rename cea_set_pte key_payload_reserve free_exit_list security_prepare_creds writeback_single_inode wake_up_new_task device_register __delay get_user_pages_remote user_path_create mmput __ia32_sys_adjtimex vmap_pages_p4d_range __skb_flow_dissect vfs_kern_mount vm_fault_ttm kauditd_send_multicast_skb __skb_tstamp_tx rb_first set_normalized_timespec64 get_task_exe_file blk_mq_free_request dl_bw_capacity is_acpi_device_node isolate_huge_page cfg80211_cac_event __put_anon_vma kmalloc_order_trace internal_create_group __blk_mq_end_request __ia32_sys_fcntl tick_setup_periodic sta_apply_parameters do_unblank_screen irq_domain_deactivate_irq replace_chunk add_wait_queue_exclusive is_module_text_address ext4_getblk register_sysctl_table __put_page __percpu_ref_switch_mode __cancel_work_timer dec_ucount user_enable_single_step kmem_cache_alloc_node wait_for_common_io perf_adjust_period wiphy_regulatory_register rcu_segcblist_first_pend_cb cpuacct_charge submit_bio dnotify_flush request_nmi register_reboot_notifier bdev_read_only get_gate_vma e100_open dev_get_stats sort_extable __mutex_init drm_mode_dirtyfb_ioctl cmci_recheck __remove_mapping cgroup_rstat_flush_locked profile_init efi_runtime_disabled pci_mmap_resource_wc queue_rcu_work errseq_sample xas_pause __wake_up_locked_key_bookmark audit_log_task_context compat_ksys_msgctl mp_find_ioapic_pin perf_uprobe_init __dev_queue_xmit skb_push __ia32_compat_sys_old_msgctl trace_printk_init_buffers __blk_mq_free_request __clocksource_select free_swap_slot arch_jump_label_transform_queue blk_update_request mtrr_type_lookup_variable debugfs_create_file tty_ldisc_init __set_cpus_allowed_ptr __clocksource_register_scale blk_finish_plug __fsnotify_update_child_dentry_flags get_user_pages_fast wait_for_completion_killable unregister_filesystem gen_pool_add_owner memcmp stop_machine_cpuslocked acpi_os_remove_interrupt_handler trace_empty rhashtable_init _raw_read_unlock_bh sbitmap_any_bit_set put_dec_full8 __refrigerator set_cursor cn_netlink_send ieee80211_sta_ps_transition gen_pool_create free_nsproxy blk_poll blk_mq_delay_run_hw_queues clear_huge_page __x64_sys_renameat nmi_uaccess_okay rht_key_hashfn.63926 kthread_create_on_node do_arch_prctl_64 __irq_set_trigger mutex_trylock out_of_memory get_mm_exe_file __x64_sys_io_uring_register __ia32_sys_ioperm arch_asym_cpu_priority __x64_sys_setfsuid put_io_context_active bio_add_page get_zeroed_page timens_commit clear_nlink remove_arg_zero acpi_ut_valid_object_type security_inode_alloc audit_log_lost __ia32_sys_mq_open __rq_qos_track vfs_parse_fs_param __se_sys_sched_setattr __nodes_weight.15372 autofs_root_compat_ioctl __key_link acpi_os_map_iomem umount_tree nl80211_send_disassoc __skb_get_hash filp_close __x64_sys_mremap kick_process drm_setmaster_ioctl nl80211_send_scan_start __drain_all_pages __ieee80211_tx ring_buffer_size cfg80211_control_port_tx_status blk_io_schedule prepare_signal crng_make_state is_trap_insn e1000e_open drm_mode_getplane_res acpi_ut_create_internal_object_dbg acpi_tb_resize_root_table_list interval_tree_insert __ia32_sys_rt_tgsigqueueinfo snprintf ext4_fill_super software_node_notify acpi_hw_write capable si_mem_available __page_cache_release __ia32_sys_fsopen __perf_event_header__init_id acpi_hw_disable_gpe_block free_unref_page dev_deactivate_many follow_huge_pmd_pte rcu_exp_wait_wake memblock_reserve security_task_free vfs_removexattr page_mkclean anon_vma_interval_tree_iter_first acpi_pci_root_remove up_read prep_compound_gigantic_page pm_qos_update_target send_sigio_to_task __cgroup_task_count hrtimer_forward __vm_insert_mixed acpi_get_subtable_type acpi_ns_get_type __alloc_file nlmsg_notify try_to_compact_pages rmap_walk_file _nohz_idle_balance strscpy __netif_schedule do_file_open_root iomem_map_sanity_check io_sqe_buffers_register mce_rdmsrl ieee80211_queue_skb ring_buffer_time_stamp __x64_sys_kill skb_network_protocol early_ioremap do_set_mempolicy exit_thread bio_split in_gate_area radix_tree_next_chunk __sched_setscheduler task_work_run tracefs_create_file find_next_best_node __alloc_percpu __x64_sys_mq_open __rq_qos_requeue sbitmap_queue_clear __gup_longterm_locked try_grab_compound_head __netif_napi_del tsc_read_refs alloc_unbound_pwq strnchr acpi_ex_unlink_mutex pktsched_init sysfs_create_file_ns audit_log_n_hex audit_init acpi_ut_pop_generic_state skb_under_panic key_alloc __set_cyc2ns_scale free_unref_page_commit wait_on_page_bit_common ieee80211_rx_napi exit_task_namespaces switch_mm ll_back_merge_fn bus_probe_device calc_global_load rcu_nmi_exit logfc __synchronize_hardirq is_ucounts_overlimit audit_log_untrustedstring groups_search ext4_write_begin biovec_slab __siphash_unaligned put_fs_context round_jiffies __audit_inode_child __pagevec_lru_add fwnode_handle_get strchrnul get_slabinfo __filemap_fdatawait_range alloc_pages_exact mark_tsc_unstable dev_get_phys_port_id security_free_mnt_opts memcpy_fromio cache_from_obj load_misc_binary __rdgsbase_inactive remove_proc_subtree acpi_ut_update_object_reference ata_host_activate ext4_writepage skb_queue_tail skb_ensure_writable acpi_ut_add_reference is_software_node ieee80211_build_hdr async_synchronize_cookie_domain __slab_free irq_shutdown ext4_init_security blk_account_io_done rcu_read_unlock_strict ioam6_init alloc_fd create_worker memtype_reserve free_cgroup_ns init_rescuer e820__mapped_any __ia32_sys_setdomainname netlink_attachskb add_dirent_to_buf kallsyms_lookup_buildid rt_mutex_setprio swap_page_sector sel_write_context rcu_cpu_starting put_unbound_pool ext4_xattr_inode_read get_pfn_range_for_nid ieee80211_tx_pending drop_nlink vmalloc_to_page __get_user_pages device_wakeup_disable make_empty_dir_inode __x64_sys_pipe nsec_to_clock_t set_user_nice bio_advance tsc_verify_tsc_adjust send_sig_info is_swbp_insn efi_update_mappings __ia32_sys_getxattr update_srbds_msr irq_domain_activate_irq machine_check_poll __crash_kexec sprintf get_user_pages __local_bh_enable_ip is_subdir extract_entropy driver_deferred_probe_del console_trylock rtnl_is_locked hrtimer_cancel __ia32_sys_renameat2 arch_tlbbatch_flush posix_lock_inode hugetlb_fault devres_release_all irq_set_affinity_locked __zerocopy_sg_from_iter cpu_smt_disable acpi_ns_delete_node in_gate_area_no_mm iget_locked fsnotify_put_mark pin_user_pages_locked async_synchronize_full ieee80211_stop_tx_ba_cb netif_skb_features acpi_ut_get_type_name synchronize_net scan_microcode pagevec_lookup_range_tag io_sq_thread __mcheck_cpu_init_generic __setup_irq sugov_init copy_p4d_range clockevents_shutdown ipcget __ieee80211_scan_completed sync_global_pgds audit_log_task_info apply_wqattrs_commit sch_direct_xmit down_write_killable page_is_ram do_rmdir kobject_get_ownership __x64_sys_mmap wake_up_sem_queue_prepare x86_read_arch_cap_msr print_cpu rcu_sync_exit check_preempt_curr netdev_master_upper_dev_get_rcu e1000_open dev_get_alias plist_del cleanup_mnt ieee80211_txq_setup_flows add_device_randomness ieee80211_auth.73053 skb_trim qdisc_destroy kernfs_find_and_get_ns cpumask_weight.10657 read_cache_page dev_get_port_parent_id fsnotify_detach_mark audit_filter_inodes submit_bio_wait ext4_new_meta_blocks set_tls_desc do_smart_update mnt_pin_kill put_pid_ns netdev_core_pick_tx housekeeping_test_cpu bdev_read_page sysrq_handle_unrt ieee80211_gtk_rekey_add init_idle __mmu_notifier_subscriptions_destroy flush_smp_call_function_queue rtnl_notify drm_mode_getcrtc vsnprintf sysfs_warn_dup vma_interval_tree_iter_next clocksource_mark_unstable _find_first_bit ext4_clear_blocks ext4_should_retry_alloc do_set_thread_area idr_get_free write_inode_now to_ratio __ia32_sys_mount_setattr memblock_free __kernfs_create_file __irq_domain_activate_irq mce_setup module_address_lookup memblock_phys_alloc_range ieee80211_prepare_and_rx_handle pm_runtime_drop_link __io_uring_free copy_process fixup_user_fault do_softirq __x64_sys_setns ieee80211_rx_list pm_runtime_reinit kfree_const do_symlink skb_mac_gso_segment xas_load huge_add_to_page_cache __vma_adjust __submit_bio bio_attempt_discard_merge __dev_printk bus_uevent_store netdev_state_change cpumask_any_and_distribute tty_set_ldisc __tlb_remove_page_size local_bh_enable xdp_rxq_info_unreg_mem_model follow_huge_addr schedule_preempt_disabled inet6_init patch_retpoline rtnl_register_internal truncate_cleanup_page cleanup_single_sta chacha_block_generic bio_alloc_bioset __blk_mq_try_issue_directly copy_thread blk_mq_end_request alloc_chunk idr_remove ene_override prepare_task_switch link_css_set __clk_get_name kernel_fpu_end tick_oneshot_mode_active __nlmsg_put install_breakpoint sysfs_slab_release blk_queue_flag_set rht_bucket_nested __ext4_link put_callchain_buffers __x64_sys_fspick acpi_ns_get_secondary_object kblockd_mod_delayed_work_on strnlen yield snd_dma_iram_mmap idr_for_each blk_mq_rq_ctx_init ieee80211_alloc_hw_nm lru_add_drain_cpu ext4_bread_batch __register_sysctl_table ieee80211_purge_tx_queue rtnl_lock show_iret_regs perf_try_init_event security_key_alloc blake2s_update ieee80211_clear_tx_pending __kthread_should_park xdp_rxq_info_unreg hpet_readl acpi_os_write_port acpi_tb_invalidate_table down_read_trylock insert_vmap_area pwq_activate_first_inactive strcmp auditd_test_task __perf_event_overflow copy_semundo dev_get_iflink ring_buffer_event_length sched_clock_cpu flush_tlb_batched_pending ieee80211_send_smps_action ext4_xattr_security_set blk_account_io_start pgd_free sched_clock_idle_sleep_event __blkdev_issue_discard do_page_add_anon_rmap cn_proc_init tick_nohz_idle_stop_tick _printk_deferred finish_mkwrite_fault skb_checksum cd_forget _raw_spin_lock_irqsave _atomic_dec_and_lock_irqsave ieee80211_offchannel_stop_vifs __bitmap_complement _raw_read_lock_bh faultin_vma_page_range ieee80211_report_low_ack ioremap_page_range acpi_ut_repair_name efi_memmap_alloc sync_rcu_exp_select_node_cpus scan_swap_map_slots shrink_lock_dentry acpi_tb_uninstall_table register_module_notifier acpi_warning __percpu_counter_compare acpi_ns_opens_scope do_renameat2 locks_release_private has_bh_in_lru prb_next_seq gen_pool_alloc_algo_owner acpi_ev_delete_gpe_block fd_install deactivate_locked_super acpi_write_bit_register end_page_writeback ext4_compat_ioctl free_netdev fold_diff init_dmars perf_event_alloc __blk_mq_alloc_request vprintk_emit hrtimer_active locks_remove_posix fwnode_get_nth_parent audit_log_end blk_queue_enter posix_cputimers_group_init sysvec_apic_timer_interrupt ext4_get_block fprop_fraction_percpu ieee80211_add_pending_skbs __next_timer_interrupt device_bind_driver css_set_move_task list_lru_destroy kmalloc_array.11217 calc_wheel_index __get_locked_pte insn_get_immediate bit_waitqueue putname event_define_fields kmsg_release slab_fix __early_pfn_to_nid do_shrink_slab dev_driver_string acpi_ns_delete_children fault_in_safe_writeable fprop_global_init __set_cpus_allowed_ptr_locked ieee80211_key_free csum_partial netlbl_init alloc_vfsmnt __radix_tree_preload put_unused_fd apply_retpolines __ia32_compat_sys_io_submit __put_task_struct nl80211_exit cpu_init_exception_handling noist_exc_debug sbitmap_get __rq_qos_merge tick_nohz_idle_retain_tick wait_for_completion_io __ia32_sys_setreuid internal_get_user_pages_fast async_schedule_node_domain acpi_ut_get_descriptor_name wake_q_add __set_pte_vaddr ata_pci_sff_init_one nr_context_switches anon_vma_fork acpi_hw_set_mode kernfs_node_from_dentry initialize_tlbstate_and_flush unmap_mapping_page cpu_init blk_bio_list_merge debugfs_create_dir __x64_sys_remap_file_pages get_swap_page blk_dump_rq_flags interval_tree_iter_first update_attr ieee80211_send_4addr_nullfunc mark_page_accessed static_key_slow_inc_cpuslocked nv_self_test audit_tree_lookup audit_ctl_unlock acpi_ns_attach_object x86_gsbase_read_task madvise_populate wake_q_add_safe acpi_os_read_memory __ia32_sys_move_pages ftrace_find_event __mcheck_cpu_cap_init close_pdeo __ieee80211_channel_switch ktime_get_mono_fast_ns mce_available post_init_entity_util_avg __blk_queue_split mempolicy_in_oom_domain cpuset_mem_spread_node exc_coprocessor_error sbitmap_finish_wait tc_action_init __rq_qos_done_bio ieee80211_add_station __update_load_avg_cfs_rq exit_files __x64_sys_open_by_handle_at trace_buffered_event_disable __ftrace_set_clr_event_nolock refcount_dec_not_one fwnode_get_name_prefix __dquot_alloc_space ftrace_set_clr_event show_mem ip_rcv_finish_core load_elf_binary.17892 __cpuhp_state_add_instance __dquot_free_space early_enable_events filter_cpuid_features sysfs_do_create_link_sd e100_up __smp_call_single_queue ieee80211_report_wowlan_wakeup hrtimer_init_sleeper __ftrace_vbprintk acct_clear_integrals _drm_lease_held schedule_hrtimeout_range_clock __get_user_pages_remote set_pfnblock_flags_mask mod_delayed_work_on alloc_huge_page wait_task_inactive flush_workqueue_prep_pwqs kvasprintf kernfs_remove cachemode2protval irq_set_affinity ieee80211_sta_rx_queued_ext __skb_ext_put radix_tree_delete_item out_of_line_wait_on_bit __x64_sys_fsetxattr try_to_unmap_flush send_sig pm_qos_sysfs_remove_flags ext4_ext_correct_indexes lru_add_drain_all assoc_array_apply_edit process_vm_rw_single_vec rtnl_register __pti_set_user_pgtbl arch_vma_name do_pipe2 __pm_pr_dbg proc_alloc_inum add_to_swap_cache init_wait_var_entry __se_sys_socketcall tracing_set_tracer kmalloc_order dequeue_huge_page_nodemask kvasprintf_const flush_workqueue __unmap_hugepage_range process_vm_rw key_schedule_gc_links __rtnl_unlock page_remove_rmap device_remove_file sched_post_fork acpi_os_delete_semaphore prune_tree_chunks i915_gem_context_setparam_ioctl __radix_tree_delete __ia32_sys_setxattr allocate_file_region_entries set_secondary_fwnode cpuidle_select inat_get_group_attribute core_kernel_text path_setxattr release_user_cpus_ptr region_add perf_ioctl memtype_kernel_map_sync irq_work_sync __ia32_compat_sys_rt_sigqueueinfo register_pm_notifier ring_buffer_record_enable get_gate_page set_rq_offline acpi_ns_get_node prealloc_shrinker __lock_task_sighand blk_rq_init cpuset_read_lock _raw_write_lock exc_int3 copy_from_kernel_nofault netlink_has_listeners __prepare_to_swait kthread_bind_mask vfree cpumask_weight.7317 kernfs_link_sibling __nodes_weight strreplace slab_pad_check __pageblock_pfn_to_page shrink_page_list ns_capable interval_tree_remove set_task_rq_fair cgroup1_check_for_release hpet_late_init memunmap parse_monolithic_mount_data __mpol_dup extend_brk filter_assign_type acpi_error __ia32_sys_adjtimex_time32 reset_disabled_cpu_buffer acpi_cppc_processor_probe __wake_up_parent nl80211_set_reg fsnotify_find_mark nla_put_ifalias rcu_irq_enter blk_queue_exit drm_mode_revoke_lease_ioctl schedule_hrtimeout mq_clear_sbinfo _find_first_zero_bit ptrace_notify remove_nodes __x64_sys_msgctl azx_probe_work clear_IO_APIC follow_hugetlb_page access_process_vm irq_init_percpu_irqstack cfg80211_mgmt_tx_status wq_worker_sleeping task_join_group_stop fsnotify_destroy_mark jump_label_transform kzalloc.24760 __x64_sys_symlinkat cpu_idle_poll native_flush_tlb_multi d_walk acpi_ns_walk_namespace do_shm_rmid vma_mmu_pagesize arch_cpu_idle_dead __e820__mapped_all shm_destroy_orphaned abort_creds init_srcu_struct uprobe_mmap prepare_creds alloc_huge_page_vmemmap get_swap_device __ia32_sys_mkdirat key_set_index_key dev_get_phys_port_name x86_init_rdrand sysfs_create_groups acpi_video_device_notify __key_link_lock __ns_get_path stop_machine assoc_array_walk alloc_perf_context pagevec_lru_move_fn igrab memblock_setclr_flag _raw_read_lock_irqsave rcu_idle_enter __do_sys_io_uring_register acpi_ev_init_global_lock_handler __free_pages key_schedule_gc __x64_sys_rmdir keyring_alloc uart_ioctl synchronize_srcu pgprot2cachemode nla_reserve_64bit dup_fd uevent_net_rcv_skb snapshot_compat_ioctl __key_link_begin __do_once_start perf_swevent_event tty_kref_put __x64_sys_mknod kobject_create_and_add __writeback_single_inode queued_write_lock_slowpath memblock_isolate_range kernfs_create_link device_initialize __x64_sys_tkill __get_task_comm acpi_ns_detach_object __do_once_done audit_panic __put_super wakeup_kcompactd init_unlink bus_for_each_drv __const_udelay __static_call_init alloc_ucounts mempool_alloc audit_kill_trees mock_drm_getfile __access_remote_vm acpi_tb_parse_root_table bitmap_onto radix_tree_node_rcu_free ieee80211_unregister_hw unpin_user_pages wake_up_var ieee80211_tx_frags ring_buffer_resize mce_wrmsrl selinux_policy_commit page_vma_mapped_walk is_cpu_allowed ext4_xattr_set_entry prepare_set x86_fsbase_read_task hugetlb_acct_memory pid_vnr unmap_vmas clockevents_program_event intel_guc_engine_failure_process_msg __append_e820_table clocksource_default_clock copy_tree identify_cpu mq_init_ns inc_ucount do_trace_netlink_extack generic_ptrace_peekdata blk_mq_handle_dev_resource kernfs_get_inode __cpuset_memory_pressure_bump lookup_swap_cache set_nlink _credit_init_bits vma_interval_tree_insert radix_tree_insert memblock_alloc_try_nid install_thread_keyring_to_cred tracing_update_buffers p4d_populate_init ipc_obtain_object_check perf_addr_filters_splice kcalloc.14778 cond_synchronize_rcu cgroup_freezing kthread_set_per_cpu __percpu_counter_sum sta_info_destroy_addr alloc_file print_modules __netlink_lookup security_fs_context_parse_param consume_skb __nodes_weight.15267 skb_put clear_posix_cputimers_work clear_sched_clock_stable drop_buffers acpi_tb_notify_table __fget_files unlock_new_inode get_seccomp_filter ___perf_sw_event mutex_lock dentry_unlink_inode memtype_lookup strnlen_user page_swap_info rht_key_hashfn.64681 ext4_append get_symbol_pos __ia32_sys_io_setup truncate_inode_pages_range __x64_sys_setgid16 _printk __ia32_sys_sethostname netlink_unicast ieee80211_sta_tear_down_BA_sessions ptrace_stop copy_mnt_ns cfg80211_process_disassoc arch_smt_update srcu_gp_start_if_needed register_irq_proc acpi_ns_lookup huge_pte_offset vm_area_dup lookup_one_common klist_remove copy_net_ns ieee80211_rx_mgmt_beacon free_swap_and_cache audit_log_start klist_iter_init_node audit_log_vformat proc_symlink ring_buffer_attach qdisc_hash_add tlb_gather_mmu tty_register_ldisc fpu__drop arch_get_vdso_data clear_cpu_cap security_sb_free recalc_sigpending inc_nlink debugfs_slab_release acpi_put_table __do_sys_remap_file_pages acpi_container_offline ieeee80211_obss_color_collision_notify fsnotify_get_mark cfg80211_tdls_oper_request __perf_sw_event mutex_is_locked copy_fs_struct vma_is_special_mapping netdev_run_todo fsnotify_free_mark load_script vm_munmap msleep acpi_ns_externalize_name audit_filter_rules vfs_get_tree devres_log request_any_context_irq exit_sem tick_suspend_broadcast dev_get_flags rb_update_pages __perf_event_account_interrupt audit_ctl_lock __mpol_equal bio_attempt_back_merge blk_flush_complete_seq tracing_start_tgid_record __audit_free __split_vma perf_group_detach dmi_match list_del_event register_filesystem set_tracer_flag swap_readpage e820__update_table __x64_sys_setreuid __var_waitqueue ext4_ext_clear_bb put_ctx acpi_read_bit_register blk_mq_dispatch_rq_list __create_dir fc_drop_locked mpol_set_nodemask ktime_get __ia32_sys_setfsgid16 attach_entity_load_avg ext4_xattr_set seq_buf_bprintf down_trylock hsw_hw_config get_ucounts __cfg80211_ibss_joined kthread_should_stop kernel_clone kernel_thread clocksource_select_watchdog cpu_stop_create rcu_start_this_gp swap_free _raw_spin_unlock_bh cpupri_init uart_port_activate init_srcu_struct_fields unmap_mapping_range cgroup_finalize_control __ia32_sys_ioprio_set __dl_clear_params __netdev_printk bio_attempt_front_merge audit_log_exit tracepoint_probe_unregister krealloc add_tracer_options io_submit_sqes pcpu_block_update_hint_alloc bio_chain kthread_unpark mqueue_create __swap_entry_free synchronize_rcu sock_diag_broadcast_destroy get_user_pages_locked __tasklet_schedule wait_for_common lsm_append tracepoint_probe_register_prio __acpi_unmap_table get_stack_info_noinstr _prb_read_valid __ia32_sys_io_uring_setup acpi_ev_delete_gpe_xrupt get_filesystem security_set_bools rcu_sync_init stack_trace_save siphash_1u64 radix_tree_lookup irq_pm_remove_action htree_dirblock_to_tree compaction_suitable __printk_safe_exit drm_lease_held __unwind_start __get_free_pages memblock_find_in_range_node fsnotify_destroy_marks perf_event_fork update_blocked_averages housekeeping_cpumask __ia32_sys_sched_setparam put_swap_page get_xps_queue ieee80211_cancel_remain_on_channel ext4_move_extents invert_screen alloc_desc cache_disable_1_store __ia32_sys_move_mount trace_rpm_suspend_rcuidle memblock_add_range lookup_one_len __free_one_page acpi_ds_scope_stack_push compat_ksys_old_shmctl iput sched_set_fifo put_dec vfs_create_mount bpf_flow_dissect strcspn vmemmap_remap_alloc acpi_ut_validate_exception pti_clone_pgtable netdev_master_upper_dev_get if_nlmsg_size rcu_irq_exit_irqson __ia32_sys_symlink flush_tlb_mm_range punt_bios_to_rescuer init_cgroup_root msg_print_ext_body show_state_filter ioremap_wc truncate_inode_pages_final need_update zap_page_range_single wake_up_nohz_cpu __mmdrop ptep_clear_flush save_microcode_patch percpu_ref_kill_and_confirm __printk_cpu_trylock vt_set_leds_compute_shiftstate pwq_adjust_max_active cfg80211_ready_on_channel down_write get_dump_page open_softirq complete retrigger_next_event console_unlock __page_mapcount cn_netlink_send_mult hide_cursor cpumask_next_wrap acpi_hw_write_multiple do_try_to_free_pages update_curr cfg80211_sched_scan_stop_wk jiffies_to_usecs ktime_get_real_seconds setup_earlycon clocks_calc_mult_shift fwnode_string machine_kexec ieee80211_free_keys idr_find css_populate_dir do_setlink hw_breakpoint_restore switch_mm_irqs_off __mnt_drop_write_file put_prev_entity dec_rlimit_put_ucounts vfree_atomic put_filesystem free_vm_area follow_page wait_for_completion hex_dump_to_buffer io_worker_handle_work clockevents_resume pageout deactivate_slab file_ns_capable vm_unmap_aliases finish_swait free_kthread_struct acpi_ut_create_generic_state memremap __ia32_sys_setgroups16 tick_suspend update_misfit_status queue_work_on __x64_sys_shmctl copy_creds vm_iomap_memory acpi_locate_initial_tables wait_for_device_probe __ia32_sys_symlinkat flush_tlb_func default_idle_call __x64_sys_renameat2 flush_tlb_local qdisc_reset kernfs_path_from_node ieee80211_send_delba kstrdup cgroup_rstat_init swapcache_free_entries kthread_data native_set_fixmap seq_bprintf netdev_bits get_cmdline acpi_os_acquire_lock tracing_set_clock resource_string __thaw_task reg_process_self_managed_hint __percpu_counter_init vfs_dedupe_file_range cpumask_weight static_key_count errseq_set set_direct_map_invalid_noflush rtc_dev_compat_ioctl __destroy_inode xas_set_mark alloc_pid ti1250_override _raw_spin_trylock inode_io_list_move_locked __flush_work hrtimer_init send_sigio ext4_quota_on audit_remove_mark kmem_cache_alloc_trace ieee80211_reset_ap_probe parse_options.35058 simple_recursive_removal plist_add filemap_fdatawait_range __ia32_sys_mknod kobject_add clone_mnt dev_pm_set_dedicated_wake_irq apply_trace_boot_options lru_add_drain rcu_gp_is_expedited next_zone __wb_update_bandwidth e820__range_remove nl80211_send_assoc_timeout ieee80211_rx_handlers migrate_disable perf_output_copy __vma_link_list atomic_notifier_call_chain __mutex_lock cpumask_any_but tty_compat_ioctl acpi_ev_install_sci_handler radix_tree_maybe_preload log_buf_len_update kern_path_create free_pcppages_bulk wake_up_page_bit in_task_stack hrtimers_resume_local cgroup_setup_root record_print_text create_task_io_context rcu_is_watching ext4_evict_inode wakeup_source_sysfs_add kill_ioctx x86_stepping drm_vblank_worker_init cfg80211_report_wowlan_wakeup redraw_screen calc_load_nohz_stop perf_event_update_userpage __ia32_compat_sys_rt_tgsigqueueinfo sched_dl_overflow kexec_crash_loaded __blk_mq_get_tag pid_nr_ns rcu_force_quiescent_state security_inode_permission lookup_constant rcu_dynticks_inc up cfg80211_remain_on_channel_expired kmem_cache_free page_referenced device_pm_check_callbacks kvfree_call_rcu ns_get_path emergency_restart kernel_execve vmacache_update hrtimer_reprogram sched_cgroup_fork proc_create_data wait_on_page_writeback putback_movable_pages nl80211_send_sched_scan bio_devname __alloc_pages __alloc_percpu_gfp kernfs_activate isolate_or_dissolve_huge_page srcu_gp_start aio_write read_current_timer xlate_dir text_poke_early string_escape_mem sched_setscheduler_nocheck device_pm_lock acpi_ut_valid_name_char sprint_symbol sk_filter_trim_cap device_create_file __queue_work __mutex_lock_slowpath __printk_cpu_unlock nl80211_send_ap_stopped sprint_backtrace syscall_init vfs_setxattr pgd_clear_bad __ia32_sys_renameat perf_clear_dirty_counters get_cpu_entry_area blk_mq_insert_requests tracing_reset_online_cpus acpi_os_release_lock pti_user_pagetable_walk_pmd __dev_kfree_skb_any int_sqrt start_creating drm_mode_setcrtc sysfs_create_dir_ns format_decode check_object shrink_active_list __try_to_reclaim_swap rcu_report_exp_cpu_mult set_kthread_struct prepare_to_swait_event execlists_context_cancel_request device_links_driver_cleanup cfg80211_stop_sched_scan_req rb_next ktime_get_real_ts64 __fsnotify_inode_delete tick_program_event usb_add_hcd acpi_bios_error find_vm_area dec_rlimit_ucounts _raw_spin_unlock_irqrestore acpi_hw_get_bit_register_info nl80211_send_mlme_event kmem_cache_create rcu_segcblist_entrain clockevents_switch_state ieee80211_color_change_finalize sort kernfs_create_root find_vma __cpuhp_setup_state_cpuslocked ktime_get_seconds nl80211_send_remain_on_chan_event rb_erase __acpi_get_override_irq do_syscall_64 __delayacct_thrashing_end __ia32_compat_sys_socketcall unaccount_page_cache_page apply_wqattrs_cleanup set_memory_4k __printk_ratelimit __qdisc_run __down_write_common ieee80211_hw_roc_start cleanup_glue_dir zone_watermark_ok_safe mod_timer pid_task numa_add_memblk_to set_primary_fwnode ns2usecs __x64_sys_mmap_pgoff amd_filter_mce __kmalloc_track_caller find_cpio_data __lru_add_drain_all cfg80211_tx_mgmt_expired zone_absent_pages_in_node cgroup_css_set_put_fork native_tss_update_io_bitmap skip_spaces wake_up_state hugetlb_total_pages rcu_accelerate_cbs smp_call_function_single swap_do_scheduled_discard __note_gp_changes rmqueue_bulk do_read_cache_page remove_wait_queue swap_cluster_readahead generic_exec_single idr_destroy __skb_clone sysfs_remove_group wake_const_ops SEQ_printf region_intersects put_ipc_ns acpi_os_create_semaphore find_get_entries do_update_region perf_event_create_kernel_counter devtmpfs_delete_node acpi_hw_read_multiple cpumask_next next_arg llist_reverse_order prepare_to_wait_event __xa_clear_mark fwnode_handle_put lru_cache_add kasprintf blk_rq_merge_ok numa_default_policy sk_error_report init_dl_bw cfg80211_rx_unprot_mlme_mgmt ieee80211_csa_finalize try_to_grab_pending bust_spinlocks set_cpus_allowed_ptr __mcheck_cpu_init_vendor gcd free_irq __bitmap_clear change_page_attr_set_clr rcu_all_qs mlock_vma_page __filemap_set_wb_err __ia32_sys_mmap print_tickdevice irq_activate lookup_address_in_pgd _find_next_bit expand_files apply_alternatives cgroup_rstat_exit apply_constraint read_pci_config set_memory_rw kstrdup_quotable_cmdline fget_raw alternatives_smp_module_add __wake_up acpi_hw_write_port earlycon_init rb_event_length get_page_from_freelist pcpu_alloc acpi_table_parse_entries_array acpi_ns_search_and_enter native_init_IRQ drain_slots_cache_cpu sysvec_call_function cgroup_update_frozen inet6_bind netlink_deliver_tap __text_poke print_hex_dump ktime_get_coarse_real_ts64 ktime_get_with_offset unlink_anon_vmas ktime_get_update_offsets_now tracepoint_probe_register insert_vmap_area_augment __jump_label_update smp_call_function_many_cond __se_sys_msgctl clear_IO_APIC_pin cfg80211_ch_switch_notify copy_time_ns queued_spin_lock_slowpath put_css_set_locked module_put __put_net __ia32_sys_linkat arch_cpu_idle_prepare locks_get_lock_context flush_tlb_kernel_range dput __x64_sys_move_mount __percpu_down_read __memblock_free_late cfg80211_del_sta_sinfo strlen unblank_screen oom_badness __se_sys_perf_event_open set_origin fs_context_for_mount proc_register bitmap_list_string trace_find_cmdline register_die_notifier exit_fs __ktime_get_real_seconds send_signal cfg80211_destroy_iface_wk update_ref_ctr peernet2id __bitmap_set __wait_rcu_gp pud_clear_bad earlycon_map rb_get_reader_page ptrace_request kernfs_iop_listxattr blk_mq_get_driver_tag tracefs_create_dir acpi_os_signal_semaphore cfg80211_dfs_channels_update_work kthread_stop __x64_sys_open_tree deactivate_super __cond_resched_lock raw_notifier_call_chain rcu_segcblist_advance io_worker_cancel_cb __add_preferred_console timekeeping_notify __early_set_fixmap get_state_synchronize_rcu __change_page_attr_set_clr alloc_file_pseudo ring_buffer_overruns ieee80211_s1g_tx_twt_setup_fail tracepoint_add_func sysfs_remove_link make_alloc_exact raw_spin_rq_lock_nested select_fallback_rq mntget css_tryget_online_from_dir find_get_pages_range_tag enable_drhd_fault_handling static_key_enable_cpuslocked tty_ldisc_reinit prot_none_pte_entry activate_task acpi_tb_validate_rsdp rpm_resume nl80211_trigger_scan arch_jump_label_transform_apply fsnotify_recalc_mask apply_microcode_early is_console_locked text_poke_bp_batch __virt_addr_valid blk_mq_run_hw_queue _raw_spin_lock __x64_sys_io_setup x86_model destroy_workqueue insert_resource __insert_resource rtl_open do_setxattr do_set_cpus_allowed __blk_mq_run_hw_queue net_disable_timestamp time64_to_tm device_unregister parse_slub_debug_flags __warn_printk kernfs_put sysfs_remove_groups populate_vma_page_range raise_softirq_irqoff ring_buffer_iter_advance __vmalloc rwsem_spin_on_owner dequeue_skb kernfs_remove_by_name_ns expand_downwards __kernfs_remove llist_add_batch init_wait_entry fq_flow_reset refresh_cpu_vm_stats __delayacct_freepages_start bdevname slab_bug allow_direct_reclaim fcntl_setlease tick_resume pick_next_entity ext4_htree_fill_tree compact_zone __rb_erase_color set_direct_map_default_noflush isolate_migratepages_block __update_and_free_page __mmu_notifier_invalidate_range_end free_contig_range rcu_eqs_enter swp_swap_info free_huge_page_vmemmap security_task_alloc __mmap_lock_do_trace_start_locking drm_mode_create_lease_ioctl unwind_get_return_address_ptr get_pfnblock_flags_mask rtnl_net_fill ata_pci_sff_activate_host extfrag_for_order security_sb_set_mnt_opts __reset_isolation_suitable sum_zone_node_page_state __vunmap strstr remove_vm_area perf_event_init_task pmd_huge mp_override_legacy_irq migration_entry_wait list_sort pointer d_instantiate getxattr security_d_instantiate device_reorder_to_tail sel_write_access rcu_report_dead add_event_to_ctx swap_count_continued netdev_pick_tx newidle_balance housekeeping_enabled debugfs_lookup rcu_report_qs_rnp init_timer_key static_key_disable_cpuslocked __mmap_lock_do_trace_released exc_segment_not_present match_string native_write_cr0 acpi_get_table_header do_notify_parent_cldstop memblock_remove_region __ieee80211_disconnect arch_release_task_struct idr_alloc radix_tree_iter_tag_clear radix_tree_iter_replace memblock_is_region_reserved acpi_os_unmap_iomem ___pskb_trim gen_kill_estimator bitmap_ord_to_pos sync_global_pgds_l5 skb_over_panic audit_get_tty alloc_fs_context I_BDEV vmf_insert_pfn_prot insn_get_displacement __mod_timer zap_p4d_range scan_containers insn_get_prefixes isolate_movable_page sysctl_print_dir mask_irq inat_get_opcode_attribute zap_pte_range insn_get_opcode verify_patch lmce_supported ext4_ext_rm_idx __static_call_update tick_get_broadcast_oneshot_mask memtype_erase __dentry_kill strncpy_from_user strncmp bus_add_device percpu_counter_add_batch gfp_pfmemalloc_allowed inat_get_avx_attribute tsx_dev_mode_disable unregister_console user_disable_single_step __ksize build_id_parse _find_last_bit pmd_clear_bad rtnl_net_notifyid __x64_sys_fsmount strsep __mm_populate vmap_p4d_range complete_all raise_softirq __vma_unlink_list set_fs_root sky2_open put_task_stack path_get mempool_free drm_mode_rmfb_ioctl kmem_cache_destroy __ia32_sys_ioctl debugfs_remove __mutex_unlock_slowpath pin_kill unix_seqpacket_sendmsg simple_pin_fs rpm_idle mce_read_aux __mmu_notifier_invalidate_range skb_clone ext4_truncate acpi_unbind_one __x64_sys_swapoff audit_log_d_path reuseport_detach_sock acpi_os_release_object console_verbose init_and_link_css smp_call_function_many ipc_init_ids free_uid namespace_unlock __next_node_in acpi_scan_is_offline rtnl_fill_vf groups_free key_put putback_active_hugepage available_idle_cpu schedule sysfs_notify _raw_read_unlock_irqrestore vmap_small_pages_range_noflush lwt_xmit_func_proto inherit_task_group pud_huge io_queue_worker_create task_work_cancel_match sched_show_task ieee80211_do_stop device_links_busy inode_permission proc_create_single_data cgroup_addrm_files try_to_del_timer_sync print_bad_pte insn_rip_relative ptrace_readdata kernfs_setattr __se_sys_setgroups16 wakeup_kswapd locks_free_lock_context reweight_entity cgroup_apply_cftypes find_extend_vma kernfs_destroy_root rebind_subsystems idr_alloc_cyclic cgroup_apply_control ntp_tick_length percpu_up_write blk_status_to_errno signal_wake_up_state machine_crash_shutdown __detach_mounts k8_check_syscfg_dram_mod_en blk_mq_request_bypass_insert can_migrate_task perf_event_mmap cgroup_file_notify device_release_driver_internal cgroup_migrate_prepare_dst second_overflow percpu_down_write ieee80211_cqm_beacon_loss_notify __wake_up_locked device_release_driver cgroup_migrate_add_src auditsc_get_stamp __acpi_map_table stack_type_name cgroup_apply_control_enable sta_info_destroy_addr_bss radix_tree_tag_get alloc_empty_file skb_release_head_state ext4_mpage_readpages sk_free acpi_ac_notify sched_clock_idle_wakeup_event zone_set_pageset_high_and_batch io_bitmap_exit split_lock_verify_msr pgd_alloc blkdev_issue_discard sched_clock_tick ata_pci_init_one nr_iowait_cpu spp_getpage __vma_reservation_common acpi_hw_get_mode lockdep_assert_cpus_held find_suitable_fallback __free_slab tick_broadcast_oneshot_control unregister_shrinker vsscanf switch_to_new_gdt pm_qos_read_value __cancel_dirty_page rmqueue_pcplist try_to_release_page acpi_pci_root_add rwsem_mark_wake alloc_buddy_huge_page skb_panic audit_log_n_string __ia32_sys_sched_setscheduler kfree_skb_reason arch_jump_label_transform_static modify_user_hw_breakpoint profile_handoff_task security_release_secctx cpumask_weight.5849 __perf_event_task_sched_out pit_hpet_ptimer_calibrate_cpu freq_qos_apply efi_mem_type exc_stack_segment load_fixmap_gdt set_pte_vaddr get_device_parent fill_pud device_add acpi_get_table exc_alignment_check load_direct_gdt bcmp kmemdup_nul free_area_init_node ext4_xattr_ibody_set zone_spanned_pages_in_node mnt_change_mountpoint __wrgsbase_inactive __update_idle_core early_printk osq_unlock __next_mem_pfn_range kmsg_read shrink_inactive_list print_track early_pfn_to_nid kmemdup cpuidle_not_available audit_compare_dname_path schedule_timeout_idle memtype_check_insert acpi_tb_install_standard_table trace_seq_putmem_hex __d_lookup_rcu hard_smp_processor_id firmware_map_add_entry register_lapic_address sysfs_create_group x86_match_cpu acpi_ut_release_mutex arch_memremap_can_ram_remap huge_node d_alloc_parallel trace_seq_puts acpi_os_vprintf unregister_handler_proc acpi_os_printf acpi_os_unmap_memory hcd_died_work acpi_exception ptrace_writedata acpi_install_global_event_handler blk_mq_dequeue_from_ctx acpi_os_wait_semaphore intel_init_lmce tk_setup_internals earlycon_print_info rb_advance_reader __request_percpu_irq simple_strtoull _parse_integer_fixup_radix acpi_tb_validate_table new_inode register_shrinker mp_save_irq mpc_ioapic_id acpi_sci_ioapic_setup __ia32_compat_sys_open_by_handle_at sysfs_merge_group vmf_insert_mixed acpi_table_parse_madt __x64_sys_mount_setattr kernfs_drain_open_files memblock_free_ptr dmi_check_system llist_del_first prepare_to_wait memparse acpi_ut_get_event_name validate_xmit_skb proc_mkdir device_add_groups __x64_sys_seccomp e1000_diag_test.52512 task_participate_group_stop __show_regs audit_filter_syscall vc_is_sel check_multiple_madt clear_selection acpi_ns_get_node_unlocked acpi_table_initrd_scan generic_processor_info e820__range_add __e820__range_add tracing_stop_cmdline_record intel_gt_handle_error skb_warn_bad_offload security_locked_down exc_divide_error ext4_lookup gen_pool_destroy free_reserved_area cn_cb_equal __kernel_physical_mapping_init vunmap_p4d_range acpi_ut_valid_internal_object find_inode_fast efi_mem_reserve native_write_cr4 efi_mem_desc_lookup acpi_ut_remove_reference __e820__range_update acpi_tb_release_temp_table update_wall_time strncpy acpi_tb_print_table_header __read_swap_cache_async new_inode_pseudo sprint_symbol_build_id acpi_ut_valid_nameseg ieee80211_process_measurement_req device_node_string early_memremap_prot dump_cpu_task blk_recalc_rq_segments acpi_info put_ucounts vm_area_free klist_dec_and_del path_put drm_mode_getproperty_ioctl __x64_sys_ioprio_set netdev_warn mac_address_string profile_hits early_iounmap rcu_inkernel_boot_has_ended copy_strings device_pm_remove __ia32_sys_link cpu_startup_entry locks_unlink_lock_ctx flush_smp_call_function_from_idle flush_tlb_one_kernel timekeeping_max_deferment acpi_tb_init_table_descriptor ntp_get_next_leap unmap_page_range put_device memblock_is_region_memory text_poke_bp __sta_info_destroy_part1 rcu_segcblist_enqueue security_sk_free device_links_unbind_consumers generic_permission device_set_wakeup_capable amd_iommu_enable_interrupts simple_set_acl wake_up_process tlb_gather_mmu_fullmm sysfs_create_link acpi_thermal_zone_device_critical fpu_clone tlb_flush_mmu qdisc_hash_del e1000_io_resume.52620 cfg80211_unregister_wdev get_option do_set_pte ext4_xattr_block_set post_set tick_nohz_idle_enter pat_init trace_seq_putc d_alloc_anon get_fixed_ranges __call_rcu try_to_free_swap time_and_date first_online_pgdat domain_dirty_limits kmsg_open __free_pages_core zone_reclaimable_pages print_trailer try_to_wake_up tlb_finish_mmu __x64_sys_umount __debugfs_create_file fsnotify put_compound_head wake_up_bit __d_instantiate security_file_send_sigiotask ext4_ind_map_blocks current_time ieee80211_get_buffered_bc inode_init_always exc_coproc_segment_overrun ext4_symlink __d_lookup_done __ia32_sys_timerfd_create wakeup_source_unregister add_wait_queue lockref_get_not_dead ext4_rename_dir_prepare timerqueue_iterate_next __d_alloc drm_sysfs_hotplug_event change_mnt_propagation perf_event_text_poke __lookup_mnt insn_decode schedule_timeout_uninterruptible __pud_alloc shrink_dcache_parent d_lookup __d_lookup tg3_start in_group_p cache_disable_0_store memblock_merge_regions get_acl kernfs_notify dmi_matches acpi_os_map_memory put_mnt_ns device_del get_task_pid get_vfs_caps_from_disk rcu_sync_func set_intr_gate task_curr __vfs_getxattr fprop_reflect_period_percpu security_inode_getsecid inc_rlimit_ucounts get_vm_area_caller audit_comparator acpi_enable_event __wake_up_sync_key acpi_hw_register_read ieee80211_cqm_rssi_notify tty_jobctrl_ioctl workingset_eviction acpi_hw_read_port acpi_os_read_port acpi_hw_read reg_query_database walk_system_ram_range ___cfg80211_scan_done blk_mq_flush_plug_list css_has_online_children acpi_clear_event ksys_unshare acpi_ev_create_gpe_block dev_hard_start_xmit threshold_restart_bank acpi_hw_validate_io_block __init_waitqueue_head arch_static_call_transform acpi_enable drm_lease_filter_crtcs __alloc_pages_bulk __get_vm_area_node __x64_sys_adjtimex_time32 ieee80211_recalc_ps jump_label_update ihold alloc_vmap_area get_cpu_cap perform_atomic_semop __mmput __kfree_skb setup_clear_cpu_cap drm_mode_gamma_set_ioctl vmap __pagevec_release load_ucode_amd_ap insn_get_modrm vm_normal_page linear_hugepage_index __ia32_compat_sys_fcntl __x64_sys_setfsgid16 isolate_lru_page vma_is_secretmem __oom_reap_task_mm anon_vma_clone free_swap_cache anon_vma_interval_tree_insert scnprintf add_to_swap __put_cred cpuset_mems_allowed report_frozen_detected uprobe_end_dup_mmap get_random_u64 __dev_pm_qos_resume_latency __kmalloc_node io_wq_enqueue free_unref_page_list do_sched_setscheduler pskb_expand_head irq_startup copy_pte_range clockevents_tick_resume __rq_qos_done regulatory_set_wiphy_regd_sync sysvec_error_interrupt timer_reduce sync_mm_rss swap_duplicate find_css_set __device_attach i915_gem_object_userptr_submit_init __swap_duplicate __pmd_alloc reserve_pfn_range linkwatch_do_dev add_uevent_var try_module_get __vma_link_rb blk_try_enter_queue __x64_sys_adjtimex free_vmap_area_noflush security_vm_enough_memory_mm report_error_detected uprobe_dup_mmap get_random_u32 deactivate_task task_work_add static_key_disable newseg simple_strtoul complete_signal parse_args __pte_alloc schedule_timeout ext4_xattr_delete_inode select_idle_routine pat_disable drain_workqueue cmci_discover klist_del ext4_ext_insert_extent lapic_get_maxlvt acpi_os_stall mca_msr_reg disable_err_thresholding vm_stat_account device_links_force_bind acpi_ns_remove_node wakeup_sysfs_add skb_release_data ring_buffer_record_disable acpi_get_table_by_index __xfrm_state_destroy ___xfrm_state_destroy ext4_readdir security_capable nf_conntrack_destroy dst_release __trace_early_add_events net_ratelimit __ftrace_event_enable_disable _copy_from_user netlink_broadcast_filtered __anon_vma_prepare register_pernet_operations task_set_jobctl_pending __sk_free __delete_from_swap_cache proc_free_inum __pskb_pull_tail acpi_bind_one skb_copy_bits dev_queue_xmit trace_event_follow_fork __alloc_skb tick_resume_check_broadcast ksize __ia32_sys_mmap_pgoff mce_amd_feature_init blk_stat_add_callback __kmalloc_node_track_caller __x64_sys_delete_module do_mmap enable_step kmem_cache_alloc_bulk add_to_page_cache_lru rtmsg_ifinfo_build_skb rcu_irq_exit read_pci_config_byte __lock_page_or_retry lockref_mark_dead read_pci_config_16 __se_sys_io_setup name_to_int x86_family __down_read_common test_clear_page_writeback bstr_printf fwnode_full_name_string device_remove_groups sched_fork idt_setup_from_table tsc_enable_sched_clock nla_put_64bit acpi_pm_read_verified __copy_skb_header is_hpet_enabled dev_fwnode refcount_warn_saturate __ia32_sys_setregid device_links_read_unlock enable_irq ext4_rename_dir_finish timerqueue_add __irq_put_desc_unlock hugetlb_page_mapping_lock_write dput_to_list irq_do_set_affinity ext4_setent timerqueue_del __irq_get_desc_lock __pm_runtime_set_status pm_runtime_enable _dev_warn sem_init_ns __pm_runtime_barrier cancel_work_sync pwq_dec_nr_in_flight wakeup_source_deactivate _dev_err sel_open_policy klist_add_tail netlink_set_err sel_write_validatetrans klist_iter_exit lookup_positive_unlocked klist_iter_init get_device blkdev_ioctl copy_namespaces __pm_runtime_idle device_pm_unlock pagecache_get_page __pm_runtime_resume fw_devlink_parse_fwtree do_trace_write_msr async_schedule_node acpi_osi_setup driver_bound ieee80211_tasklet_handler acpi_ns_install_node device_link_drop_managed sysfs_unmerge_group perf_iterate_sb wakeup_sysfs_remove sel_read_policy klist_init percpu_rwsem_wait rpm_suspend acpi_format_exception handle_mm_fault per_cpu_ptr_to_phys request_threaded_irq init_espfix_ap kmem_cache_alloc_node_trace __ia32_sys_perf_event_open acpi_tb_override_table shrink_dentry_list untrack_pfn io_submit_one io_queue_async_work drop_sysctl_table irq_disable xas_init_marks clear_inode device_remove_properties ring_buffer_change_overwrite efi_sync_low_kernel_mappings acpi_ut_create_update_state_and_push acpi_processor_driver_init dpm_sysfs_remove cgroup_cancel_fork drm_dev_unregister __mutex_lock_killable_slowpath ieee80211_roc_notify_destroy mark_oom_victim calibration_delay_done acpi_ut_remove_address_range acpi_ns_get_internal_name_length try_enable_new_console qdisc_put_stab blake2s_final clocksource_resume retain_dentry sysvec_x86_platform_ipi ext4_da_write_begin arch_uprobe_analyze_insn intel_filter_mce apply_workqueue_attrs filter_mce sync_global_pgds_l4 __swp_swapcount swapcache_prepare __handle_mm_fault perf_event_comm cpuset_read_unlock __ia32_sys_syslog reweight_task apic_smt_update sysfs_delete_link __ia32_sys_mlock __dev_xmit_skb __x64_sys_mlock2 worker_enter_idle xmit_one return_unused_surplus_pages reg_todo walk_mem_res sysfs_update_groups uprobe_munmap unmap_single_vma cfg80211_radar_event __delayacct_tsk_init init_rmdir percpu_counter_set ext4_mb_new_blocks queue_work_node cr4_read_shadow propagate_umount acpi_processor_stop destroy_context_ldt tracing_stop_tgid_record __vmalloc_node inc_rlimit_get_ucounts seq_buf_putmem alloc_surplus_huge_page free_huge_page policy_nodemask clear_gigantic_page add_to_page_cache_locked acpi_table_parse put_files_struct acpi_ns_build_internal_name alloc_thread_stack_node arch_dup_task_struct wiphy_unregister __x64_sys_setxattr dup_user_cpus_ptr audit_string_contains_control ieee80211_send_null_response audit_log_pid_context copy_utsname copy_ipcs copy_pid_ns vdso_join_timens get_task_io_context __ioremap_caller rcu_eqs_exit set_fs_pwd d_alloc_pseudo autofs_dev_ioctl_compat unmap_pmd_range fput_many cgroup_can_fork dma_mmap_noncontiguous __ptrace_link attach_pid ext4_xattr_set_handle cgroup_post_fork uprobe_copy_process cfg80211_sched_scan_stopped_locked security_audit_rule_match kill_engines audit_exe_compare security_perf_event_free __x64_sys_timerfd_create free_uts_ns acpi_ut_delete_object_desc __wake_up_pollfree perf_event_free_task __clocksource_update_freq_scale __key_instantiate_and_link trace_event_enable_tgid_record ring_buffer_reset_online_cpus __down inode_wait_for_writeback __tick_broadcast_oneshot_control __vfs_setxattr_locked p4d_clear_bad wb_update_dirty_ratelimit truncate_exceptional_pvec_entries delete_from_page_cache_batch munlock_vma_page blk_mq_sched_assign_ioc constrained_alloc rcu_idle_exit ioremap_wt fc_mount read_persistent_clock64 __init_rwsem ntp_clear cfg80211_cqm_beacon_loss_notify huge_pmd_unshare irq_work_single ip4_addr_string_sa __delayacct_freepages_end =o= --- DONE! --- ------------STATISTICS--------------- 49790 : Functions greeted 1458 : External functions 0 : Discovered Path 0 : Matched Path 95426 : Good Path 2550 : Bad Path 125649 : Ignored Path 0 : Path Unable to Resolve 0 : Resolved CallSite Using Function Pointer 1699 : Critical Functions 288 : Critical Variables 0 : # of times max depth for forward analysis hit 0 : # of times max depth for backward analysis hit 167273 : Critical Function Pointer Unable to Resolve, Collect Pass 347 : Critical Function Pointer Resolved, Collect Pass 12647 : Critical Functions used by non CallInst 65991 : Critical Functions used by static assignment 709 : # of times indirect call site matched with critical functions 53333 : # of times indirect call site failed to match with critical functions 0 : found capability check inside call using function ptr 290 : number of critical function skipped(uniq)